[syslog-ng] R: syslog-ng Digest, Vol 80, Issue 18

tokie at tiscali.it tokie at tiscali.it
Tue Dec 13 15:23:20 CET 2011 

As you can see the device gives a valid syslog header.
Destination of 
Firewall in fw.log:
# tailf fw.log
Dec 13 13:58:47 192.168.1.254/192.
168.1.254 Fw-Vigor2955: 149:13:59.970 lan->wan @S:R=13:1 p 
192.168.1.8,19679 -> 82.200.234.214,33244    PR UDP len 20 131


Destination of Access Point .241 in ap241.log:
# tailf ap241.log
Dec 13 
13:58:47 192.168.1.254/192.168.1.254 Fw-Vigor2955: 149:13:59.770 lan-
>wan @S:R=13:1 p 192.168.1.8,19679 -> 94.244.30.85,63708    PR UDP len 
20 131

It writes the same thing!!

My configuration is the following:


source udp {
  udp();
  };
destination d_fw {
  file("/**/**/fw.log" 
create_dirs(yes) fsync(yes));
  };
filter f_fw {
  netmask
("192.168.1.254/32"); ## try for only host
  };
log {
  source(udp);
  
destination(d_fw);
  filter(f_fw);
  };

Therefore, how can I do??


Thanks
Tokie

------------------------------

Date: Mon, 12 Dec 2011 19:
10:30 -0500
From: Jim <jrhendri at maine.rr.com>
Subject: Re: [syslog-ng] 
Log only one host
To: Syslog-ng users' and developers' mailing list
	
<syslog-ng at lists.balabit.hu>
Message-ID: <1323735030.16055.1.
camel at ubuntu>
Content-Type: text/plain; charset="UTF-8"

Couple things 
to note:
- not all syslogs give a valid syslog header (e.g. <date> 
<time> <host>
<program>:<message>)
- name resolution costs cycles (may 
not be an issue)
- know the difference between $HOST (parsed from the 
syslog header) and
$HOST_FROM (the origin of the packet)

Enjoy!

On 
Mon, 2011-12-12 at 12:05 +0100, Thomas Wollner wrote:
> Hello,
> 
> to 
separate the destination logfiles for each host, use the following
> 
> 
destination d_file_foreach_host {
>   file("/var/log/$FULLHOST.log");
> 
}
> 
> 
> log {
>   source(s_all);
>   destination
(d_file_foreach_host),
> };
> 
> hope it helps,
> regards,
> 
> Tom
> 

> 
> 
> Zitat von "tokie at tiscali.it" <tokie at tiscali.it>:
> 
> >> Try 
using the netmask filter.
> >
> >> filter f_host_a_b_c_d {
> >>  
netmask
> > ("a.b.c.d/32");
> >>  };
> >
> > Tks for reply,
> > I tried 
but don't work!
> > More
> > specific:
> > I wish that all devicies in 
my network, logging into a
> > specific file on syslog server.
> >
> > 
Now all files log all devicies!!
> > I
> > have the same result in 
different
> > file(100.log, 101.log, and so on)
> >
> >
> > Must I use 
iptables's match?? How??
> >
> > tks
> > Tokie
> >
> > p.s.:
> > netmask
("a.b.c.
> >
> > d/32") or netmask("a.b.c.d/255.255.255.255") ???


E' nata indoona: chiama, videochiama e messaggia Gratis. Scarica indoona per iPhone, Android e PC: http://www.indoona.com/

More information about the syslog-ng mailing list