[syslog-ng]syslog-ng and net devices.

Wed, 31 Mar 2004 07:38:50 -0600

Morning,
    I have all cisco devices coming in on priority local7, and for some 
reason im not getting them all. I grep'd though all logs and they truly 
dont exist.

    Does anyone see anything wrong with my config ?

    TIA.

~!>D


#
# Syslog-ng example configuration for for Debian GNU/Linux
# Too bad this wasnt debian ;(
#
# Copyright (c) 1999 anonymous
# Copyright (c) 1999 Balazs Scheidler
# $Id: syslog-ng.conf.sample,v 1.2 1999/11/15 12:30:41 bazsi Exp $
#
# Syslog-ng configuration file, compatible with default Debian syslogd
# installation.
#

options { long_hostnames(off); sync(1); };

# added /proc/kmsg for replace of klogd - syslogd
source src { internal();
              pipe("/proc/kmsg");
             unix-stream("/dev/log");
};

source net {
              udp();
};

## dest
destination authlog { file("/log/auth.log"); };
destination syslog { file("/log/syslog"); };
destination cron { file("/log/cron.log"); };
destination daemon { file("/log/daemon.log"); };
destination kern { file("/log/kern.log"); };
destination lpr { file("/log/lpr.log"); };
destination user { file("/log/user.log"); };
destination uucp { file("/log/uucp.log"); };
destination mail { file("/log/mail.log"); };

destination mailinfo { file("/log/mail.info"); };
destination mailwarn { file("/log/mail.warn"); };
destination mailerr { file("/log/mail.err"); };

destination newscrit { file("/log/news/news.crit"); };
destination newserr { file("/log/news/news.err"); };
destination newsnotice { file("/log/news/news.notice"); };

destination debug { file("/log/debug"); };
destination messages { file("/log/messages"); };
destination console { usertty("root"); };
destination console_all { file("/dev/tty12"); };
#destination loghost { udp("loghost" port(999)); };

## Custon Log Destiniations
destination pix { file("/log/Net/pix.log"); };
destination iss { file("/log/Net/iss.log"); };
destination snmp { file("/log/Net/snmp.log"); };

## Incoming routers and switches with perms
destination local7 { file("/log/j1comm1/logs/local7.info"
                  owner(j1comm1) group(j1comm1) perm(0644) 
dir_perm(0755) create_dirs(yes)
         );
};

destination std { file("/log/Net/$FACILITY.log"
                  owner(root) group(root) perm(0600) dir_perm(0700) 
create_dirs(yes)
         );
};

destination xconsole { pipe("/dev/xconsole"); };

## Filters for local machine
filter f_auth { facility(auth); };
filter f_authpriv { facility(auth, authpriv); };
filter f_syslog { not facility(authpriv, mail); };
filter f_cron { facility(cron); };
filter f_daemon { facility(daemon); };
filter f_kern { facility(kern); };
filter f_lpr { facility(lpr); };
filter f_mail { facility(mail); };
filter f_user { facility(user); };
filter f_uucp { facility(cron); };
filter f_news { facility(news); };
filter f_debug { not facility(auth, authpriv, news, mail); };
filter f_messages { level(info..warn)
         and not facility(auth, authpriv, mail, news); };
filter f_emergency { level(emerg); };
filter f_info { level(info); };
filter f_notice { level(notice); };
filter f_warn { level(warn); };
filter f_crit { level(crit); };
filter f_err { level(err); };

## UDP Hosts
filter f_net_auth { facility(auth); };
filter f_net_authpriv { facility(auth, authpriv); };
filter f_net_syslog { not facility(authpriv, mail); };
filter f_net_cron { facility(cron); };
filter f_net_daemon { facility(daemon); };
filter f_net_kern { facility(kern); };
filter f_net_lpr { facility(lpr); };
filter f_net_mail { facility(mail); };
filter f_net_user { facility(user); };
filter f_net_uucp { facility(cron); };
filter f_net_news { facility(news); };
filter f_net_debug { not facility(auth, authpriv, news, mail); };
filter f_net_messages { level(info..warn)
         and not facility(auth, authpriv, mail, news); };
filter f_net_emergency { level(emerg); };
filter f_net_info { level(info); };
filter f_net_notice { level(notice); };
filter f_net_warn { level(warn); };
filter f_net_crit { level(crit); };
filter f_net_err { level(err); };

### get all cisco local7.info messages ##
filter f_local7 {
         facility(local7) and level(debug..emerg);
};

filter f_pixm {
         match("PIX");
};
filter f_misclocal7 {
         filter (f_local7) and not filter(f_pixm);
};

filter f_iss {
         match("issDaemon");
};

filter f_snmp {
         match("ucd-snmp");
};


## Local logs
log { source(src); filter(f_authpriv); destination(authlog); };
log { source(src); filter(f_syslog); destination(syslog); };
log { source(src); filter(f_cron); destination(cron); };
log { source(src); filter(f_daemon); destination(daemon); };
log { source(src); filter(f_kern); destination(kern); };
log { source(src); filter(f_lpr); destination(lpr); };
log { source(src); filter(f_mail); destination(mail); };
log { source(src); filter(f_user); destination(user); };
log { source(src); filter(f_uucp); destination(uucp); };
log { source(src); filter(f_mail); filter(f_info); destination(mailinfo); };
log { source(src); filter(f_mail); filter(f_warn); destination(mailwarn); };
log { source(src); filter(f_mail); filter(f_err); destination(mailerr); };
log { source(src); filter(f_news); filter(f_crit); destination(newscrit); };
log { source(src); filter(f_news); filter(f_err); destination(newserr); };
log { source(src); filter(f_news); filter(f_notice); 
destination(newsnotice); };
log { source(src); filter(f_debug); destination(debug); };
log { source(src); filter(f_messages); destination(messages); };
log { source(src); filter(f_emergency); destination(console); };
log { source(src); destination(console_all); };

## Custom Logs
log { source(net); filter(f_pixm); destination(pix); };
log { source(net); filter(f_misclocal7); destination(local7); };
log { source(net); filter(f_iss); destination(iss); };
log { source(net); filter(f_snmp); destination(snmp); };

## CatchAll Net log
log { source(net); filter(f_net_authpriv); destination(std); };
log { source(net); filter(f_net_syslog); destination(std); };
log { source(net); filter(f_net_cron); destination(std); };
log { source(net); filter(f_net_daemon); destination(std); };
log { source(net); filter(f_net_kern); destination(std); };
log { source(net); filter(f_net_lpr); destination(std); };
log { source(net); filter(f_net_mail); destination(std); };
log { source(net); filter(f_net_user); destination(std); };
log { source(net); filter(f_net_uucp); destination(std); };
log { source(net); filter(f_net_mail); filter(f_net_info); 
destination(std); };
log { source(net); filter(f_net_mail); filter(f_net_warn); 
destination(std); };
log { source(net); filter(f_net_mail); filter(f_net_err); 
destination(std); };
log { source(net); filter(f_net_news); filter(f_net_crit); 
destination(std); };
log { source(net); filter(f_net_news); filter(f_net_err); 
destination(std); };
log { source(net); filter(f_net_news); filter(f_net_notice); 
destination(std); };
log { source(net); filter(f_net_debug); destination(std); };
log { source(net); filter(f_net_messages); destination(std); };
log { source(net); filter(f_net_emergency); destination(std); };
log { source(net); destination(console_all); };

## EOF