[syslog-ng]syslog-ng do not work....

Hamilton Andrew syslog-ng@lists.balabit.hu
Tue, 27 Jan 2004 12:18:24 -0500


This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.

------_=_NextPart_001_01C3E4F9.9221C2CB
Content-Type: text/plain;
	charset="utf-8"

I would, at the very least, get the latest, which is, I believe, 1.6.1.  The
1.4.x line is very old and not nearly as feature rich as 1.6.x.
 
Drew

-----Original Message-----
From: Alessandro Fiorenzi [mailto:a.fiorenzi@infogroup.it]
Sent: Tuesday, January 27, 2004 11:41 AM
To: Syslog-ng
Subject: RE: [syslog-ng]syslog-ng do not work....


Well I have syslog-ng version 1.4.17, perhaps could be that, infact 
dns_cache(yes)
use_time_recvd(yes)
does not go .

Alessandro

On Tue, 2004-01-27 at 17:01, Hamilton Andrew wrote: 

What version of syslog-ng are you using?

dnscache(yes) should be dns_cache(yes)
 
use_time_recvd(true) should be use_time_recvd(yes)
 
try pipe("/proc/kmsg" log_prefix("kernel: ")); instead of file(...
 
Regards,
 
Drew 

-----Original Message-----
From: Alessandro Fiorenzi [mailto:a.fiorenzi@infogroup.it]
Sent: Tuesday, January 27, 2004 10:53 AM
To: Syslog-ng
Subject: [syslog-ng]syslog-ng do not work....


Hi, I have set this configuration on central logserver

options {
        long_hostnames(off);     
        sync(0);     
        log_fifo_size(1000);
        dnscache(yes);
        use_fqdn(yes);
        use_time_recvd(true);
        };

source src {
        internal();
        file("/proc/kmsg" log_prefix("kernel: "));
        tcp(ip(192.168.52.100) port(514) max-connections(1000));
        udp(ip(0.0.0.0) port(514));
        };

but it does not work. The fist errore is on dnscache(yes);, if i remove this
I get the second on use_time_recvd(true);, remove this one I get errore on
file("/proc/kmsg" log_prefix("kernel: ")); .... why?

Thanks

Fiorenzi A.




------------------------------------------------------------------------ 

INFOGROUP S.P.A                 http://www.infogroup.it 
-------------------------------------------------------------------------
DR. FIORENZI ALESSANDRO 

Consulente Tribunale Firenze - sicurezza informatica -
Security Administrator 
Socio  <file:///home/fiore/signature/www.clusit.it> CLUSIT,
<file:///home/fiore/signature/www.alsi.it> ALSI






Tel : +39.055.43.65.742 
CE : +39.335.64.144.77 
@Email : a.fiorenzi@infogroup.it 
PGP Key: http://www.infogroup.it/ds/fiorenzi.asc
-------------------------------------------------------------------------
            "Faber est suae quisque fortunae" 
------------------------------------------------------------------------- 


------------------------------------------------------------------------ 

INFOGROUP S.P.A                 http://www.infogroup.it 
-------------------------------------------------------------------------
DR. FIORENZI ALESSANDRO 

Consulente Tribunale Firenze - sicurezza informatica -
Security Administrator 
Socio  <file:///home/fiore/signature/www.clusit.it> CLUSIT,
<file:///home/fiore/signature/www.alsi.it> ALSI





Tel : +39.055.43.65.742 
CE : +39.335.64.144.77 
@Email : a.fiorenzi@infogroup.it 
PGP Key: http://www.infogroup.it/ds/fiorenzi.asc
-------------------------------------------------------------------------
            "Faber est suae quisque fortunae" 
------------------------------------------------------------------------- 




------_=_NextPart_001_01C3E4F9.9221C2CB
Content-Type: text/html;
	charset="utf-8"

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=utf-8">


<META content="MSHTML 6.00.2800.1276" name=GENERATOR></HEAD>
<BODY>
<DIV><SPAN class=570321517-27012004><FONT face=Arial color=#0000ff size=2>I 
would, at the very least, get the latest, which is, I believe, 1.6.1.&nbsp; The 
1.4.x line is very old and not nearly as feature rich as 
1.6.x.</FONT></SPAN></DIV>
<DIV><SPAN class=570321517-27012004><FONT face=Arial color=#0000ff 
size=2></FONT></SPAN>&nbsp;</DIV>
<DIV><SPAN class=570321517-27012004><FONT face=Arial color=#0000ff 
size=2>Drew</FONT></SPAN></DIV>
<BLOCKQUOTE>
  <DIV class=OutlookMessageHeader dir=ltr align=left><FONT face=Tahoma 
  size=2>-----Original Message-----<BR><B>From:</B> Alessandro Fiorenzi 
  [mailto:a.fiorenzi@infogroup.it]<BR><B>Sent:</B> Tuesday, January 27, 2004 
  11:41 AM<BR><B>To:</B> Syslog-ng<BR><B>Subject:</B> RE: [syslog-ng]syslog-ng 
  do not work....<BR><BR></FONT></DIV>Well I have syslog-ng version 1.4.17, 
  perhaps could be that, infact <BR><FONT color=#0000ff 
  size=2><I>dns_cache(yes)<BR>use_time_recvd(yes)</I></FONT><BR>does not go 
  .<BR><BR>Alessandro<BR><BR>On Tue, 2004-01-27 at 17:01, Hamilton Andrew wrote: 

