[syslog-ng]config help
Nicholas Bernstein
syslog-ng@lists.balabit.hu
25 Mar 2003 15:36:10 -0800
What I think this should be doing:
reads src, parses, creates file, writes to file, next.
at the very least it it not doing the write. I would imagine more, but
I'm not sure how I can tell.
Could someone please take a look at the config file and tell me if I am
doing something wrong?
The examples of the type of data I'm looking for:
ftp:
Mar 25 14:38:22 da2 ftp(pam_unix)[12722]: session opened for user nick
by (uid=0)
Mar 25 14:39:45 da2 ftpd[12995]: wu-ftpd - TLS settings: control
allow, client_cert allow, data allow
Mar 25 14:39:49 da2 ftp(pam_unix)[12995]: session opened for user nick
by (uid=0)
fw:
Mar 23 23:23:34 da2 kernel: IN=eth0 OUT=
MAC=00:08:02:b0:67:c1:00:50:54:ff:12:6a:08:00 SRC=68.69.59.21
DST=192.168.210.13 LEN=60 TOS=0x00 PREC=0x00 TTL=42 ID=43080
PROTO=ICMP TYPE=8 CODE=0 ID=512 SEQ=23547
Mar 23 23:23:34 da2 kernel: IN= OUT=eth0 SRC=192.168.210.13
DST=68.69.59.21 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=55063 PROTO=ICMP
TYPE=0 CODE=0 ID=512 SEQ=23547
TIA!
Nick
syslog-ng.conf:
--------------------------------------------
options { sync (0);
time_reopen (10);
log_fifo_size (1000);
long_hostnames (off);
use_dns (no);
use_fqdn (no);
#MY ADDITIONS:
create_dirs (yes);
dir_owner(root);
dir_group(wheel);
dir_perm(775);
keep_hostname (yes);
owner(root);
group(wheel);
perm(660);
};
# A LOT OF THIS IS STANDARD TO THE EXAMPLE CONFIG... SKIP TO <MY
ADDITIONS>
# THE REST IS PROVIDED FOR COMPLETENESS & CONTEXT
source s_sys { pipe ("/proc/kmsg" log_prefix("kernel: ")); unix-stream
("/dev/log"); internal(); };
destination d_cons { file("/dev/console"); };
destination d_mesg { file("/var/log/messages"); };
destination d_auth { file("/var/log/secure"); };
destination d_mail { file("/var/log/maillog"); };
destination d_spol { file("/var/log/spooler"); };
destination d_boot { file("/var/log/boot.log"); };
destination d_cron { file("/var/log/cron"); };
destination d_mlal { usertty("*"); };
filter f_filter1 { facility(kern); };
filter f_filter2 { level(info) and
not (facility(mail)
or facility(authpriv) or facility(cron)); };
filter f_filter3 { facility(authpriv); };
filter f_filter4 { facility(mail); };
filter f_filter5 { level(emerg); };
filter f_filter6 { facility(uucp) or
(facility(news) and level(crit)); };
filter f_filter7 { facility(local7); };
filter f_filter8 { facility(cron); };
# <MY ADDITIONS>
# FTPD RULES BELOW +++++++++++++++++++++++++++++++++
destination ftpd { file("/var/log/ftpd.log"); };
filter f_ftpd { facility(kern) and match ("ftpd"); };
log { source(s_sys); filter(f_ftpd); destination(ftpd); };
#
# BELOW IS STANDARD TO THE EXAMPLE CONFIG
#
# FIREWALL RULES ++++++++++++++++++++++++++++++++++
destination d_fw { file("/var/log/firewall.log"); };
filter f_fw { facility(kern) and match (": IN="); };
log { source(s_sys); filter(f_fw); destination(d_fw); };
# </MY ADDITIONS>
log { source(s_sys); filter(f_filter1); destination(d_cons); };
#
# BELOW IS STANDARD TO THE EXAMPLE CONFIG
#
log { source(s_sys); filter(f_filter2); destination(d_mesg); };
log { source(s_sys); filter(f_filter3); destination(d_auth); };
log { source(s_sys); filter(f_filter4); destination(d_mail); };
log { source(s_sys); filter(f_filter5); destination(d_mlal); };
log { source(s_sys); filter(f_filter6); destination(d_spol); };
log { source(s_sys); filter(f_filter7); destination(d_boot); };
log { source(s_sys); filter(f_filter8); destination(d_cron); };
--
+---------------------------------------------------------------+
| Nicholas Bernstein | nick@docmagic.com |
| UNIX Systems Administrator | http://www.docmagic.com |
| Document Systems Inc. | |
+---------------------------------------------------------------+