[syslog-ng] problems doing host based logging with local facility

Daniel I. Didier ddidier at netsecureia.com
Tue Sep 30 03:42:40 CEST 2008


Hello,
I've been working on setting up a syslog to do some event per second calculations.  I'm trying to log all information from a host such as AIX or Linux to a single file.  I can do this with the 'host' option but I am having problems combining this with the local facility option.  I've been working with various iterations but here are the major components:
 
options {
sync(0);
time_reopen(10);
log_fifo_size(1000);
long_hostnames(off);
use_dns(no);
use_fqdn(no);
create_dirs(yes);
keep_hostname(yes);
owner(root);

};

source s_sys {
 file ("/proc/kmsg" log_prefix("kernel: "));
unix-stream ("/dev/log");
internal();
udp(ip(0.0.0.0) port(514));
};

source s_net { udp(); };

And here is an example of the log definitions:

destination sw-089 { file("/var/log/sw-089.log"); };
destination adm1r2 { file("/var/log/adm1r2.log"); };

filter f_adm1r2 { host("172.16.148.60"); };
filter f_sw-089 { facility(local4); };

log { source(s_sys); filter(f_sw-089); destination(sw-089); };
log { source(s_net); filter(f_adm1r2); destination (adm1r2); };

The facility locals seem to be working at all times, but the host does not... any ideas or suggestions?

 

Thanks,
Dan


-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20080929/54817047/attachment.htm 


More information about the syslog-ng mailing list