[syslog-ng]SEC and SYSLOG-NG
Sawall, Christopher L
syslog-ng@lists.balabit.hu
Tue, 1 Jul 2003 14:58:35 -0500
This is a multi-part message in MIME format.
------_=_NextPart_001_01C3400B.27B7590C
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
I'm trying to use SEC now, instead of SWATCH. Any progress on getting
things up on your website?
If I manually run against a log file, it works great, but I'm trying to
integrate it into syslog-ng.
I saw a post where you showed the following:
#######################################
destination d_sec {=20
program("/usr/local/sbin/sec.pl -input=3D\"-\"
-conf=3D/usr/local/etc/sec.conf >/var/log/sec.err 2>&1");=20
=20
};
# send all logs to sec
log {=20
source(src);
filter(f_not_brightmail);
destination(d_sec);=20
};
#######################################
I made up my own filter to include all facilities so as to watch for
everything. But I'm not getting it to work, it never reports back. If
I do a "ps -ef", I can see that syslog-ng did start up the SEC
process... but no luck.
Any help would be appreciated.
Thanks,
Chris
*******************************
The information contained in this message may be privileged and/or=
confidential and=20
protected from disclosure. If the reader of this message is not the=
intended recipient,=20
or an employee or agent responsible for delivering this message to the=
intended recipient,=20
you are hereby notified that any dissemination, distribution or copying of=
this=20
communication is strictly prohibited. Note that any views or opinions=
presented in this=20
message are solely those of the author and do not necessarily represent=
those of Ameren.=20
All emails are subject to monitoring and archival. Finally, the recipient=
should check=20
this message and any attachments for the presence of viruses. Ameren=
accepts no liability=20
for any damage caused by any virus transmitted by this email. If you have=
received this in=20
error, please notify the sender immediately by replying to the message and=
deleting the=20
material from any computer. Ameren Corporation=20
*******************************
------_=_NextPart_001_01C3400B.27B7590C
Content-Type: text/html;
charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; charset=
=3Dus-ascii">
<META NAME=3D"Generator" CONTENT=3D"MS Exchange Server version 6.0.6249.1">
<TITLE>SEC and SYSLOG-NG</TITLE>
</HEAD>
<BODY>
<!-- Converted from text/rtf format -->
<P><FONT SIZE=3D2 FACE=3D"Arial">I'm trying to use SEC now, instead of=
SWATCH. Any progress on getting things up on your website?</FONT>
</P>
<P><FONT SIZE=3D2 FACE=3D"Arial">If I manually run against a log file, it=
works great, but I'm trying to integrate it into syslog-ng.</FONT>
</P>
<P><FONT SIZE=3D2 FACE=3D"Arial">I saw a post where you showed the=
following:</FONT>
</P>
<P><FONT SIZE=3D2 FACE=
=3D"Arial">#######################################</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">destination d_sec { </FONT>
<BR><FONT SIZE=3D2 FACE=
=3D"Arial"> =
program("/usr/local/sbin/sec.pl -input=3D\"-\" -conf=
=3D/usr/local/etc/sec.conf >/var/log/sec.err 2>&1"); </FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial"> </FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">};</FONT>
</P>
<P><FONT SIZE=3D2 FACE=3D"Arial"># send all logs to sec</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">log { </FONT>
<BR><FONT SIZE=3D2 FACE=
=3D"Arial"> source(src);</FONT>
<BR><FONT SIZE=3D2 FACE=
=3D"Arial"> =
filter(f_not_brightmail);</FONT>
<BR><FONT SIZE=3D2 FACE=
=3D"Arial"> destination(d_sec);=
</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">};</FONT>
<BR><FONT SIZE=3D2 FACE=
=3D"Arial">#######################################</FONT>
</P>
<P><FONT SIZE=3D2 FACE=3D"Arial">I made up my own filter to include all=
facilities so as to watch for everything. But I'm not getting it to=
work, it never reports back. If I do a "ps -ef", I can see=
that syslog-ng did start up the SEC process… but no luck.</FONT></P>
<P><FONT SIZE=3D2 FACE=3D"Arial">Any help would be appreciated.</FONT>
</P>
<P><FONT SIZE=3D2 FACE=3D"Arial">Thanks,</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">Chris</FONT>
</P>
</BODY>
</HTML><table><tr><td bgcolor=3D#ffffff><font color=
=3D#000000><pre>*******************************
The information contained in this message may be privileged and/or=
confidential and=20
protected from disclosure. If the reader of this message is not the=
intended recipient,=20
or an employee or agent responsible for delivering this message to the=
intended recipient,=20
you are hereby notified that any dissemination, distribution or copying of=
this=20
communication is strictly prohibited. Note that any views or opinions=
presented in this=20
message are solely those of the author and do not necessarily represent=
those of Ameren.=20
All emails are subject to monitoring and archival. Finally, the recipient=
should check=20
this message and any attachments for the presence of viruses. Ameren=
accepts no liability=20
for any damage caused by any virus transmitted by this email. If you have=
received this in=20
error, please notify the sender immediately by replying to the message and=
deleting the=20
material from any computer. Ameren Corporation=20
*******************************
</pre></font></td></tr></table>
------_=_NextPart_001_01C3400B.27B7590C--