[syslog-ng]syslog-ng 1.6.1

Coward, Robert (Contractor) syslog-ng@lists.balabit.hu
Thu, 22 Apr 2004 14:47:03 -0400 

Looks fine to me. Although, I do not know what this line does:
source network { udp(); tcp(); };

Since you do not have a log line that references the "network" source, I
don't know wht its there. Maybe more stuff in your config, I can't see.

Everything else looks okay.


---
22 April 2004
"As nightfall does not come all at once, neither does oppression. In both
instances, there is a twilight. And it is in such twilight that we all must
be aware of change in the air, however slight, lest we become unwitting
victims of darkness." (William O. Douglas, 1939-1975)
---
Robert V. Coward
UNIX System Administrator
Computer Science Corporation






"Andrews, Glenn J (Glenn)" <gjandrews@lucent.com> on 04/22/2004 02:33:01 PM

To:   "'syslog-ng@lists.balabit.hu'" <syslog-ng@lists.balabit.hu>
cc:   "'Coward, Robert (Contractor)'"
      <Robert.Coward@deploymenthealth.osd.mil>

Subject:  RE: [syslog-ng]syslog-ng 1.6.1


Excellent.   So just to be sure I understand ya..

****************************************************
options { sync (0);
          time_reopen (10);
          log_fifo_size (1000);
          long_hostnames (off);
          use_dns (no);
          use_fqdn (no);
          create_dirs (no);
          keep_hostname (no);
        };

source local { sun-streams ("/dev/log" door("/etc/.syslog_door")); internal
(); };
source network { udp(); tcp(); };
destination networklog { file("/var/log/network"); };
destination syslog@10.100.40.1 { tcp("10.100.40.1" port(514)); };
filter f_network_logs { facility(local1) and level(info); };
filter f_network_logs2 { facility(local1) and level(warning); };
log { source(local); filter(f_network_logs); destination(networklog); };
log { source(local); filter(f_network_logs2);
destination(syslog@10.100.40.1); };
****************************************************

Is this correct ?

Glenn


-----Original Message-----
From: Coward, Robert (Contractor)
[mailto:Robert.Coward@deploymenthealth.osd.mil]
Sent: Thursday, April 22, 2004 1:15 PM
To: syslog-ng@lists.balabit.hu
Subject: RE: [syslog-ng]syslog-ng 1.6.1


Glenn,
What you need is a filter, I think. Heres how:

source src { unix-stream ("/dev/log"); internal (); };
destination network_logs { file("/var/log/network.log"); };
filter f_network_logs { facility(local1) and level(info); };


Now do the logging:
log { source(src); destination(network_logs); filter(f_network_logs); };

I think that should work for the first one.

For the second one i think you will need to set a filter like the first but
set the destination like so:

destination syslog@10.100.40.1 { tcp("10.100.40.1" port(514)); };

I think thats about it.

---
22 April 2004
"Allow the President to invade a neighboring nation whenever he shall deem
it necessary to repel an invasion and you allow him to do so whenever he
may choose to say he deems it necessary for such purpose, and you allow him
to make war at pleasure.... If today he should choose to say he thinks it
necessary to invade Canada to prevent the British from invading us, how
could you stop him? You may say to him, "I see no probability of the
British invading us," but he will say to you, "Be silent; I see it, if you
don't." (Abrham Lincoln, 1809-1865)
---
Robert V. Coward
UNIX System Administrator
Computer Science Corporation

_______________________________________________
syslog-ng maillist  -  syslog-ng@lists.balabit.hu
https://lists.balabit.hu/mailman/listinfo/syslog-ng
Frequently asked questions at http://www.campin.net/syslog-ng/faq.html