  <BLOCKQUOTE TYPE="CITE"><FONT color=#0000ff size=2><I>What version of 
    syslog-ng are you using?</FONT><BR><FONT color=#737373></FONT><BR><FONT 
    color=#0000ff size=2>dnscache(yes) should be dns_cache(yes)</FONT><BR><FONT 
    color=#737373>&nbsp;</FONT><BR><FONT color=#0000ff 
    size=2>use_time_recvd(true) should be use_time_recvd(yes)</FONT><BR><FONT 
    color=#737373>&nbsp;</FONT><BR><FONT color=#0000ff size=2>try 
    pipe("/proc/kmsg" log_prefix("kernel: ")); instead of 
    file(...</FONT><BR><FONT color=#737373>&nbsp;</FONT><BR><FONT color=#0000ff 
    size=2>Regards,</FONT><BR><FONT color=#737373>&nbsp;</FONT><BR><FONT 
    color=#0000ff size=2>Drew</FONT> 
    <BLOCKQUOTE><FONT color=#737373 size=2>-----Original 
      Message-----<BR><B>From:</B> Alessandro Fiorenzi 
      [mailto:a.fiorenzi@infogroup.it]<BR><B>Sent:</B> Tuesday, January 27, 2004 
      10:53 AM<BR><B>To:</B> Syslog-ng<BR><B>Subject:</B> [syslog-ng]syslog-ng 
      do not work....<BR></FONT><BR><FONT color=#737373><BR>Hi, I have set this 
      configuration on central logserver<BR><BR>options 
      {<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 
      long_hostnames(off);&nbsp;&nbsp;&nbsp;&nbsp; 
      <BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 
      sync(0);&nbsp;&nbsp;&nbsp;&nbsp; 
      <BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 
      log_fifo_size(1000);<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 
      dnscache(yes);<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 
      use_fqdn(yes);<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 
      use_time_recvd(true);<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 
      };<BR><BR>source src {<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 
      internal();<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 
      file("/proc/kmsg" log_prefix("kernel: 
      "));<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; tcp(ip(192.168.52.100) 
      port(514) 
      max-connections(1000));<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 
      udp(ip(0.0.0.0) port(514));<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 
      };<BR><BR>but it does not work. The fist errore is on dnscache(yes);, if i 
      remove this I get the second on use_time_recvd(true);, remove this one I 
      get errore on file("/proc/kmsg" log_prefix("kernel: ")); .... 
      why?<BR><BR>Thanks<BR><BR>Fiorenzi A.<BR><BR></I></FONT><BR>
      <TABLE cellSpacing=0 cellPadding=0 width="100%">
        <TBODY>
        <TR></TR>
        <TR></TR>
        <TR>
          <TD>
            <TABLE cellSpacing=0 cellPadding=0 width="100%">
              <TBODY>
              <TR></TR>
              <TR></TR>
              <TR>
                <TD><FONT 
                  size=3><B>------------------------------------------------------------------------ 

                  <ADDRESS>INFOGROUP S.P.A&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; 
                  &nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; &nbsp; 
                  http://www.infogroup.it 
                  </ADDRESS>-------------------------------------------------------------------------<BR>DR. 
                  FIORENZI ALESSANDRO </B></FONT><BR><BR>Consulente Tribunale 
                  Firenze - sicurezza informatica -<BR>Security Administrator 
                  <BR>Socio <A 
                  href="file:///home/fiore/signature/www.clusit.it"><U>CLUSIT</U></A>, 
                  <A 
                  href="file:///home/fiore/signature/www.alsi.it"><U>ALSI</U></A><BR><BR><BR><BR><BR><BR>
                  <ADDRESS>Tel : +39.055.43.65.742 <BR>CE : +39.335.64.144.77 
                  <BR>@Email : a.fiorenzi@infogroup.it <BR>PGP Key: 
                  http://www.infogroup.it/ds/fiorenzi.asc</ADDRESS><FONT 
                  size=3><I>-------------------------------------------------------------------------<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 
                  <B>"Faber est suae quisque fortunae" 
                  </B><BR>-------------------------------------------------------------------------</I></FONT> 
                </TD></TR></TBODY></TABLE></TD></TR></TBODY></TABLE></BLOCKQUOTE></BLOCKQUOTE>
  <TABLE cellSpacing=0 cellPadding=0 width="100%">
    <TBODY>
    <TR>
      <TD>
        <TABLE cellSpacing=0 cellPadding=0 width="100%">
          <TBODY>
          <TR>
            <TD><FONT 
              size=3><B>------------------------------------------------------------------------ 

              <ADDRESS>INFOGROUP S.P.A&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; 
              &nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; &nbsp; 
              http://www.infogroup.it 
              </ADDRESS>-------------------------------------------------------------------------<BR>DR. 
              FIORENZI ALESSANDRO </B></FONT><BR><BR>Consulente Tribunale 
              Firenze - sicurezza informatica -<BR>Security Administrator 
              <BR>Socio <A 
              href="file:///home/fiore/signature/www.clusit.it"><U>CLUSIT</U></A>, 
              <A 
              href="file:///home/fiore/signature/www.alsi.it"><U>ALSI</U></A><BR><BR><BR><BR><BR>
              <ADDRESS>Tel : +39.055.43.65.742 <BR>CE : +39.335.64.144.77 
              <BR>@Email : a.fiorenzi@infogroup.it <BR>PGP Key: 
              http://www.infogroup.it/ds/fiorenzi.asc</ADDRESS><FONT 
              size=3><I>-------------------------------------------------------------------------<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 
              <B>"Faber est suae quisque fortunae" 
              </B><BR>-------------------------------------------------------------------------</I></FONT> 
            </TD></TR></TBODY></TABLE></TD></TR></TBODY></TABLE><BR><BR></BLOCKQUOTE></BODY></HTML>

------_=_NextPart_001_01C3E4F9.9221C2CB--