[syslog-ng] rsyslog to syslog-ng

Fegan, Joe Joe.Fegan at hp.com
Thu May 22 17:32:31 CEST 2008


Hi Robert,

Can you send examples of exactly what rsyslog is sending to syslog-ng?
Then we might be able to tell you why syslog-ng is having difficulty
interpreting it.

Joe.

-----Original Message-----
From: syslog-ng-bounces at lists.balabit.hu [mailto:syslog-ng-bounces at lists.balabit.hu] On Behalf Of Robert Shaw
Sent: 22 May 2008 06:55
To: syslog-ng at lists.balabit.hu
Subject: [syslog-ng] rsyslog to syslog-ng

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,

I'm having a problem with logs from rsyslog to syslog-ng can't detect
facility so I can't separate applications, this is important, mostly
because we have 2 instances of postgres that need to be in separate
logfiles.

So instead of having pgsql0 and pgsql1 files created its all dumped into
syslog, so we can't differentiate between the two postgres instances.

The syslog-ng instance is our central logging host, and the reason we
are using rsyslog is because one of our specific applications needs it.

I hope these config files help, I really need to get this sorted, if
anyone could help it would be great

rsyslog.conf

# PostgreSQL logging stuff
local0.* @loghost;RSYSLOG_TraditionalFileFormat
local1.* @loghost;RSYSLOG_TraditionalFileFormat


syslog-ng.conf
options
{
chain_hostnames(no);
create_dirs (yes);
dir_perm(0755);
keep_hostname(yes);
log_fifo_size(1024);
perm(0644);
sync(0);
time_reopen (10);
use_dns(yes);
use_fqdn(yes);
sync(0);
};


# Local logging and getting logs from remote via UDP
source net
{
udp();
tcp(port(5140) keep-alive(yes));
};

destination net_log {
file("/var/log/hosts/${HOST}/${YEAR}/${MONTH}/${DAY}/syslog"); };
destination pgnet_log0 {
file("/var/log/hosts/${HOST}/${YEAR}/${MONTH}/${DAY}/pgsql0"); };
destination pgnet_log1 {
file("/var/log/hosts/${HOST}/${YEAR}/${MONTH}/${DAY}/pgsql1"); };

filter f_pgsql0 { facility(local0); };
filter f_pgsql1 { facility(local1); };

log { source(net); filter(f_pgsql0); destination(pgnet_log0); };
log { source(net); filter(f_pgsql1); destination(pgnet_log1); };

log { source(net); destination(net_log); };


Cheers,
Rob Shaw
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQEVAwUBSDUKu3LIVYILPVW0AQL9JAf9E28U7AQK25o9FwAd4xVb11GObxuZkusu
q/IwL/+92LDB97PQ1fB9fdLUmP7MABYk+N6+kohrCJtWM+TpY5OoUBt0kE6PMBI7
Nj5GVi/IlkRMCTHrVlsNdfcciQeY2+WPlJAtFJJbwIA+kzj0O/keG6lSpFcfZ0BN
Eg536qlaOLVHQIUq7N8NzjZTkLr2FkAxEMVfOKpOryDjuTcnyrdmZ5iqx7n+nY4y
VPtQW1mNwTs9BRf80g/Vx+DzNdoK0MbXKTogkMSNBoNSia8tvatA7CW+45TO3ucG
gwo4KtRlS5BgRS++cMgmFwkDSPiI4cNYDGrAMWwch8o2yqSyIXf8Cw==
=Tfas
-----END PGP SIGNATURE-----
______________________________________________________________________________
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
FAQ: http://www.campin.net/syslog-ng/faq.html



More information about the syslog-ng mailing list