[syslog-ng] syslog-ng and "program" function(was:RE:Troublewithlogging to mysql)

Geller, Sandor (IT) Sandor.Geller at morganstanley.com
Fri Sep 19 15:22:45 CEST 2008


Hi,

> > 2. a capture of the network traffic which proves that the logs
> >  arrive to your host
> Network traffic is definetly arriving at my host, because *this*
> works:
>
> ##############################################################
> source net {
>         udp(ip("0.0.0.0") port(514));
> };
> destination netlog {
>         file("/var/log/netlog/net.log"
>         template( "[$YEAR/$MONTH/$DAY $HOUR:$MIN:$SEC] '$HOST'
> '$PRIORITY' $MESSAGE\n"));
> };
> log { source(net); destination(netlog); };
> ##############################################################
>
> The file /var/log/netlog/net.log is written and has the following
> content:
>
> [2008/09/18 16:24:44] '192.168.xx.xx' 'info' %ASA-6-302013: Built
> outbound TCP connection 1296007 for proxy
> :192.168.xx.xx/8080 (192.168.xx.xx/8080) to inside:192.168.xx.xx/39564
> (192.168.xx.xx.1/39564)
> [2008/09/18 16:24:44] '192.168.xx.xx' 'info' %ASA-6-302014:
> Teardown TCP
> connection 1296007 for proxy:192.1
> 68.xxx.xxx/8080 to inside:192.168.xxx.xxx/39564 duration 0:00:00 bytes
> 1343 TCP FINs
> etc.

OK, so syslog-ng gets the log from the network. Your config seems
valid to me, so I fear I can't help you further :(

You could try to start syslog-ng in verbose mode to see whether it
complains about the destination.

Regards,

Sandor
--------------------------------------------------------

NOTICE: If received in error, please destroy and notify sender. Sender does not intend to waive confidentiality or privilege. Use of this email is prohibited when received in error.


More information about the syslog-ng mailing list