[syslog-ng]Logserver doesn't receving remote logs
Viper sec
syslog-ng@lists.balabit.hu
Fri, 25 Feb 2005 10:47:45 -0300
Hey ,
I have a central logserver with syslog-ng installed and configured
(see above syslog-ng.conf), some clients (in conf just remotehost5)
send (514/udp) their logs to this logserver; but logserver isn't
receiving these logs. When I try to use local system logs, it's ok,
create the log files, but with remote host doesn't.
I have created /var/log/HOSTS/{nameserver}, and clients, that use
syslog has in syslog.conf *.warning @logserver (/etc/hosts is
ok).
remotehost5 is pinging logserver.
Anybody has any ideia about it? (thanks too much)
logserver: linux Fedora Core 3
syslog-ng-1.6.5-6
libol-0.3.14-1
/* syslog-ng.conf
logserver = = local server
*/
options{ sync(0);
keep_hostname(no);
log_fifo_size(1000);
long_hostnames(off);
use_dns(no);
use_fqdn(no);
create_dirs(yes);
};
source s_sys{ unix-stream("/dev/log"); internal(); };
source s_udp{ udp(ip(192.168.100.100) ); }; #listenned interface on server
filter f_remotehost5sec{ host( "web5" ) and level( warning .. emerg )
and facility( authpriv ); };
filter f_logservermesg{ level(info .. emerg) and not
(facility(authpriv) and facility(mail) and facility(cron)); };
filter f_logserversec { facility(authpriv) and level(info .. emerg); };
destination d_remotehost5mesg {
file("/var/log/HOSTS/remotehost5/$YEAR-$MONTH-$DAY.secure" ); };
destination d_remotehost5sec {
file("/var/log/HOSTS/remotehost5/$YEAR-$MONTH-$DAY.secure" ); };
destination d_logservermesg {
file("/var/log/HOSTS/logserver/$YEAR-$MONTH-$DAY.message"); };
destination d_logserversec {
file("/var/log/HOSTS/logserver/$YEAR-$MONTH-$DAY.secure"); };
log { source(s_udp); filter(f_remotehost5mesg);
destination(d_remotehost5mesg); };
log { source(s_sys); filter(f_logservermesg); destination(d_logservermesg); };
log { source(s_sys); filter(f_logserversec); destination(d_logserversec); };