[syslog-ng] What is my incoming data
David Anderson
dma at pern.co.uk
Sat Dec 24 21:32:16 CET 2005
Hi,
I am trying to set up syslog-ng to process data from my router on
port 514, but I don't know the format of the data to be able to
build filters.
Is there any way to collect all data on 514 to a file?
My current filters, etc are:
#
# the draytek router
#
filter f_draytek { host("router") and not match("Local User") and not match("virtual\Server"); };
filter f_draytek_DSL_1 { host("router") and match("DSL"); };
filter f_draytek_DSL_2 { host("router") and match("ADSL_Status"); };
filter f_draytek_PPP { host("router") and match("PoE"); };
destination draytek { file("/var/log/draytek/draytek.log"); };
destination draytek_null { file("/dev/null"); };
destination draytek_dsl { file("/var/log/draytek/draytek_dsl.log"); };
destination draytek_ppp { file("/var/log/draytek/draytek_ppp.log"); };
log { source(src); filter(f_draytek); destination(draytek); };
log { source(src); filter(f_draytek_DSL_1); destination(draytek_dsl); };
log { source(src); filter(f_draytek_DSL_2); destination(draytek_dsl); };
log { source(src); filter(f_draytek_PPP); destination(draytek_ppp); };
The log files have no info, so I presume there is something wrong
somewhere (the conf is from someone who had everything working
(apart from the /dev/null). It would presumably be easier if I could
see the raw data.
Originally the 514 data was being blocked by the firewall, but that
is now cleared.
Any help would be appreciated.
--
Best regards,
David mailto:dma at pern.co.uk
More information about the syslog-ng
mailing list