[syslog-ng] syslog-ng and "program" function(was:RE:Troublewithlogging to mysql)

[Geller, Sandor (IT)]

Hi,

> > 2. a capture of the network traffic which proves that the logs
> >  arrive to your host
> Network traffic is definetly arriving at my host, because *this*
> works:
>
> ##############################################################
> source net {
>         udp(ip("0.0.0.0") port(514));
> };
> destination netlog {
>         file("/var/log/netlog/net.log"
>         template( "[$YEAR/$MONTH/$DAY $HOUR:$MIN:$SEC] '$HOST'
> '$PRIORITY' $MESSAGE\n"));
> };
> log { source(net); destination(netlog); };
> ##############################################################
>
> The file /var/log/netlog/net.log is written and has the following
> content:
>
> [2008/09/18 16:24:44] '192.168.xx.xx' 'info' %ASA-6-302013: Built
> outbound TCP connection 1296007 for proxy
> :192.168.xx.xx/8080 (192.168.xx.xx/8080) to inside:192.168.xx.xx/39564
> (192.168.xx.xx.1/39564)
> [2008/09/18 16:24:44] '192.168.xx.xx' 'info' %ASA-6-302014:
> Teardown TCP
> connection 1296007 for proxy:192.1
> 68.xxx.xxx/8080 to inside:192.168.xxx.xxx/39564 duration 0:00:00 bytes
> 1343 TCP FINs
> etc.

OK, so syslog-ng gets the log from the network. Your config seems
valid to me, so I fear I can't help you further :(

You could try to start syslog-ng in verbose mode to see whether it
complains about the destination.

Regards,

Sandor
--------------------------------------------------------

NOTICE: If received in error, please destroy and notify sender. Sender does not intend to waive confidentiality or privilege. Use of this email is prohibited when received in error.