[syslog-ng]no carriage returns on logserver
Stefan Schewczik
syslog-ng@lists.balabit.hu
Wed, 26 Mar 2003 12:17:42 +0100
we are running a centralized logserver (suse 8.0) with the standard
syslog daemon (version 1.4.1) and several clients (pld 1.0) with
syslog-ng (version 1.4.17). the logfiles on the logserver looks like this.
Mar 26 11:35:17 grz-1 grz-1 watchdog[1243]: current load is 0 0 0
<30>Mar 26 11:35:17 grz-1 watchdog[1243]: current load is 0 0 0 <30>Mar
26 11:35:17 grz-1 watchdog[1243]: was able to ping process 1617
(/var/run/syslog-ng.pid). <30>Mar 26 11:35:17 grz-1 watchdog[1243]: was
able to ping process 1617 (/var/run/syslog-ng.pid).
whereas the logfiles on the clients itself look ok.
Mar 26 11:35:17 grz-1 watchdog[1243]: current load is 0 0 0
Mar 26 11:35:17 grz-1 watchdog[1243]: was able to ping process 1617
(/var/run/syslog-ng.pid).
Mar 26 11:35:32 grz-1 watchdog[1243]: current load is 0 0 0
Mar 26 11:35:32 grz-1 watchdog[1243]: was able to ping process 1617
(/var/run/syslog-ng.pid).
Mar 26 11:35:47 grz-1 watchdog[1243]: current load is 0 0 0
Mar 26 11:35:47 grz-1 watchdog[1243]: was able to ping process 1617
(/var/run/syslog-ng.pid).
Mar 26 11:36:02 grz-1 watchdog[1243]: current load is 0 0 0
Mar 26 11:36:02 grz-1 watchdog[1243]: was able to ping process 1617
(/var/run/syslog-ng.pid).
Mar 26 11:36:17 grz-1 watchdog[1243]: current load is 0 0 0
as you can see, there are no carriage returns in the logfiles of the
logserver, so its very hard to read the logs.
any help would be appreciated.
/etc/syslog-ng/syslog-ng.conf: (clients)
options { long_hostnames(off); sync(0); };
source src { pipe("/proc/kmsg"); unix-stream("/dev/log"); internal(); };
# uncomment below line if you want setup syslog server
#source net { udp(); };
destination loghost { udp("backup.domain.com"); };
destination kern { file("/var/log/kernel"); };
destination messages { file("/var/log/messages"); };
destination authlog { file("/var/log/secure"); };
destination mail { file("/var/log/maillog"); };
destination uucp { file("/var/log/spooler"); };
destination debug { file("/var/log/debug"); };
destination console { usertty("root"); };
destination console_all { file("/dev/tty12"); };
destination xconsole { pipe("/dev/xconsole"); };
destination mailinfo { file("/var/log/mail/info"); };
destination mailwarn { file("/var/log/mail/warn"); };
destination mailerr { file("/var/log/mail/err"); };
destination newscrit { file("/var/log/news/news.crit" owner(news)
group(news)); };
destination newserr { file("/var/log/news/news.err" owner(news)
group(news)); };
destination newsnotice { file("/var/log/news/news.notice" owner(news)
group(news)); };
destination cron { file("/var/log/cron"); };
destination syslog { file("/var/log/syslog"); };
destination daemon { file("/var/log/daemon"); };
destination lpr { file("/var/log/lpr"); };
destination user { file("/var/log/user"); };
destination ppp { file("/var/log/ppp"); };
# Log iptables messages to separate file
destination iptables { file("/var/log/iptables"); };
filter f_syslog { not facility(authpriv, mail, news)
and not match("IN=[A-Za-z0-9]*
OUT=[A-Za-z0-9]*")
and not match("cron") ; };
filter f_iptables { facility(kern) and match("IN=[A-Za-z0-9]*
OUT=[A-Za-z0-9]*"); };
filter f_kern { facility(kern)
and not match("IN=[A-Za-z0-9]*
OUT=[A-Za-z0-9]*") ; };
filter f_auth { facility(auth); };
filter f_authpriv { facility(auth, authpriv)
and not match("cron"); };
filter f_cron { facility(cron) or match("cron"); };
filter f_daemon { facility(daemon); };
filter f_lpr { facility(lpr); };
filter f_mail { facility(mail); };
filter f_user { facility(user); };
filter f_uucp { facility(cron); };
filter f_ppp { facility(daemon) and program(pppd) or
program(chat); };
filter f_news { facility(news); };
filter f_messages { level(info..warn)
and not facility(auth, authpriv, mail, news,
