[syslog-ng] Send a specific log by email

Siem Korteweg Siem.Korteweg at qnh.nl
Thu Jul 2 10:19:40 CEST 2009 

Correct the name of the source in the log-statement. You defined source
s_remote and used r_remote in the log definition. 

regards,

Siem Korteweg

-----Oorspronkelijk bericht-----
Van: syslog-ng-bounces at lists.balabit.hu namens Reaky Rok
Verzonden: do 2-7-2009 10:13
Aan: syslog-ng at lists.balabit.hu
Onderwerp: Re: [syslog-ng] Send a specific log by email
 

Dear I still have a problem, the following is my configuration file that
realated with remote IP's

=============================================================================
=========
=============================================================================
=========

# Remote logging
source s_remote {
        tcp(ip(0.0.0.0) port(514));
        udp(ip(0.0.0.0) port(514));
};

destination d_separatedbyhosts {
        file("/var/log/syslog-ng/servers/$HOST/$FACILITY.log" owner("root")
group("root") perm(0640) dir_perm(0750) create_dirs(yes));
};

log { source(s_remote); destination(d_separatedbyhosts); };

#==============================================================
#Filtration for SME Alerts
source s_remote { 
       tcp(ip(163.121.189.131) port(514));
        udp(ip(163.121.189.131) port(514));
};

destination syslogmail { program("/usr/local/bin/syslog-mail-perl"); };
log { source(r_remote); destination(syslogmail); };

#============================================================================
==========
#============================================================================
==========
The first part is the original for all remote IP's and It's working good
The second is the part of the IP that I want to filter 
When I restart It gave m ethe following error

WARNING: file source: default value of follow_freq in file sources is
changing in 3.0 to '1' for all files except /proc/kmsg;
Error in configuration, unresolved source reference; source='r_remote'

Could u please help me in that
Thanks


> Date: Wed, 1 Jul 2009 15:41:59 +0200
> From: Siem.Korteweg at qnh.nl
> To: syslog-ng at lists.balabit.hu
> Subject: RE: [syslog-ng] Send a specific log by email
> 
> I guess that removing the filter statement (and restarting syslog-ng) is
sufficient.
> 
> regards,
> 
> Siem Korteweg
> 
> 
> -----Oorspronkelijk bericht-----
> Van: syslog-ng-bounces at lists.balabit.hu namens Reaky Rok
> Verzonden: wo 1-7-2009 15:27
> Aan: syslog-ng at lists.balabit.hu
> Onderwerp: Re: [syslog-ng] Send a specific log by email
> 
> 
> But I think as per the example the syslog will just send the log if it
match specific string like ( attackalert ) in the example, But I want it send
all new logs from this IP when comming without matching a specific string or
word, Can you help in this ?

_________________________________________________________________
Show them the way! Add maps and directions to your party invites. 
http://www.microsoft.com/windows/windowslive/products/events.aspx

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/ms-tnef
Size: 4197 bytes
Desc: not available
Url : http://lists.balabit.hu/pipermail/syslog-ng/attachments/20090702/e1693acc/attachment-0001.bin

More information about the syslog-ng mailing list