[syslog-ng] file issues

Brian Loe knobdy at gmail.com
Mon Sep 25 20:57:54 CEST 2006 

I'm running into all kinds of problems running syslog-ng. It won't
create the files in subdirectories like I want, it won't feed the
named pipes I want...  The following is my configuration (and I'm
running sec against the pipes - since I need a reader before I start
the writer on AIX):

# cat /etc/syslog-ng/syslog-ng.conf
options {
         sync (0);
         chain_hostnames (no);
         use_dns (no);
         use_fqdn (no);
         create_dirs (yes);
         keep_hostname (yes);
         dir_owner(syslog);
         dir_group(syslog);
         dir_perm(0660);
         owner(syslog);
         group(syslog);
         perm(0660);
       };

source s_cron { unix-dgram("/dev/cron"); internal(); };
source s_snmp { unix-dgram("/dev/snmp"); internal(); };
source s_sys { unix-dgram("/dev/log"); internal(); };
source s_udp { udp(ip("0.0.0.0") port(514)); };
source s_udp_s { udp(ip("0.0.0.0") port(601)); };
source s_tcp { tcp(ip("0.0.0.0") port(601)); };
source s_tcp1 { tcp(ip("0.0.0.0") port(1026)); };
source s_tcp2 { tcp(ip("0.0.0.0") port(5140)); };

destination d_cons { file("/data/logs/console" perm(0660)); };
destination d_mesg { file("/data/logs/syslog.log" perm(0660)); };
destination d_mail { file("/data/logs/mail.log" perm(0660)); };
destination d_mlrt { usertty("root"); };
destination d_mlal { usertty("*"); };

destination allmessages {
file("/data/logs/$YEAR$MONTH$DAY.allmessages.log" owner(syslog)
group(syslog) perm(0660)); };
destination netmessages {
file("/data/logs/$YEAR$MONTH$DAY.netmessages.log" owner(syslog)
group(syslog) perm(0660)); };
destination d_vpn { file("/data/logs/vpn/$YEAR$MONTH$DAY.vpn.log"
owner(syslog) group(syslog) perm(0660)); };
destination d_switch {
file("/data/logs/switch/$YEAR$MONTH$DAY.switch.log" owner(syslog)
group(syslog) perm(0660)); };
destination d_router {
file("/data/logs/router/$YEAR$MONTH$DAY.router.log" owner(syslog)
group(syslog) perm(0660)); };
destination d_pixen { file("/data/logs/pixen/$YEAR$MONTH$DAY.pixen.log"
owner(syslog) group(syslog) perm(0660)); };
destination d_ids { file("/data/logs/ids/$YEAR$MONTH$DAY.ids.log"
owner(syslog) group(syslog) perm(0660)); };

destination vpn_pipe { pipe("/data/pipes/vpn_pipe"); };
# destination net_pipe { pipe("/data/pipes/net_pipe"); };
destination fire_pipe { pipe("/data/pipes/fire_pipe"); };

filter f_filter1   { facility(mail) and level(debug); };
filter f_filter2   { (facility(mail) and level(debug)) or level(info);
};
filter f_filter3   { level(alert); };
filter f_filter4   { level(emerg); };
filter f_fl2r16   { netmask(1.1.253.5/255.255.255.255); };
filter f_fl2r17   { netmask(1.1.253.6/255.255.255.255); };
filter f_fl2f12   { netmask(1.1.253.2/255.255.255.255); };
filter f_fl2f1   { netmask(1.1.253.2/255.255.255.255); };
filter f_fl2f2   { netmask(1.1.62.10/255.255.255.255); };
filter f_fl2f11   { netmask(1.1.193.10/255.255.255.255); };
filter f_fl1f1   { netmask(1.1.253.212/255.255.255.255); };

log { source(s_sys); filter(f_filter1); destination(d_mail); };
log { source(s_sys); filter(f_filter2); destination(d_mesg); };
log { source(s_sys); filter(f_filter3); destination(d_cons);
destination(d_mlrt); };
log { source(s_sys); filter(f_filter4); destination(d_mlal); };
# log { source(s_sys); source(s_cron); source(s_snmp); destination
(allmessages); };
log { source(s_sys); source(s_cron); destination (allmessages); };

log { source(s_udp); source (s_udp_s); source (s_tcp); source (s_tcp1);
source (s_tcp2); destination(netmessages); };

# log { source(s_udp); source (s_udp_s); source (s_tcp); source
(s_tcp1); source (s_tcp2); destination(net_pipe); };

log { source(s_udp); filter(f_fl2r16); filter(f_fl2r17);
filter(f_fl2f12); destination(vpn_pipe); };

log { source(s_udp); filter(f_fl2r16); filter(f_fl2r17);
filter(f_fl2f12); destination(d_vpn); };

log { source(s_udp); filter(f_fl2f1); filter(f_fl2f2); filter(f_fl2f11);
filter(f_fl2f12); filter(f_fl1f1); destination(fire_pipe); };

log { source(s_udp); filter(f_fl2f1); filter(f_fl2f2); filter(f_fl2f11);
filter(f_fl2f12); filter(f_fl1f1); destination(d_pixen); };

The command I'm running (and I'm TRYING to run it from inittab):
syslog-ng:23456789:respawn:/usr/local/sbin/syslog-ng -f
/etc/syslog-ng/syslog-ng.conf -u syslog -g <me> -p /etc/syslog-ng.pid

More information about the syslog-ng mailing list