[syslog-ng]syslog-ng and regex
David Mallwitz
syslog-ng@lists.balabit.hu
Mon, 24 Feb 2003 14:03:42 -0500
Micha,
Since you are using private IP addressing space, and you don't indicate
that you have a DNS set up to resolve the xenia and kaliba names it may
be better for you to try something like:
filter xenia { host("192.168.1.2"); };
Dave
Micha Holzmann wrote:
> Hello,
>
> i am very new at syslog-ng and at its list. I am running two Debian
> GNU/Linux boxes. One as a DSL Router and the other as my workstation.
>
> Today i have installed syslog-ng via apt-get (1.5.15-1.1).
>
> I tried to setup remote logging. I want my router/firewall logging
> additional to my workstation. On the router i have the following entries
> in syslog-ng.conf
>
>
> Hostname of router = xenia
>
>
>>--- cut here ----
>
> destination loghost {udp("192.168.1.1" port(514));};
> log { source(src); destination(loghost); };
>
>>--- cut here ----
>
>
>
> Hostname of workstation = kaliba
> On my workstation i have in syslog-ng.conf:
>
>
>>--- cut here ----
>
> destination rlogging { file("/var/log/syslog-ng/$HOST/syslog.log"
> sync(0) log_fifo_size(10) create_dirs(yes) owner(root)
> group(system) perm(0660) dir_perm(0770)); };
>
> filter f_xenia { match("xenia"); };
>
> log { source(src); filter(f_xenia); destination(rlogging); };
>
>>--- cut here ----
>
>
>
> I am not sure if this setup is correct. May you can give me some
> advices. If it is necessary to have my configs, please tell me, i will
> post them afterwards.
>
> Now i have a seceond question, on my workstation runs a cron job which
> looks for new antivir definition file or new program version (binary
> file). I tried to put the syslog entries in a separate file.
>
> Can i use regex in the match()? May like this:
> match("antivir\[[0-9]+\]") to catch antivir[19129]
>
>
>
>>--- cut here ----
>
> destination antivir { file("/var/log/antivir.log"); };
> filter f_antivir { match("kaliba antivir"); };
> log { source(src); filter(f_antivir); destination(antivir); };
>
>>--- cut here ----
>
>
> But the logfile entries does not arrive in /var/log/antivir.log.
> Did i anything wrong?
>
> Best regards,
> Micha Holzmann
>