[syslog-ng] hi all.Why $HOST variable valued "250" , "250-localhost^M" ?
Jim Hendrick
jrhendri at maine.rr.com
Tue Dec 1 13:19:38 CET 2009
This is due to log sources (programs generating the events) using the text "fields" in their messages for different things (which syslog-ng can only interpret as the host.
Try $HOST_FROM instead (this results in the name or address of the system from which your syslog-ng box received the messages.
NOTE: this will not preserve the original source (so if you forward through one log server, the second would see the HOST_FROM as the first, not the actual source)
Jim
-----Original Message-----
From: syslog-ng-bounces at lists.balabit.hu [mailto:syslog-ng-bounces at lists.balabit.hu] On Behalf Of [????]???
Sent: Tuesday, December 01, 2009 2:51 AM
To: syslog-ng at lists.balabit.hu
Subject: [syslog-ng] hi all.Why $HOST variable valued "250" ,"250-localhost^M" ?
Hi.all
I configured syslog-ng (3)(CentOS 5) to collect logs sent by 1xx syslog
servers.(freebsd6).I got two strange dirs:
"250" and "250-localhost^M"
my syslog-ng.conf :
==============================================
source s_udp {
udp(ip(172.16.18.10) port(514) );
};
destination d_udp_data{
file
("/data3/syslogng/logcollect/$YEAR-$MONTH-$DAY/$HOST/$FACILITY/$PROGRAM.log"
create_dirs(yes)
template("\n$YEAR-$MONTH-$DAY $HOUR:$MIN:$SEC $SOURCEIP $PROGRAM $MSG")
);
};
=================================================
my syslog.conf
!webface.login
*.info /var/log/mail/webface/webface-login.log
*.* @172.16.18.10
=======================================
root at localhost 2009-12-01]# pwd
/data3/syslogng/logcollect/2009-12-01
[root at localhost 2009-12-01]# ls
...............
10.55.2.35 10.55.2.46 10.55.2.57 10.55.2.68 10.55.2.79 10.55.2.90
250 250-localhost^M
[root at localhost 2009-12-01]# ls -R 250
250:
user
250/user:
2.1.0.log
[root at localhost 2009-12-01]# more 250/user/2.1.0.log
2009-12-01 13:46:12 10.55.2.11 2.1.0 Ok^M
2009-12-01 13:46:27 10.55.2.11 2.1.0 Ok^M
........
[root at localhost 2009-12-01]# ls -R 250-localhost^M/
250-localhost^M/:
user
250-localhost^M/user:
250-SIZE^M.log
[root at localhost 2009-12-01]# more 250-localhost^M/user/250-SIZE^M.log
2009-12-01 14:07:44 10.55.2.128 250-SIZE^M 250-8BITMIME^M 250
ENHANCEDSTATUSCODES^M
--
祝:
身体安康,万事如意!
________________________________________________________________
Mr. Hunter - 韩友洪 焱龙企鹅 youhong at staff.sina.com.cn
新浪 - 产品事业部 -邮箱
MSN:hf_linux at msn.com
电话:5392
手机:15001328768
地址:北京市海淀区北四环西路58号理想国际大厦18层
________________________________________________________________
http://www.sina.com.cn You're the One
新浪.北京 一切由你开始
______________________________________________________________________________
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
FAQ: http://www.campin.net/syslog-ng/faq.html
More information about the syslog-ng
mailing list