[syslog-ng]syslog-ng 1.6.1

Andrews, Glenn J (Glenn) syslog-ng@lists.balabit.hu
Thu, 22 Apr 2004 14:33:01 -0400 

Excellent.   So just to be sure I understand ya..

****************************************************
options { sync (0);
          time_reopen (10);
          log_fifo_size (1000);
          long_hostnames (off);
          use_dns (no);
          use_fqdn (no);
          create_dirs (no);
          keep_hostname (no);
        };

source local { sun-streams ("/dev/log" door("/etc/.syslog_door")); internal(); };
source network { udp(); tcp(); };
destination networklog { file("/var/log/network"); };
destination syslog@10.100.40.1 { tcp("10.100.40.1" port(514)); };
filter f_network_logs { facility(local1) and level(info); };
filter f_network_logs2 { facility(local1) and level(warning); };
log { source(local); filter(f_network_logs); destination(networklog); };
log { source(local); filter(f_network_logs2); destination(syslog@10.100.40.1); };
****************************************************

Is this correct ?

Glenn


-----Original Message-----
From: Coward, Robert (Contractor)
[mailto:Robert.Coward@deploymenthealth.osd.mil]
Sent: Thursday, April 22, 2004 1:15 PM
To: syslog-ng@lists.balabit.hu
Subject: RE: [syslog-ng]syslog-ng 1.6.1


Glenn,
What you need is a filter, I think. Heres how:

source src { unix-stream ("/dev/log"); internal (); };
destination network_logs { file("/var/log/network.log"); };
filter f_network_logs { facility(local1) and level(info); };


Now do the logging:
log { source(src); destination(network_logs); filter(f_network_logs); };

I think that should work for the first one.

For the second one i think you will need to set a filter like the first but
set the destination like so:

destination syslog@10.100.40.1 { tcp("10.100.40.1" port(514)); };

I think thats about it.

---
22 April 2004
"Allow the President to invade a neighboring nation whenever he shall deem
it necessary to repel an invasion and you allow him to do so whenever he
may choose to say he deems it necessary for such purpose, and you allow him
to make war at pleasure.... If today he should choose to say he thinks it
necessary to invade Canada to prevent the British from invading us, how
could you stop him? You may say to him, "I see no probability of the
British invading us," but he will say to you, "Be silent; I see it, if you
don't." (Abrham Lincoln, 1809-1865)
---
Robert V. Coward
UNIX System Administrator
Computer Science Corporation

_______________________________________________
syslog-ng maillist  -  syslog-ng@lists.balabit.hu
https://lists.balabit.hu/mailman/listinfo/syslog-ng
Frequently asked questions at http://www.campin.net/syslog-ng/faq.html