daemon); };
filter p_debug { level(debug); };
filter p_info { level(info); };
filter p_notice { level(notice); };
filter p_warn { level(warn); };
filter p_err { level(err); };
filter p_alert { level(alert); };
filter p_crit { level(crit); };
filter p_emergency { level(emerg); };
log { source(src); filter(f_kern); destination(kern); };
log { source(src); filter(f_authpriv); destination(authlog); };
log { source(src); filter(f_syslog); destination(syslog); };
log { source(src); filter(f_cron); destination(cron); };
log { source(src); filter(f_daemon); destination(daemon); };
log { source(src); filter(f_lpr); destination(lpr); };
log { source(src); filter(f_user); destination(user); };
log { source(src); filter(f_uucp); destination(uucp); };
log { source(src); filter(f_messages); destination(messages); };
log { source(src); filter(f_ppp); destination(ppp); };
log { source(src); filter(p_debug); destination(debug); };
log { source(src); filter(p_emergency); destination(console); };
log { source(src); destination(console_all); };
log { source(src); filter(f_mail);
destination(mail); };
#log { source(src); filter(f_mail); filter(p_info);
destination(mailinfo); };
#log { source(src); filter(f_mail); filter(p_warn);
destination(mailwarn); };
#log { source(src); filter(f_mail); filter(p_err);
destination(mailerr); };
log { source(src); filter(f_news); filter(p_crit);
destination(uucp); };
log { source(src); filter(f_news); filter(p_crit);
destination(newscrit); };
log { source(src); filter(f_news); filter(p_err);
destination(newserr); };
log { source(src); filter(f_news); filter(p_warn);
destination(newsnotice); };
log { source(src); filter(f_news); filter(p_notice);
destination(newsnotice); };
log { source(src); filter(f_news); filter(p_info);
destination(newsnotice); };
log { source(src); filter(f_news); filter(p_debug);
destination(newsnotice); };
log { source(src); filter(f_iptables); destination(iptables); };
log { source(src); filter(f_authpriv); destination(loghost); };
log { source(src); filter(f_syslog); destination(loghost); };
log { source(src); filter(f_cron); destination(loghost); };
log { source(src); filter(f_daemon); destination(loghost); };
log { source(src); filter(f_lpr); destination(loghost); };
log { source(src); filter(f_user); destination(loghost); };
log { source(src); filter(f_uucp); destination(loghost); };
log { source(src); filter(f_messages); destination(loghost); };
log { source(src); filter(f_ppp); destination(loghost); };
log { source(src); filter(p_debug); destination(loghost); };
log { source(src); filter(p_emergency); destination(loghost); };
/etc/syslog.conf (of the logserver)
# /etc/syslog.conf - Configuration file for syslogd(8)
#
# For info about the format of this file, see "man syslog.conf".
#
#
#
# print most on tty10 and on the xconsole pipe
#
*.* /dev/tty12
kern.warn;*.err;authpriv.none /dev/tty10
kern.warn;*.err;authpriv.none |/dev/xconsole
*.emerg *
# enable this, if you want that root is informed
# immediately, e.g. of logins
#*.alert root
#
# all email-messages in one file
#
mail.* -/var/log/mail
#
# all news-messages
#
# these files are rotated and examined by "news.daily"
news.crit -/var/log/news/news.crit
news.err -/var/log/news/news.err
news.notice -/var/log/news/news.notice
# enable this, if you want to keep all news messages
# in one file
#news.* -/var/log/news.all
#
# Warnings in one file
#
*.=warn;*.=err -/var/log/warn
*.crit /var/log/warn
#
# save the rest in one file
#
*.*;mail.none;news.none -/var/log/messages
#
# enable this, if you want to keep all messages
# in one file
#*.* -/var/log/allmessages
#
# Some foreign boot scripts require local7
#
local0,local1.* -/var/log/localmessages
local2,local3.* -/var/log/localmessages
local4,local5.* -/var/log/localmessages
local6,local7.* -/var/log/localmessages
kern.* -/var/log/firewall