[syslog-ng] Send a specific log by email

Reaky Rok reakyrok at hotmail.com
Thu Jul 2 10:13:19 CEST 2009 

Dear I still have a problem, the following is my configuration file that realated with remote IP's

======================================================================================
======================================================================================

# Remote logging
source s_remote {
        tcp(ip(0.0.0.0) port(514));
        udp(ip(0.0.0.0) port(514));
};

destination d_separatedbyhosts {
        file("/var/log/syslog-ng/servers/$HOST/$FACILITY.log" owner("root") group("root") perm(0640) dir_perm(0750) create_dirs(yes));
};

log { source(s_remote); destination(d_separatedbyhosts); };

#==============================================================
#Filtration for SME Alerts
source s_remote { 
       tcp(ip(163.121.189.131) port(514));
        udp(ip(163.121.189.131) port(514));
};

destination syslogmail { program("/usr/local/bin/syslog-mail-perl"); };
log { source(r_remote); destination(syslogmail); };

#======================================================================================
#======================================================================================
The first part is the original for all remote IP's and It's working good
The second is the part of the IP that I want to filter 
When I restart It gave m ethe following error

WARNING: file source: default value of follow_freq in file sources is changing in 3.0 to '1' for all files except /proc/kmsg;
Error in configuration, unresolved source reference; source='r_remote'

Could u please help me in that
Thanks


> Date: Wed, 1 Jul 2009 15:41:59 +0200
> From: Siem.Korteweg at qnh.nl
> To: syslog-ng at lists.balabit.hu
> Subject: RE: [syslog-ng] Send a specific log by email
> 
> I guess that removing the filter statement (and restarting syslog-ng) is sufficient.
> 
> regards,
> 
> Siem Korteweg
> 
> 
> -----Oorspronkelijk bericht-----
> Van: syslog-ng-bounces at lists.balabit.hu namens Reaky Rok
> Verzonden: wo 1-7-2009 15:27
> Aan: syslog-ng at lists.balabit.hu
> Onderwerp: Re: [syslog-ng] Send a specific log by email
> 
> 
> But I think as per the example the syslog will just send the log if it match specific string like ( attackalert ) in the example, But I want it send all new logs from this IP when comming without matching a specific string or word, Can you help in this ?

_________________________________________________________________
Show them the way! Add maps and directions to your party invites. 
http://www.microsoft.com/windows/windowslive/products/events.aspx
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20090702/7cbd8c08/attachment.htm

More information about the syslog-ng mailing list