[syslog-ng] Logging only certain logs to a remote syslog server

Pallagi Zoltán pzolee at balabit.hu
Mon Nov 9 11:20:49 CET 2009


Hi,

Paras Fadte írta:
> Hi Bill,
>
> Thanks for the response . When I tried the following it didn't seem to
> work. The remote host doesn't show any logs .
>
> source postgreslog {file("/home/postgres/data_log-8_4_1"); };
> destination postgresloghost { udp("192.168.1.8" port(5140)); };
> log { source(postgreslog);  destination(postgresloghost); };
>
>   
Are you really sure that your psql logs come from 
"/home/postgres/data_log-8_4_1"?
You can run syslog-ng with "-Fevd" options to watch what syslog-ng reads 
from this file (to check this just send a plain text line to this file 
and you should see it on the screen of syslog-ng)
> But the following works :
>
> filter f_postgres { facility(local0) and match('postgres'); };
> destination postgresloghost { udp("192.168.1.8" port(5140)); };
> log { source(src); filter(f_postgres);  destination(postgresloghost);
> flags(final); };
>   
Can you show me your full source src{...} line in config? Because your 
psql logs seem to be coming from /dev/log
>
> What could be wrong ? I have also noticed that the remote syslog
> server logs these messages in its /var/log/messages file also . Can
> this be prevented ?
>   
Yes because your sources also should be splitted to different destinations.
For example:
source s_net {udp(port(5140));};
destination psql_file{file("/var/log/psql.log");};
log {source(s_net);destination(psql_file);};
> Thank you
>
> -Paras
>
>
> On Thu, Nov 5, 2009 at 9:12 PM, Bill Nash <billn at billn.net> wrote:
>   
>> Sure, it's very easy. Create a source stanza for the files you want to
>> monitor. Create a destination stanza for the host you want to send to. Add
>> another log stanza containing them both.
>>
>> source mysqllog { file("/var/lib/mysql/mysql.err" log_prefix("mysql: "); };
>> destination mysqlloghost { udp("192.168.1.1" port (514)); };
>> log{ source(mysqllog); destination(mysqlloghost); };
>>
>> - billn
>>
>> On Thu, Nov 5, 2009 at 2:00 AM, Paras Fadte <plfgoa at gmail.com> wrote:
>>     
>>> Hi,
>>>
>>> Is it possible to log only a particular logs to a remote syslog server
>>> ? For example logging only mysql/postgres logs to a remote host .
>>> syslog-ng version used is syslog-ng 1.6.8
>>>
>>> Thank you.
>>>
>>> -Paras
>>>
>>> ______________________________________________________________________________
>>> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>>> Documentation:
>>> http://www.balabit.com/support/documentation/?product=syslog-ng
>>> FAQ: http://www.campin.net/syslog-ng/faq.html
>>>
>>>       
>>
>> --
>>
>> - billn
>>
>> ______________________________________________________________________________
>> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>> Documentation:
>> http://www.balabit.com/support/documentation/?product=syslog-ng
>> FAQ: http://www.campin.net/syslog-ng/faq.html
>>
>>
>>
>>     
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.campin.net/syslog-ng/faq.html
>
>
>   

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20091109/4eedf7e5/attachment.htm 


More information about the syslog-ng mailing list