[syslog-ng] problems doing host based logging with local facility
Daniel I. Didier
ddidier at netsecureia.com
Tue Sep 30 03:42:40 CEST 2008
Hello,
I've been working on setting up a syslog to do some event per second calculations. I'm trying to log all information from a host such as AIX or Linux to a single file. I can do this with the 'host' option but I am having problems combining this with the local facility option. I've been working with various iterations but here are the major components:
options {
sync(0);
time_reopen(10);
log_fifo_size(1000);
long_hostnames(off);
use_dns(no);
use_fqdn(no);
create_dirs(yes);
keep_hostname(yes);
owner(root);
};
source s_sys {
file ("/proc/kmsg" log_prefix("kernel: "));
unix-stream ("/dev/log");
internal();
udp(ip(0.0.0.0) port(514));
};
source s_net { udp(); };
And here is an example of the log definitions:
destination sw-089 { file("/var/log/sw-089.log"); };
destination adm1r2 { file("/var/log/adm1r2.log"); };
filter f_adm1r2 { host("172.16.148.60"); };
filter f_sw-089 { facility(local4); };
log { source(s_sys); filter(f_sw-089); destination(sw-089); };
log { source(s_net); filter(f_adm1r2); destination (adm1r2); };
The facility locals seem to be working at all times, but the host does not... any ideas or suggestions?
Thanks,
Dan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20080929/54817047/attachment.htm
More information about the syslog-ng
mailing list