[syslog-ng] syslog-ng won't log to syslog server
Geller, Sandor (IT)
Sandor.Geller at morganstanley.com
Thu Sep 11 10:16:39 CEST 2008
Hi,
> I have install syslog-ng on my remote server. I need to
> centralized my pflog (firewall log) and snort alert to the
> syslog server. For your info i have successfully log all log
> except the pflog and snort alert. I have define the snort
> alert as local0.info and pflog as local1.info. Can you all
> give me the sample of configuration?
>
> I have tcpdump for and grep the local1.info and local0.info
> and its show on console. I'm confuse why the system not write
> to destination that i specify.
>
> Below is some configuration that i do on syslog-ng.conf (destination):
> destination local0 { file("/var/log/remote/local0.log"); };
> destination local1 { file("/var/log/remote/local1.log"); };
Do you have log sections which actually use the destinations above?
Filters, etc.? Without seeing the complete config there is no way to
correct your config.
Check whether you have something like the following in your config:
filter f_snort {
facility(local0) and severity(info);
};
filter f_pflog {
facility(local1) and severity(info);
};
...
log {
source(s_something);
filter(f_snort);
destination(d_local0);
};
log {
source(s_something);
filter(f_pflog);
destination(d_local1);
};
Of course there are many ways to achieve this logging. Refer to
the reference guide and check the sample configs included in the
source tarball, this might help you understanding how syslog-ng
works.
Regards,
Sandor
--------------------------------------------------------
NOTICE: If received in error, please destroy and notify sender. Sender does not intend to waive confidentiality or privilege. Use of this email is prohibited when received in error.
More information about the syslog-ng
mailing list