[syslog-ng]syslog-ng macros did not work

Hoffmann, Mathias syslog-ng@lists.balabit.hu
Wed, 14 May 2003 11:53:42 +0200


Hi,
I'm new to syslog-ng and set up syslog-ng-1.6.0rc2 on a Solaris 2.6 box as
central logging station (of sure - testing).
Meanwhile it collect data from two other hosts and itself.
I use the following statements found at syslog-ng FAQ or examples:

source src { 
	sun-stream("/dev/log" door("/etc/.syslog_door"));
	internal();
        udp(ip(192.168.77.20) port(514)); 
        udp(ip(192.168.76.20) port(514)); 
};
destination hosts { 
   file("/var/net/hosts/$HOST/$YEAR/$MONTH/$DAY/$YEAR$MONTH$DAY"
   owner(root) group(root) perm(0644) dir_perm(0755) create_dirs(yes)); 
};

What happend is, syslog-ng creates the hosts dir in /var/net and a file $DAY
with all the logged data in hosts: no $HOST dir, no $YEAR, $MONTH or $DAY
directory. Even if I omit $HOST (assuming any problems resolving the
hostnames of the two senders), no additional directoryy is created. Also
commenting use_dns or use_fqdn made noch change.
Maybe I made some simple mistakes - 
so any help is welcome

Mathias

complete config:
==========

options { 
	long_hostnames(off); 

	# doesn't actually help on Solaris, log(3) truncates at 1024 chars
	log_msg_size(8192);

	# buffer just a little for performance
	sync(1); 

	# memory is cheap, buffer messages unable to write (like to loghost)
	log_fifo_size(2048); 

	# I hate Vignette StoryServer
	bad_hostname("^(ctld.|cmd|tmd|last)$");

	# The time to wait before a dead connection is reestablished
(seconds)
	time_reopen(10);

       use_fqdn(yes);
       use_dns(yes);
       dns_cache(yes);
        keep_hostname(yes);
        owner(root); 
        group(root);
        perm(0644);
        dir_perm(0755);
        create_dirs(yes);
        use_time_recvd(yes);
};
source src { 
	sun-stream("/dev/log" door("/etc/.syslog_door"));
	internal();
        udp(ip(192.168.77.20) port(514)); 
        udp(ip(192.168.76.20) port(514)); 
};
destination hosts { 
   file("/vol_a/var/net/hosts/$HOST/$YEAR/$MONTH/$DAY/$YEAR$MONTH$DAY"
   owner(root) group(root) perm(0644) dir_perm(0755) create_dirs(yes)); 
};
  
log {
	source(src);
	destination(hosts);
};

destination loghost {
	tcp("192.168.77.20" port(514));
	tcp("192.168.77.20" port(514));
};