[syslog-ng]Eventog to syslog
syslog-ng@lists.balabit.hu
syslog-ng@lists.balabit.hu
Mon, 10 May 2004 11:06:13 +0100
On Mon, May 10, 2004 at 09:30:35AM +1000, Philip Webster wrote:
> Tom,
>
> Edwards, Thomas wrote:
> >Has anyone ever used the Eventlog to syslog program found here.
> >
> >https://engineering.purdue.edu/ECN/Resources/Documents/UNIX/evtsys
>
> I'm using this as the preferred choice for receiving logs from Windows
> boxen.
>
> >I was trying to decipher their input as to how to word the filters and
> >am coming up short other than putting a direct match for the host name I
> >am using.
> >
> >Any help would be greatly appreciated.
>
> I don't use a filter, but use a destination along the lines of ...
>
> file("/path/to/logs/$HOST/$YEAR-$MONTH-$DAY"
Sorry to interrupt but:
I actually wanted this exact organisation system (/path/to/logs/$HOST) but I decided against it because of what I read in the syslog-ng FAQ. Is this information out of date?.
[OT] It's all irrelevant now anyway because I managed to break syslog-ng, it now no longer logs anything, or gives any errors :S
mark
www.darklogik.org
> template("$FULLDATE $FULLHOST $FACILITY.$PRIORITY $MSG\n")
> owner(root) group(root) perm(0600) dir_perm(0700) create_dirs(yes));
>
> ... which means that logs for each host go into a separate directory, and
> that they are 'rotated' on a daily basis. This may not suit your needs,
> but works well for me.
>
> Cheers
> Phil
>
> _______________________________________________
> syslog-ng maillist - syslog-ng@lists.balabit.hu
> https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
>