[syslog-ng] Send a specific log by email

Reaky Rok reakyrok at hotmail.com
Thu Jul 2 10:34:17 CEST 2009


I modefied it and it gave me the following result after restarting :

Error binding socket; addr='AF_INET(163.121.189.131:514)', error='Cannot assign requested address (99)'
Error initializing source driver; source='s_remote', id='s_remote#0'
Error initializing message pipeline;
                                                           [FAILED]

I s it possible that this's becuese I used the same source name in the first part of configuration ?

> Date: Thu, 2 Jul 2009 10:19:40 +0200
> From: Siem.Korteweg at qnh.nl
> To: syslog-ng at lists.balabit.hu
> Subject: RE: [syslog-ng] Send a specific log by email
> 
> Correct the name of the source in the log-statement. You defined source s_remote and used r_remote in the log definition.
> 
> regards,
> 
> Siem Korteweg
> 
> -----Oorspronkelijk bericht-----
> Van: syslog-ng-bounces at lists.balabit.hu namens Reaky Rok
> Verzonden: do 2-7-2009 10:13
> Aan: syslog-ng at lists.balabit.hu
> Onderwerp: Re: [syslog-ng] Send a specific log by email
> 
> 
> Dear I still have a problem, the following is my configuration file that realated with remote IP's
> 
> ======================================================================================
> ======================================================================================
> 
> # Remote logging
> source s_remote {
>         tcp(ip(0.0.0.0) port(514));
>         udp(ip(0.0.0.0) port(514));
> };
> 
> destination d_separatedbyhosts {
>         file("/var/log/syslog-ng/servers/$HOST/$FACILITY.log" owner("root") group("root") perm(0640) dir_perm(0750) create_dirs(yes));
> };
> 
> log { source(s_remote); destination(d_separatedbyhosts); };
> 
> #==============================================================
> #Filtration for SME Alerts
> source s_remote {
>        tcp(ip(163.121.189.131) port(514));
>         udp(ip(163.121.189.131) port(514));
> };
> 
> destination syslogmail { program("/usr/local/bin/syslog-mail-perl"); };
> log { source(r_remote); destination(syslogmail); };
> 
> #======================================================================================
> #======================================================================================
> The first part is the original for all remote IP's and It's working good
> The second is the part of the IP that I want to filter
> When I restart It gave m ethe following error
> 
> WARNING: file source: default value of follow_freq in file sources is changing in 3.0 to '1' for all files except /proc/kmsg;
> Error in configuration, unresolved source reference; source='r_remote'
> 
> Could u please help me in that
> Thanks
> 
> 
> > Date: Wed, 1 Jul 2009 15:41:59 +0200
> > From: Siem.Korteweg at qnh.nl
> > To: syslog-ng at lists.balabit.hu
> > Subject: RE: [syslog-ng] Send a specific log by email
> >
> > I guess that removing the filter statement (and restarting syslog-ng) is sufficient.
> >
> > regards,
> >
> > Siem Korteweg
> >
> >
> > -----Oorspronkelijk bericht-----
> > Van: syslog-ng-bounces at lists.balabit.hu namens Reaky Rok
> > Verzonden: wo 1-7-2009 15:27
> > Aan: syslog-ng at lists.balabit.hu
> > Onderwerp: Re: [syslog-ng] Send a specific log by email
> >
> >
> > But I think as per the example the syslog will just send the log if it match specific string like ( attackalert ) in the example, But I want it send all new logs from this IP when comming without matching a specific string or word, Can you help in this ?
> 
> _________________________________________________________________
> Show them the way! Add maps and directions to your party invites.
> http://www.microsoft.com/windows/windowslive/products/events.aspx
> 

_________________________________________________________________
Invite your mail contacts to join your friends list with Windows Live Spaces. It's easy!
http://spaces.live.com/spacesapi.aspx?wx_action=create&wx_url=/friends.aspx&mkt=en-us
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20090702/bae47eee/attachment.htm 


More information about the syslog-ng mailing list