[syslog-ng] Rediecting logs
Sandor Geller
Sandor.Geller at morganstanley.com
Tue Apr 20 12:40:34 CEST 2010
Hi,
On Tue, Apr 20, 2010 at 12:15 PM, abhay singh <abhay.asingh at gmail.com> wrote:
> I have made that changes and restarted syslog services even though its not
> working///
> Now its like this
>
> options {
> long_hostnames(off);
> sync(0);
> perm(0640);
> stats(3600);
> keep_hostname(yes);
> };
> source s_external {
> udp(port(514));
> #udp(ip("192.168.114.129") port(514));
> #udp(ip("0.0.0.0") port(514));
> }; # Specific
> source s_stunnel {
> tcp(ip("127.0.0.1")
> port(514)
> max-connections(1));
> };
> destination d_external { file("/data/extract/syslogs/$HOST_syslog.log" \
> owner(cubot) group(users) perm(0600) dir_perm(0700) create_dirs(yes)
> template("$DATE $FULLHOST $PROGRAM $TAG [$FACILITY.$LEVEL] $MESSAGE \n")
> );
> };
>
> destination d_stunnel{ file("/data/extract/syslogs/$HOST/$HOST_syslog.log" \
> owner(cubot) group(users) perm(0600) dir_perm(0700) create_dirs(yes)
> template("$DATE $FULLHOST $PROGRAM $TAG [$FACILITY.$LEVEL] $MESSAGE \n")
> );
> };
>
> log { source(s_external); destination(d_external); };
> log { source(s_stunnel); destination(d_stunnel); };
Could you show a few logged lines? Which version of syslog-ng you're using?
$HOST should remain blank only when syslog-ng failed to parse the
hostname part of the log. BTW it's better to use ${HOST} instead of
plain $HOST especially when there are no delimeters around the macro.
Regards,
Sandor
More information about the syslog-ng
mailing list