[syslog-ng]syslog-ng macros did not work
Christian Osbahr
syslog-ng@lists.balabit.hu
Wed, 14 May 2003 11:58:12 +0200
Hi,
The macro expansion didn't seem to work right in 1.6rc2. Download 1.6rc3
and you should be fine.
Best regards,
Christian
-----Original Message-----
From: Hoffmann, Mathias [mailto:Mathias.Hoffmann@access-7.de]=20
Sent: 14. maj 2003 11:54
To: 'syslog-ng@lists.balabit.hu'
Subject: [syslog-ng]syslog-ng macros did not work
Hi,
I'm new to syslog-ng and set up syslog-ng-1.6.0rc2 on a Solaris 2.6 box
as central logging station (of sure - testing). Meanwhile it collect
data from two other hosts and itself. I use the following statements
found at syslog-ng FAQ or examples:
source src {=20
sun-stream("/dev/log" door("/etc/.syslog_door"));
internal();
udp(ip(192.168.77.20) port(514));=20
udp(ip(192.168.76.20) port(514));=20
};
destination hosts {=20
file("/var/net/hosts/$HOST/$YEAR/$MONTH/$DAY/$YEAR$MONTH$DAY"
owner(root) group(root) perm(0644) dir_perm(0755) create_dirs(yes));=20
};
What happend is, syslog-ng creates the hosts dir in /var/net and a file
$DAY with all the logged data in hosts: no $HOST dir, no $YEAR, $MONTH
or $DAY directory. Even if I omit $HOST (assuming any problems resolving
the hostnames of the two senders), no additional directoryy is created.
Also commenting use_dns or use_fqdn made noch change. Maybe I made some
simple mistakes -=20
so any help is welcome
Mathias
complete config:
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
options {=20
long_hostnames(off);=20
# doesn't actually help on Solaris, log(3) truncates at 1024
chars
log_msg_size(8192);
# buffer just a little for performance
sync(1);=20
# memory is cheap, buffer messages unable to write (like to
loghost)
log_fifo_size(2048);=20
# I hate Vignette StoryServer
bad_hostname("^(ctld.|cmd|tmd|last)$");
# The time to wait before a dead connection is reestablished
(seconds)
time_reopen(10);
use_fqdn(yes);
use_dns(yes);
dns_cache(yes);
keep_hostname(yes);
owner(root);=20
group(root);
perm(0644);
dir_perm(0755);
create_dirs(yes);
use_time_recvd(yes);
};
source src {=20
sun-stream("/dev/log" door("/etc/.syslog_door"));
internal();
udp(ip(192.168.77.20) port(514));=20
udp(ip(192.168.76.20) port(514));=20
};
destination hosts {=20
file("/vol_a/var/net/hosts/$HOST/$YEAR/$MONTH/$DAY/$YEAR$MONTH$DAY"
owner(root) group(root) perm(0644) dir_perm(0755) create_dirs(yes));=20
};
=20
log {
source(src);
destination(hosts);
};
destination loghost {
tcp("192.168.77.20" port(514));
tcp("192.168.77.20" port(514));
};
_______________________________________________
syslog-ng maillist - syslog-ng@lists.balabit.hu
https://lists.balabit.hu/mailman/listinfo/syslog-ng
Frequently asked questions at http://www.campin.net/syslog-ng/faq.html