[syslog-ng]help required !!!! bit urgent
Nilesh Naik
syslog-ng@lists.balabit.hu
Sun, 9 May 2004 08:41:24 -0700 (PDT)
Hello Sir
i have sucessfully installed
1) syslog-ng version 1.4.17
2) swatch-3.1
on my redhat 7.2 linux server , which is our central
loghost system ,
all other server are mix of solaris 7,8,9 & redhat
linux 7.x,
The problem i am facing is i am not able to generate
real time alerts using swatch ,
Following are my configuration files ,
syslog-ng.conf
options { sync (1);
time_reopen (10);
log_fifo_size (2048);
long_hostnames (off);
use_dns (yes);
use_fqdn (yes);
create_dirs (yes);
keep_hostname (yes);
};
source net { udp(); };
destination swatch {
program("/usr/bin/swatch --read-pipe=\"cat
/dev/fd/0\"");
};
log {
source(net);
destination(swatch);
};
destination hosts {
file("/var/log/HOSTS/$HOST/$YEAR/$MONTH/$DAY/$FACILITY$YEAR$MONTH$DAY
owner(root) group(root) perm(0600) dir_perm(0700)
create_dirs(yes));
};
log {
source(net);
destination(hosts);
};
here , i am getting lots under /var/log/HOSTS
directory , but not getting logs of the loghost itself
,
my swatchrs is small and simple coz its not working at
the moment , the same is bellow
swatchrc
watchfor /error Authentication/
echo
exec echo $0 | mail /usr/bin/mail -s \"log
11alert\" user\@testdomain.com
throttle 10:00
watchfor /error Authentication/
echo
exec echo $0 | bash-mail-alert swap_space
user@testdomain.com
~
nighter of this is generating any alerts , nor any
files is getting created under /root/swatch directory
,
but when i start the syslog-ng , and then give ps -ef
| grep swatch , i can see swatch process
i guess swatch is not getting anything from
syslog-ng , no clues why ?
please help me and guide me where the problem is ,
would be really grateful to you sir
regards
Prashant
__________________________________
Do you Yahoo!?
Win a $20,000 Career Makeover at Yahoo! HotJobs
http://hotjobs.sweepstakes.yahoo.com/careermakeover