[syslog-ng] destination based on custom field question
Matthew Hall
mhall at mhcomputing.net
Fri Jan 7 20:37:05 CET 2011
On Fri, Jan 07, 2011 at 08:18:00PM +0100, Gergely Nagy wrote:
> On Fri, 2011-01-07 at 11:58 -0500, Christopher Barry wrote:
> > syslog-ng (2.0.9-4.2) is the packaged version in Ubuntu 10.04. Can I use
> > this version to create the patterns that have been mentioned in this
> > thread, or do I need to pull down a newer (3.x) .deb from balabit? If a
> > newer one is appropriate or required, which version is recommended?
>
> I would strongly recommend 3.x. Debian has 3.1.3, and that version will
> probably work just fine on Ubuntu 10.04 (haven't tried, you might need
> to recompile in the worst case).
I'm with him on this, but I'm stricter. I recommend using 3.2 because
it's got the most reliable bug fixes and features and syntax, such as
correlation between events.
Matthew.
More information about the syslog-ng
mailing list