[syslog-ng]Moving from syslog -> syslog-ng - not logging

Mark Robinson syslog-ng@lists.balabit.hu
Thu, 15 Apr 2004 09:53:26 -0400 

This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.

------_=_NextPart_001_01C422F1.06A3A18A
Content-Type: text/plain

I'm trying to move to syslog-ng but I can't get anything other than system
messages to write to the log.

Here's the syslog.conf file that woks:
----------------------------------------------------------------------------
----
*.err;kern.notice;auth.notice                   /dev/console
*.err;kern.debug;daemon.info;daemon.notice;mail.crit    /var/adm/messages
*.alert;kern.err;daemon.err                     operator
*.alert                                         root
*.emerg                                         *

mail.debug                      ifdef(`LOGHOST', /var/log/syslog, @loghost)

ifdef(`LOGHOST', ,
*.err                                   /var/adm/messages
user.err                              /dev/console
user.err                              /var/adm/messages
user.alert                            `root, operator'
user.emerg                          *
)
local7.debug    /data1/syslogs/nd.log
auth.debug      /data1/syslogs/nd.log
local3.err        /data1/syslogs/nd.log
*.err;*.debug;*.crit;*.warning;*.info;*.notice  /data1/syslogs/mcs.log

local2.notice                           @sudosyslog.ca.company.com
----------------------------------------------------------------------------
----

How should a very basic syslog-ng.conf file be written?

------_=_NextPart_001_01C422F1.06A3A18A
Content-Type: text/html
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; =
charset=3Dus-ascii">
<META NAME=3D"Generator" CONTENT=3D"MS Exchange Server version =
5.5.2656.31">
<TITLE>Moving from syslog -&gt; syslog-ng - not logging</TITLE>
</HEAD>
<BODY>

<P><FONT SIZE=3D2 FACE=3D"Arial">I'm trying to move to syslog-ng but I =
can't get anything other than system messages to write to the =
log.</FONT>
</P>

<P><FONT SIZE=3D2 FACE=3D"Arial">Here's the syslog.conf file that =
woks:</FONT>
<BR><FONT SIZE=3D2 =
FACE=3D"Arial">---------------------------------------------------------=
-----------------------</FONT>
<BR><FONT SIZE=3D2 =
FACE=3D"Arial">*.err;kern.notice;auth.notice&nbsp;&nbsp;&nbsp;&nbsp;&nbs=
p;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbs=
p;&nbsp; /dev/console</FONT>
<BR><FONT SIZE=3D2 =
FACE=3D"Arial">*.err;kern.debug;daemon.info;daemon.notice;mail.crit&nbsp=
;&nbsp;&nbsp; /var/adm/messages</FONT>
<BR><FONT SIZE=3D2 =
FACE=3D"Arial">*.alert;kern.err;daemon.err&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;=
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;=
&nbsp;&nbsp;&nbsp; operator</FONT>
<BR><FONT SIZE=3D2 =
FACE=3D"Arial">*.alert&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&n=
bsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&n=
bsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&n=
bsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; root</FONT>
<BR><FONT SIZE=3D2 =
FACE=3D"Arial">*.emerg&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&n=
bsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&n=
bsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&n=
bsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; *</FONT>
</P>

<P><FONT SIZE=3D2 =
FACE=3D"Arial">mail.debug&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp=
;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp=
;&nbsp; ifdef(`LOGHOST', /var/log/syslog, @loghost)</FONT>
</P>

<P><FONT SIZE=3D2 FACE=3D"Arial">ifdef(`LOGHOST', ,</FONT>
<BR><FONT SIZE=3D2 =
FACE=3D"Arial">*.err&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbs=
p;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbs=
p;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbs=
p;&nbsp; /var/adm/messages</FONT>
<BR><FONT SIZE=3D2 =
FACE=3D"Arial">user.err&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&=
nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&=
nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; =
/dev/console</FONT>
<BR><FONT SIZE=3D2 =
FACE=3D"Arial">user.err&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&=
nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&=
nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; =
/var/adm/messages</FONT>
<BR><FONT SIZE=3D2 =
FACE=3D"Arial">user.alert&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp=
;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp=
;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; `root, operator'</FONT>
<BR><FONT SIZE=3D2 =
FACE=3D"Arial">user.emerg&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp=
;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp=
;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; *</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">)</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">local7.debug&nbsp;&nbsp;&nbsp; =
/data1/syslogs/nd.log</FONT>
<BR><FONT SIZE=3D2 =
FACE=3D"Arial">auth.debug&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; =
/data1/syslogs/nd.log</FONT>
<BR><FONT SIZE=3D2 =
FACE=3D"Arial">local3.err&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; =
/data1/syslogs/nd.log</FONT>
<BR><FONT SIZE=3D2 =
FACE=3D"Arial">*.err;*.debug;*.crit;*.warning;*.info;*.notice&nbsp; =
/data1/syslogs/mcs.log</FONT>
</P>

<P><FONT SIZE=3D2 =
FACE=3D"Arial">local2.notice&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&n=
bsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&n=
bsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; =
@sudosyslog.ca.company.com</FONT>
<BR><FONT SIZE=3D2 =
FACE=3D"Arial">---------------------------------------------------------=
-----------------------</FONT>
</P>

<P><FONT SIZE=3D2 FACE=3D"Arial">How should a very basic syslog-ng.conf =
file be written?</FONT>
</P>

</BODY>
</HTML>
------_=_NextPart_001_01C422F1.06A3A18A--