[syslog-ng]Entries being logged to /var/log/messages as wellas/var/log/HOSTS//$MONTH/$DAY/$HOS

Bill Nash syslog-ng@lists.balabit.hu
Sat, 29 Jan 2005 11:01:52 -0800 (PST) 

On Sat, 29 Jan 2005, Fred Turner wrote:

> Here is my source.. How would I go about doing that? Sorry I'm still pretty new with syslog0ng (3 hrs)...
>

No worries =)

>
>
>
> source src {
>        unix-stream("/dev/log");
>        internal();
>        udp();
>        tcp(port(5140) keep-alive(yes));
>
>

Grab the udp and tcp entries, and create a new source.

source src { unix-stream("/dev/log");
 	      internal;
 	   };
source remote_hosts { tcp(port(5140) keep-alive(yes); udp());
log { source(remotes_hosts); destination(std); }

Changing just the 'src' source, and adding the other two entries, will 
keep your existing config working as I described, local logging from your 
loghost processes to /var/log/messages where you'd expect them, and all 
your remote hosts logging to your 'dst' directory structure.

Make sense? =)

- billn

>>>> Bill Nash <billn@billn.net> 1/29/2005 1:46:15 PM >>>
>
> Syslog will log to multiple destinations if you set them. As below, you
> have multiple facilities still logging to messages.
>
> Does your 'src' source include your network ports, for receiving data from
> remote hosts? If it does, separate it to a new source and pair it with
> your 'std' destination, exclusively. This will keep your local logs
> separate from your remote logs.
>
> - billn
>
> On Sat, 29 Jan 2005, Fred Turner wrote:
>
>> Sure, it's as follows.
>>
>> destination debug { file("/var/log/debug"); };
>> destination messages { file("/var/log/messages"); };
>>
>>
>> log { source(src); filter(f_daemon); destination(messages); };
>> log { source(src); filter(f_kern); destination(messages); };
>> log { source(src); filter(f_lpr); destination(lpr); };
>> log { source(src); filter(f_mail); destination(mail); };
>> log { source(src); filter(f_user); destination(messages); };
>> log { source(src); filter(f_uucp); destination(uucp); };
>> log { source(src); filter(f_mail); destination(maillog); };
>> log { source(src); filter(f_mail); filter(f_info); destination(mailinfo); };
>> log { source(src); filter(f_mail); filter(f_warn); destination(mailwarn); };
>> log { source(src); filter(f_mail); filter(f_err); destination(mailerr); };
>> log { source(src); filter(f_news); filter(f_crit); destination(newscrit); };
>> log { source(src); filter(f_news); filter(f_err); destination(newserr); };
>> log { source(src); filter(f_news); filter(f_notice); destination(newsnotice); };
>> log { source(src); filter(f_messages); destination(messages); };
>> log { source(src); filter(f_emergency); destination(console); };
>>
>>
>>
>>
>>>>> Bill Nash <billn@billn.net> 1/29/2005 1:15:26 PM >>>
>>
>> Can you include your log directive? Chances are, that's the culprit.
>>
>> - billn
>>
>>
>> On Sat, 29 Jan 2005, Fred Turner wrote:
>>
>>> Hi, I'm new to syslog-ng and have configured it to be a loghost for many different firewall appliances. So I setup an automatic sorting entry as per the faq as follows:
>>>
>>> destination std {
>>>        file("/var/log/HOSTS/$MONTH/$DAY/$HOST-$YEAR-$MONTH-$DAY"
>>>                owner(root) group(root) perm(0600) dir_perm(0700) create_dirs(yes)
>>>        );
>>>
>>>
>>> Which works prefect The only problem is that it's also putting them in the /var/log/messages log.
>>>
>>> How Can I stop the behavior as it's creating a huge /var/log/messages log.
>>>
>>>
>>> Thanks
>>>
>>>
>>> ==================================================================
>>>
>>> NOTE: This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the sender. Please note that any views or opinions presented in this email are solely those of the author and do not necessarily represent those of BBi Enterprises Inc.
>>> Finally, the recipient should check this email and any attachments for the presence of viruses. BBi Enterprises Inc. accepts no liability for any damage caused by any virus transmitted by this email.
>>>
>>>
>>> _______________________________________________
>>> syslog-ng maillist  -  syslog-ng@lists.balabit.hu
>>> https://lists.balabit.hu/mailman/listinfo/syslog-ng
>>> Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
>>>
>>>
>> _______________________________________________
>> syslog-ng maillist  -  syslog-ng@lists.balabit.hu
>> https://lists.balabit.hu/mailman/listinfo/syslog-ng
>> Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
>>
>>
>>
>> ==================================================================
>>
>> NOTE: This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the sender. Please note that any views or opinions presented in this email are solely those of the author and do not necessarily represent those of BBi Enterprises Inc.
>> Finally, the recipient should check this email and any attachments for the presence of viruses. BBi Enterprises Inc. accepts no liability for any damage caused by any virus transmitted by this email.
>>
>>
>> _______________________________________________
>> syslog-ng maillist  -  syslog-ng@lists.balabit.hu
>> https://lists.balabit.hu/mailman/listinfo/syslog-ng
>> Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
>>
>>
> _______________________________________________
> syslog-ng maillist  -  syslog-ng@lists.balabit.hu
> https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
>
>
> ==================================================================
>
> NOTE: This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the sender. Please note that any views or opinions presented in this email are solely those of the author and do not necessarily represent those of BBi Enterprises Inc.
> Finally, the recipient should check this email and any attachments for the presence of viruses. BBi Enterprises Inc. accepts no liability for any damage caused by any virus transmitted by this email.
>
>
> _______________________________________________
> syslog-ng maillist  -  syslog-ng@lists.balabit.hu
> https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
>
>