[syslog-ng]Is my default location broken?

Madziarczyk, Jonathan syslog-ng@lists.balabit.hu
Thu, 19 Feb 2004 11:45:43 -0600 

Ok, I see what's going on.

If I have this conf:

options { dir_perm(0755); perm(0644); chain_hostnames(no);
          time_reopen (10);
          log_fifo_size (1000);
          long_hostnames (off);
          use_dns (yes);
          use_fqdn (no);
          dns_cache (yes);
          create_dirs (yes);
          keep_hostname(yes); };

source local { unix-dgram("/dev/log"); internal(); };

source s_udpmessages { udp(ip(0.0.0.0) port(514)); };

log { source(s_udpmessages); destination(d_mysql); };

*destinations removed*

filter f_c4s1           { host("civic4south1"); };

log { source(s_udpmessages); filter(f_c4s1);       destination(civic); =
};
log { source(s_udpmessages); destination(unsorted); flags(final, =
fallback); };

What I want to do is all messages that do not fit the host specified in =
filter f_c4s1 (or any other filter/log commands I put in) to be placed =
into the destination (unsorted) file.  However my pipe to destination =
(my_sql) seems to be stopping that.  How do I fix that so I can still =
log to My_Sql and my destination files without having to write rules for =
every item I'm logging?

Thanks,
JonM





-----Original Message-----
From: Balazs Scheidler [mailto:bazsi@balabit.hu]=20
Sent: Thursday, February 19, 2004 1:12 AM
To: syslog-ng@lists.balabit.hu
Subject: Re: [syslog-ng]Is my default location broken?

2004-02-18, sze keltez=E9ssel 19:40-kor Madziarczyk, Jonathan ezt =
=EDrta:
> I just migrated to a new box for syslog-ng and I'm trying to get the
> "default" location to work for messages that don't meet any of my =
rules
> yet.
>=20
> I've sent multiple syslog messages to the box but they don't seem to =
be
> showing up.  Any ideas? I do know that the "rules" messages are =
working
> so udp is binding.
>=20
> Thanks,
> JonM
>=20
> options { dir_perm(0755); perm(0644); chain_hostnames(no);
>           time_reopen (10);
>           log_fifo_size (1000);
>           long_hostnames (off);
>           use_dns (yes);
>           use_fqdn (no);
>           dns_cache (yes);
>           create_dirs (yes);
>           keep_hostname(yes); };
>=20
> source local { unix-dgram("/dev/log"); internal(); };
>=20
> source s_udpmessages { udp(ip(0.0.0.0) port(514)); };
>=20
> destination unsorted    { file("/logs/unsorted.log" perm(0777)); };
> log { source(s_udpmessages); destination(unsorted); flags(final,
> fallback); };

what are those 'rules' messages you are referring to? try stracing the
syslog-ng process to see whether it actually receives messages.

--=20
Bazsi
PGP info: KeyID 9AF8D0A9 Fingerprint CD27 CFB0 802C 0944 9CFD 804E C82C =
8EB1



_______________________________________________
syslog-ng maillist  -  syslog-ng@lists.balabit.hu
https://lists.balabit.hu/mailman/listinfo/syslog-ng
Frequently asked questions at http://www.campin.net/syslog-ng/faq.html