[syslog-ng] help for windows logging
Roberto Nibali
ratz at drugphish.ch
Thu Jun 23 08:21:41 CEST 2005
Hi,
> I'm trying to configure syslog-ng to log windows client, i downloaded and
> installed snare agent and I added the following to the conf file:
you mentioned that you added the following below, how does the whole
config file look like?
> filter windows {
> program(MSWinEventLog);
> };
> destination windows {
> file("/var/log/archive/windows/$R_YEAR/$R_MONTH/$R_YEAR-$R_MONTH-$R_DAY"
> template("$ISODATE <$FACILITY.$PRIORITY> $HOST $MSG\n")
> template_escape(no)
> );
> };
> log {
> source(local); filter(windows); destination(windows);
> flags(final);
> };
May I suggest that you maybe think about your naming convention? It
could prove helpful prefixing filters with "f_", destinations with "d_"
and sources with "s_" to omit naming confusions (there should not be a
name space collision though).
> when i type syslog-ng -f /etc/syslog-nf.conf
> i get this error message:
>
> # syslog-ng -f /etc/syslog-ng.conf
> unresolved reference: local
Do you have a local source entry in your config file somewhere? For
example something along the lines of:
source local {
internal();
unix-stream("/dev/log");
file("/proc/kmsg");
};
HTH,
Roberto Nibali, ratz
--
echo '[q]sa[ln0=aln256%Pln256/snlbx]sb3135071790101768542287578439snlbxq'|dc
More information about the syslog-ng
mailing list