[syslog-ng] Newbie Looking for Help

Sat May 13 01:04:26 CEST 2006

Thanks for all the help I've received so far.  Although, I'm still not able
to do what I need to do.  Right now, I just want to log one specific device
to a specific log file.  One email I received said I should use the netmask
filter option, although for some reason, my system doesn't like that option.
Here is the temp syslog-ng.conf I'm using.  I have the full backed up, I
just want to get this part working.  Syslog-ng starts, but it doesn't
actually log any thing.  I cut this down so it would be easier to work with,
although it's very possible that I cut out a required part of the log file.
As of right now, I don't care if it logs any from the local system.  I just
need to log the pix device listed. 

Thanks in advance for any help, 

Mark

#
# Configuration file for syslog-ng under Debian
#
# attempts at reproducing default syslog behavior

# the standard syslog levels are (in descending order of priority):
# emerg alert crit err warning notice info debug
# the aliases "error", "panic", and "warn" are deprecated
# the "none" priority found in the original syslogd configuration is
# only used in internal messages created by syslogd

######
# options

options {
        # disable the chained hostname format in logs
        # (default is enabled)
        chain_hostnames(0);

        # the time to wait before a died connection is re-established
        # (default is 60)
        time_reopen(10);

        # the time to wait before an idle destination file is closed
        # (default is 60)
        time_reap(360);

        # the number of lines buffered before written to file
        # you might want to increase this if your disk isn't catching with
        # all the log messages you get or if you want less disk activity
        # (say on a laptop)
        # (default is 0)
        #sync(0);

        # the number of lines fitting in the output queue
        log_fifo_size(2048);

        # enable or disable directory creation for destination files
        create_dirs(yes);

        # default owner, group, and permissions for log files
        # (defaults are 0, 0, 0600)
        owner(root);
        group(root);
        perm(0644);

        # default owner, group, and permissions for created directories
        # (defaults are 0, 0, 0700)
        dir_owner(root);
	  dir_group(root);
        dir_perm(0744);

        # enable or disable DNS usage
        # syslog-ng blocks on DNS queries, so enabling DNS may lead to
        # a Denial of Service attack
        # (default is yes)
        use_dns(no);

        # maximum length of message in bytes
        # this is only limited by the program listening on the /dev/log Unix
        # socket, glibc can handle arbitrary length log messages, but -- for
        # example -- syslogd accepts only 1024 bytes
        # (default is 2048)
        #log_msg_size(2048);
};

# sources

# all known message sources
source s_all {
        # message generated by Syslog-NG
        internal();
        # standard Linux log source (this is the default place for the
syslog()
        # function to send logs to)
        unix-stream("/dev/log");
        # messages from the kernel
        file("/proc/kmsg" log_prefix("kernel: "));
        # use the above line if you want to receive remote UDP logging
messages
        # (this is equivalent to the "-r" syslogd flag)
        udp();
};

#destinations for log files

destination corppix_d {
        file ("/var/log/network/corppix/pix.log"
        owner (root) group (root) perm (0644) dir_perm (0744));
};

#filters

filter corppix_f {
        netmask("10.10.10.2");
        facility(local4);
};

# logs

log {
        filter(corppix_f);
        destination(corppix_d);
};