[syslog-ng] destination based on custom field question
Matthew Hall
mhall at mhcomputing.net
Fri Jan 7 20:39:17 CET 2011
On Fri, Jan 07, 2011 at 11:37:05AM -0800, Matthew Hall wrote:
> On Fri, Jan 07, 2011 at 08:18:00PM +0100, Gergely Nagy wrote:
> > On Fri, 2011-01-07 at 11:58 -0500, Christopher Barry wrote:
> > > syslog-ng (2.0.9-4.2) is the packaged version in Ubuntu 10.04. Can I use
> > > this version to create the patterns that have been mentioned in this
> > > thread, or do I need to pull down a newer (3.x) .deb from balabit? If a
> > > newer one is appropriate or required, which version is recommended?
> >
> > I would strongly recommend 3.x. Debian has 3.1.3, and that version will
> > probably work just fine on Ubuntu 10.04 (haven't tried, you might need
> > to recompile in the worst case).
>
> I'm with him on this, but I'm stricter. I recommend using 3.2 because
> it's got the most reliable bug fixes and features and syntax, such as
> correlation between events.
>
> Matthew.
Forgot to mention:
There is a debian/ directory in the sources which should make it easy to
create a deb. Simply install all the packages in debian/control
Build-Depends and Depends, along with build-essential. Then run
debian/rules binary. You should get a working package pretty easily
after that.
Matthew.
More information about the syslog-ng
mailing list