[syslog-ng] Rediecting logs

abhay singh abhay.asingh at gmail.com
Wed Apr 21 09:03:50 CEST 2010 

Hi

Am using syslog-ng 1.6.8, and syslogd 1.4.1.
few lines from logs are

Apr 21 08:54:59 xxx.xxx.xxx.xxx zzziper 86 [local0.info] zzziper: 2010-04-21
08:59:58 - zzziperSA-2 - [yyy.yyy.yyy.yyy] a.rico(RD Employee)[Outlook WEB
Access Spain, Network Connect VPN Users] - Web SSO: Authentication
successful. Credential Used: UserUID: xxx, Username: xxx, BasicHash: XXXXXX,
Auth Type: (2) BasicAuth, Cred Type: (1) Variable Credential, Target:
zzz.zzz.zzz.zzz, Password: XXXXXX, Policy Auth: (2) BasicAuth, Cred Label:
BA_Upg_6,

Apr 21 08:54:59 xxx.xxx.xxx.xxx zzziper 86 [local0.info] zzziper: 2010-04-21
08:59:58 - JuniperSA-2 - [yyy.yyy.yyy.yyy] a.rico(RD Employee)[Outlook WEB
Access Spain, Network Connect VPN Users] - WebRequest completed, POLL to
http://yyy.yyy.yyy.yyy//exchange/a.rico/Inbox<http://192.168.8.11//exchange/a.rico/Inbox>from
yyy.yyy.yyy.yyy result=207 sent=36 received=292 in 1 seconds

On Tue, Apr 20, 2010 at 4:10 PM, Sandor Geller <
Sandor.Geller at morganstanley.com> wrote:

> Hi,
>
> On Tue, Apr 20, 2010 at 12:15 PM, abhay singh <abhay.asingh at gmail.com>
> wrote:
> > I have made that changes and restarted syslog services even though its
> not
> > working///
> > Now its like this
> >
> > options {
> >                long_hostnames(off);
> >                sync(0);
> >                perm(0640);
> >                stats(3600);
> >                keep_hostname(yes);
> > };
> > source s_external {
> >         udp(port(514));
> >         #udp(ip("192.168.114.129") port(514));
> >         #udp(ip("0.0.0.0") port(514));
> > };  # Specific
> > source s_stunnel {
> >         tcp(ip("127.0.0.1")
> >         port(514)
> >         max-connections(1));
> >        };
> > destination d_external { file("/data/extract/syslogs/$HOST_syslog.log" \
> >     owner(cubot) group(users) perm(0600) dir_perm(0700) create_dirs(yes)
> >     template("$DATE $FULLHOST $PROGRAM $TAG [$FACILITY.$LEVEL] $MESSAGE
> \n")
> > );
> >         };
> >
> > destination d_stunnel{
> file("/data/extract/syslogs/$HOST/$HOST_syslog.log" \
> >     owner(cubot) group(users) perm(0600) dir_perm(0700) create_dirs(yes)
> >     template("$DATE $FULLHOST $PROGRAM $TAG [$FACILITY.$LEVEL] $MESSAGE
> \n")
> > );
> >         };
> >
> > log { source(s_external); destination(d_external); };
> > log { source(s_stunnel); destination(d_stunnel); };
>
> Could you show a few logged lines? Which version of syslog-ng you're using?
>
> $HOST should remain blank only when syslog-ng failed to parse the
> hostname part of the log. BTW it's better to use ${HOST} instead of
> plain $HOST especially when there are no delimeters around the macro.
>
> Regards,
>
> Sandor
>
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation:
> http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.campin.net/syslog-ng/faq.html
>
>


-- 
Regards..
Abhay Singh..
91-98804-55587
Sr. Software Engineer.
Robust Designs India Pvt Ltd.
Bangalore
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20100421/d2da826f/attachment.htm

More information about the syslog-ng mailing list