[syslog-ng] rhost field
ken.schweiker at faa.gov
ken.schweiker at faa.gov
Tue Dec 27 20:00:00 CET 2005
I still cant get it to work.
this is the problem output again....it doesnt identify remote
source of log....
Dec 27 18:21:20 src at suselog syslog-ng[19442]: syslog-ng version 1.6.2 going
down
Dec 27 18:21:20 src at suselog syslog-ng[19532]: syslog-ng version 1.6.2
starting
Dec 27 18:21:25 src at suselog kernel: klogd 1.4.1, log source = /proc/kmsg
started.
Dec 27 18:21:36 suselog/suselog su(pam_unix)[25213]: authentication
failure; logname=syss555 uid=500 euid=0 tty=pts/10 ruser=syss555 rhost=
user=root
--below are some config settings--
suselog:/etc/sysconfig # more syslog I restart syslog via
# The name of the syslog daemon used as
# syslog service: "syslogd", "syslog-ng"
#
SYSLOG_DAEMON="syslog-ng"
suselog:/etc/syslog-ng # more syslog-ng.conf note- I do edit this file
and do not use suseconfig......
# /etc/syslog-ng/syslog-ng.conf
#
# Automatically generated by SuSEconfig on Thu Dec 15 19:31:03 EST
2005.
#
# PLEASE DO NOT EDIT THIS FILE!
#
# you can modify /etc/syslog-ng/syslog-ng.conf.in instead
#
#
# File format description can be found in syslog-ng.conf(5).
#
options { keep_hostname(no); chain_hostnames(yes); use_dns(no);
sync(0); };
#
# 'src' is our main source definition. you can add
# more sources driver definitions to it, or define
# your own sources, i.e.:
#
#source my_src { .... };
source lan_tcp { tcp(ip(127.0.0.1) port(1999) max-connections(10));
};
source lan_udp { udp(); };
source src {
#
# include internal syslog-ng messages
# note: the internal() soure is required!
#
internal();
#
# the following line will be replaced by the
# socket list generated by SuSEconfig using
# variables from /etc/sysconfig/syslog:
#
unix-dgram("/dev/log");
unix-dgram("/var/lib/ntp/dev/log");
#
# uncomment to process log messages from network:
#
#udp(ip("0.0.0.0") port(514));
};
Is there a way to dump the current log settings? or obtain them on startup
of Syslog-NG?
Balazs Scheidler
<bazsi at balabit.hu
> To
Syslog-ng users' and developers'
Sent by: mailing list
syslog-ng-bounces <syslog-ng at lists.balabit.hu>
@lists.balabit.hu cc
Subject
12/27/2005 11:20 Re: [syslog-ng] rhost field
AM
Please respond to
Syslog-ng users'
and developers'
mailing list
<syslog-ng at lists.
balabit.hu>
keep_hostname(no)
use_dns(no)
On Tue, 2005-12-27 at 09:56 -0500, ken.schweiker at faa.gov wrote:
>
>
>
> I am using syslog-ng for the first time. The initial setup is complete
and
> appears to be working ok. However in my test environment, I am logging
from
> a redhat desktop using syslog to a suse syslog-ng server. The output,
after
> I deliberately input an incorrect password on my workstation doing a
'su',
> gets reported to the syslog-ng server as .......
>
> Dec 23 17:50:12 suselog/suselog su(pam_unix)[13205]: authentication
> failure; logname=syss555 uid=500 euid=0 tty=pts/4 ruser=syss555 rhost=
> user=root
>
> How do I get it to display in the log the host(IP) the message came from?
--
Bazsi
_______________________________________________
syslog-ng maillist - syslog-ng at lists.balabit.hu
https://lists.balabit.hu/mailman/listinfo/syslog-ng
Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
More information about the syslog-ng
mailing list