[syslog-ng]A remote logging problem..

µ£¥Ãª@ syslog-ng@lists.balabit.hu
Mon, 13 Dec 2004 21:25:06 +0800 (CST) 

  

hi ... I am a newbie in syslog-ng 
I meet some problems in configure syslog-ng
I have three machine, A is inside NAT, B is NAT server, C is
loghost outside NAT
B forward log message from A to C.

A's syslog-ng.conf setting
options { long_hostnames(off);
 sync(0); 
};
source src
{unix-dgram("/var/run/log");udp();internal();file("/dev/klog");};
destination loghost{udp("B" port(514));};
log{ source(src);destination(loghost);};

B's syslog-ng.conf  setting
options { chain_hostnames(yes);
         keep_hostname(no);
         long_hostnames(off);
         sync(0);
         use_dns(yes);
         use_fqdn(yes);
       };
source src { unix-dgram("/var/run/log"); internal();
file("/dev/klog"); };
source fwd {udp( ip(10.1.1.254) port(514));};
destination loghost { udp("C" port(514)); };
log { source(src);source(fwd); destination(loghost); };


C's syslog-ng.conf  setting 
options { chain_hostnames(yes);
         keep_hostname(no);
         create_dirs(yes);
         long_hostnames(off);
         sync(0);
         use_dns(yes);
         use_fqdn(yes);
        };
source src { unix-dgram("/var/run/log"); udp(); internal();
file("/dev/klog"); };
destination all { file("/var/log/all.log"); };
log { source(src); destination(all); };



three machine all are FreeBSD machine A FreeBSD is 5.3  B is
FreeBSD 4.11 C is FreeBSD 4.10
syslog-ng version are the same(syslog-ng 1.6.5)

the FAQ say's that..
   keep_hostname(yes)   keep_hostname(no)
chain_hostname(yes) server server/server2
chain_hostname(no) server server2

i have see that FAQ,but i can not produce the log record
like=20scr@host1/host2

when the root login at A machine,syslog-ng record this
action,but... 
A ==> Dec 13 20:42:36 A login: ROOT LOGIN (root) ON ttyv0

B ==> Dec 13 20:42:36 10.1.1.11 login: login on ttyv0 as root
     Dec 13 20:42:36 10.1.1.11 login: ROOT LOGIN (root) ON
ttyv0
     Dec 13 20:42:36 10.1.1.11 login: ROOT LOGIN (root) ON
ttyv0

C ==> Dec 13 20:42:36 B login: login on ttyv0 as root
     Dec 13 20:42:36 B login: ROOT LOGIN (root) ON ttyv0
     Dec 13 20:42:36 C login: ROOT LOGIN (root) ON ttyv0
     Dec 13 20:42:36 B login: ROOT LOGIN (root) ON ttyv0 
(B¡BC is his hostname)
it seems quiet strange.
Can someone hlep me?  thanks a lot


(sorry for my poor English ^^")