[syslog-ng] Error parsing conf file?

Zb Indelak zb.indelak at telus.com
Thu Jun 23 22:42:20 CEST 2005


I have been running syslog-ng 1.6.5 on a bunch of my systems for a while, however since I'm centralizing the logs from multiple time zones, I decided to upgrade to version 1.9.4 so that I could use the rcvd_time_zone () option.  After installing version 1.9.4 I can no longer read the syslog-ng.conf
file that worked fine with version 1.6.5.

Version 1.9.4 gives the error "syntax error at 23"
Version 1.9.4+20050623 gives the error "syntax error at 19"

The following is my configuration file.  What gives?

---syslog-ng.conf---
# syslog-ng configuration file.
#
# This should behave pretty much like the original syslog on RedHat. But
# it could be configured a lot smarter.
#
# See syslog-ng(8) and syslog-ng.conf(5) for more information.
#
# 20000925 gb at sysfive.com
#
# Updated by Frank Crawford (<Frank.Crawford at ac3.com.au>) - 10 Aug 2002
#       - for Red Hat 7.3
#       - totally do away with klogd
#       - add message "kernel:" as is done with klogd.
#
# Updated by Frank Crawford (<Frank.Crawford at ac3.com.au>) - 22 Aug 2002
#       - use the log_prefix option as per Balazs Scheidler's email
#

options { sync (0);
          time_reopen (10);
          log_fifo_size (1000);
#          long_hostnames (off);
          use_dns (no);
          use_fqdn (no);
          create_dirs (no);
          dir_perm (0755);
          perm(0644);
          chain_hostnames(no);
          keep_hostname (yes);
          time_reap (1);
        };

source remote {
        udp(ip(0.0.0.0) port(514));
        tcp(ip(0.0.0.0) port(514));
};

source local {
        pipe ("/proc/kmsg" log_prefix("kernel: "));
        unix-stream ("/dev/log");
        internal();
};

destination d_cons { file("/dev/console"); };
destination d_mesg { file("/var/log/messages"); };
destination d_auth { file("/var/log/secure"); };
destination d_mail { file("/var/log/maillog"); };
destination d_spol { file("/var/log/spooler"); };
destination d_boot { file("/var/log/boot.log"); };
destination d_cron { file("/var/log/cron"); };
destination d_mlal { usertty("*"); };
# SDW Inbox destinations start here
destination d_pix { tcp("154.11.193.14" port(514)); };
destination d_ios { file("/var/nsm/inbox/router/cisco/ios/12.0/syslog/ios-$MONTH$DAY$HOUR$MIN"); };
destination d_snort { file("/var/nsm/inbox/nids/snort.org/snort/1.9/syslog/snort-$MONTH$DAY$HOUR$MIN"); };
destination d_netscreen { file("/var/nsm/inbox/fw/netscreen/netscreen/syslog/netscreen-$MONTH$DAY$HOUR$MIN"); };
destination d_neoteris { file("/var/nsm/inbox/fw/netscreen/neoteris/3.2/syslog/neoteris-$MONTH$DAY$HOUR$MIN"); };
destination d_solaris { file("/var/nsm/inbox/oslog/sun/solaris/7/syslog/solaris-$MONTH$DAY$HOUR$MIN"); };
destination d_gnu { file("/var/nsm/inbox/oslog/gnu/tools/syslog/gnu-$MONTH$DAY$HOUR$MIN"); };
destination d_tripwire { file("/var/nsm/inbox/hids/tripwire/tripwire_for_servers/3/syslog/tripwire-$MONTH$DAY$HOUR$MIN"); };
destination d_sidewinder { file("/var/nsm/inbox/fw/secure_computing/sidewinder/g2/syslog/sidewinder-$MONTH$DAY$HOUR$MIN"); };
destination d_dragon { file("/var/nsm/inbox/nids/enterasys/dragon/6.0/syslog/dragon-$MONTH$DAY$HOUR$MIN"); };
destination d_test { file("/var/log/test"); };

filter f_filter1     { facility(kern); };
filter f_filter2     { level(info) and
                     not (facility(mail) or
                     facility(authpriv) or
                     facility(cron)); };
filter f_filter3     { facility(authpriv); };
filter f_filter4     { facility(mail); };
filter f_filter5     { level(emerg); };
filter f_filter6     { facility(uucp) or
                     (facility(news) and level(crit)); };
filter f_filter7     { facility(local7); };
filter f_filter8     { facility(cron); };
# Filters for NSM supported products start here
filter f_pix         { match(PIX); };
filter f_tripwire    { match(tripwire); };
filter f_snort       { program(snort); };
filter f_netscreen   { match(NetScreen); };
filter f_neoteris    { match(Neoteris); };
# IOS filter is IP address/hostname based, customize for your network
#filter f_ios        { host("192\.168\.101\.1"); };
# Solaris  filter is IP address/hostname based, customize for your network
#filter f_solaris     { host("192\.168\.101\.2"); };
# GNU filter is IP address/hostname based, customize for your network
#filter f_gnu         { host("192\.168\.101\.3"); };
# Sidewinder filter is IP address/hostname based, customize for your network
#filter f_sidewinder  { host("192\.168\.101\.4"); };
# Dragon filter is IP address/hostname based, customize for your network
#filter f_dragon             { host("192\.168\.101\.5"); };
# Pix configuration grep command filter being logged by daily cron job
filter f_pix-config     { match(pix-config); };

#log { source(s_sys); filter(f_filter1); destination(d_cons); };
log { source(local); filter(f_filter2); destination(d_mesg); };
log { source(local); filter(f_filter3); destination(d_auth); };
log { source(local); filter(f_filter4); destination(d_mail); };
log { source(local); filter(f_filter5); destination(d_mlal); };
log { source(local); filter(f_filter6); destination(d_spol); };
log { source(local); filter(f_filter7); destination(d_boot); };
log { source(local); filter(f_filter8); destination(d_cron); };
# Log NSM supported devices to the correct inbox
log { source(remote); filter(f_pix); destination(d_pix); };
#log { source(remote); filter(f_ios); destination(d_ios); };
log { source(remote); filter(f_snort); destination(d_snort); };
log { source(remote); filter(f_netscreen); destination(d_netscreen); };
log { source(remote); filter(f_neoteris); destination(d_neoteris); };
#log { source(remote); filter(f_solaris); destination(d_solaris); };
#log { source(remote); filter(f_gnu); destination(d_gnu); };
log { source(remote); filter(f_tripwire); destination(d_tripwire); };
#log { source(remote); filter(f_sidewinder); destination(d_sidewinder); };
#log { source(remote); filter(f_dragon); destination(d_dragon); };
log { source(local); filter(f_pix-config); destination(d_pix); };
---end syslog-ng.conf---


More information about the syslog-ng mailing list