[syslog-ng]config help

Nicholas Bernstein syslog-ng@lists.balabit.hu
25 Mar 2003 15:36:10 -0800


What I think this should be doing: 
reads src, parses, creates file, writes to file, next. 
at the very least it it not doing the write. I would imagine more, but
I'm not sure how I can tell.

Could someone please take a look at the config file and tell me if I am
doing something wrong?

The examples of the type of data I'm looking for: 

ftp: 

Mar 25 14:38:22 da2 ftp(pam_unix)[12722]: session opened for user nick
by (uid=0)
Mar 25 14:39:45 da2 ftpd[12995]: wu-ftpd - TLS settings: control
allow, client_cert allow, data allow
Mar 25 14:39:49 da2 ftp(pam_unix)[12995]: session opened for user nick
by (uid=0)

fw: 

Mar 23 23:23:34 da2 kernel: IN=eth0 OUT=
MAC=00:08:02:b0:67:c1:00:50:54:ff:12:6a:08:00 SRC=68.69.59.21
DST=192.168.210.13 LEN=60 TOS=0x00 PREC=0x00 TTL=42 ID=43080
PROTO=ICMP TYPE=8 CODE=0 ID=512 SEQ=23547
Mar 23 23:23:34 da2 kernel: IN= OUT=eth0 SRC=192.168.210.13
DST=68.69.59.21 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=55063 PROTO=ICMP
TYPE=0 CODE=0 ID=512 SEQ=23547

TIA!
Nick


syslog-ng.conf:
--------------------------------------------
options { sync (0);
        time_reopen (10);
        log_fifo_size (1000);
        long_hostnames (off);
        use_dns (no);
        use_fqdn (no);
#MY ADDITIONS:
        create_dirs (yes);
        dir_owner(root);
        dir_group(wheel);
        dir_perm(775);
        keep_hostname (yes);
        owner(root);
        group(wheel);
        perm(660);
        };


# A LOT OF THIS IS STANDARD TO THE EXAMPLE CONFIG... SKIP TO <MY
ADDITIONS>
# THE REST IS PROVIDED FOR COMPLETENESS & CONTEXT 

source s_sys { pipe ("/proc/kmsg" log_prefix("kernel: ")); unix-stream
("/dev/log"); internal(); };

destination d_cons { file("/dev/console"); };
destination d_mesg { file("/var/log/messages"); };
destination d_auth { file("/var/log/secure"); };
destination d_mail { file("/var/log/maillog"); };
destination d_spol { file("/var/log/spooler"); };
destination d_boot { file("/var/log/boot.log"); };
destination d_cron { file("/var/log/cron"); };
destination d_mlal { usertty("*"); };

filter f_filter1     { facility(kern); };
filter f_filter2     { level(info) and
                     not (facility(mail)
                        or facility(authpriv) or facility(cron)); };
filter f_filter3     { facility(authpriv); };
filter f_filter4     { facility(mail); };
filter f_filter5     { level(emerg); };
filter f_filter6     { facility(uucp) or
                     (facility(news) and level(crit)); };
filter f_filter7     { facility(local7); };
filter f_filter8     { facility(cron); };

#       <MY ADDITIONS>

# FTPD RULES BELOW +++++++++++++++++++++++++++++++++

destination ftpd { file("/var/log/ftpd.log"); };
filter f_ftpd { facility(kern) and match ("ftpd"); };
log { source(s_sys); filter(f_ftpd); destination(ftpd); };

#
#       BELOW IS STANDARD TO THE EXAMPLE CONFIG
#
# FIREWALL RULES ++++++++++++++++++++++++++++++++++

destination d_fw { file("/var/log/firewall.log"); };
filter f_fw { facility(kern) and match (": IN="); };
log { source(s_sys); filter(f_fw); destination(d_fw); };

#       </MY ADDITIONS>

log { source(s_sys); filter(f_filter1); destination(d_cons); };
#
#       BELOW IS STANDARD TO THE EXAMPLE CONFIG
#
log { source(s_sys); filter(f_filter2); destination(d_mesg); };
log { source(s_sys); filter(f_filter3); destination(d_auth); };
log { source(s_sys); filter(f_filter4); destination(d_mail); };
log { source(s_sys); filter(f_filter5); destination(d_mlal); };
log { source(s_sys); filter(f_filter6); destination(d_spol); };
log { source(s_sys); filter(f_filter7); destination(d_boot); };
log { source(s_sys); filter(f_filter8); destination(d_cron); };

-- 
+---------------------------------------------------------------+
| Nicholas Bernstein            | nick@docmagic.com             |
| UNIX Systems Administrator    | http://www.docmagic.com       |
| Document Systems Inc.         |                               |
+---------------------------------------------------------------+