[syslog-ng] Rediecting logs
Zoltán Pallagi
pzolee at balabit.hu
Tue Apr 20 12:38:58 CEST 2010
Hi,
Replace $HOST_syslog.log to $HOST-syslog.log and it will work.
Syslog-ng seems to be handling wrong if underscore character is after
macroname.
Report a bug about it, please (https://bugzilla.balabit.com/)
abhay singh wrote:
> I have made that changes and restarted syslog services even though its
> not working///
> Now its like this
>
> options {
> long_hostnames(off);
> sync(0);
> perm(0640);
> stats(3600);
> keep_hostname(yes);
> };
> source s_external {
> udp(port(514));
> #udp(ip("192.168.114.129") port(514));
> #udp(ip("0.0.0.0") port(514));
> }; # Specific
> source s_stunnel {
> tcp(ip("127.0.0.1")
> port(514)
> max-connections(1));
> };
> destination d_external { file("/data/extract/syslogs/$HOST_syslog.log" \
> owner(cubot) group(users) perm(0600) dir_perm(0700) create_dirs(yes)
> template("$DATE $FULLHOST $PROGRAM $TAG [$FACILITY.$LEVEL]
> $MESSAGE \n") );
> };
>
> destination d_stunnel{
> file("/data/extract/syslogs/$HOST/$HOST_syslog.log" \
> owner(cubot) group(users) perm(0600) dir_perm(0700) create_dirs(yes)
> template("$DATE $FULLHOST $PROGRAM $TAG [$FACILITY.$LEVEL]
> $MESSAGE \n") );
> };
>
> log { source(s_external); destination(d_external); };
> log { source(s_stunnel); destination(d_stunnel); };
>
>
>
> On Tue, Apr 20, 2010 at 1:55 PM, Alan McKinnon <Alan.McKinnon at is.co.za
> <mailto:Alan.McKinnon at is.co.za>> wrote:
>
> On Tuesday 20 April 2010 08:38:51 abhay singh wrote:
> > Hi All,
> >
> > I have made changes in syslog-ng.conf to redirect logs coming
> from other
> > server to some specified log file and in some format
> >
> > source s_external {
> > udp(port(514));
> > };
> > source s_stunnel {
> > tcp(ip(127.0.0.1) port(514));
> > };
> >
> > destination s_external { file("/mydir/syslogs/$HOST_syslog.log" \
> > owner(user) group(group) perm(0600) dir_perm(0700)
> create_dirs(yes));
> > };
> >
> > destination s_stunnel { file("/mydir/syslogs/$HOST/syslog.log" \
> > owner(user) group(group) perm(0600) dir_perm(0700)
> create_dirs(yes));
> > };
> >
> > log { source(s_external); destination(s_external); };
> > log { source(s_stunnel); destination(s_stunnel); };
> >
> > But my log file is being created with name "syslog.log" and not as
> > "<hostnmae/ip>_syslog.log" neither $HOST directory made, what
> may be the
> > issue?
> >
> > Globle options are
> >
> > option{
> >
> > long_hostname(off);
> > sync(0);
> > }
>
>
> Your sources and destinations have the same name. That is not allowed.
>
> Rename the destinations to d_<something>
>
> --
> Alan McKinnon
> Systems Engineer^W Technician
> Infrastructure Services
> Internet Solutions
>
> +27 11 575 7585
>
> Please note: This email and its content are subject to the
> disclaimer as displayed at the following link
> http://www.is.co.za/legal/E-mail+Confidentiality+Notice+and+Disclaimer.htm.
> Should you not have Web access, send a mail to
> disclaimers at is.co.za <mailto:disclaimers at is.co.za> and a copy will
> be emailed to you.
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation:
> http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.campin.net/syslog-ng/faq.html
>
>
>
>
> --
> Regards..
> Abhay Singh..
> 91-98804-55587
> Sr. Software Engineer.
> Robust Designs India Pvt Ltd.
> Bangalore
> ------------------------------------------------------------------------
>
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.campin.net/syslog-ng/faq.html
>
>
--
pzolee
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20100420/9ecc99bc/attachment.htm
More information about the syslog-ng
mailing list