[syslog-ng] problem to filter remote-logs on syslog-server
Gergely Nagy
algernon at balabit.hu
Wed Jun 8 11:22:09 CEST 2011
"system at ra-schaal.de" <system at ra-schaal.de> writes:
> I try to filter with syslog ng 3.2.4 log files from another server to
> local files.
>
> The syslog-server receives all log entries from the remote-server.
>
> If i let syslog-server write over "SOURCE network", the log is provided.
> But the integration in src local does not fold however.
>
>
> I.e on syslog-server this works:
> log { source(network); destination(foo); };
>
> but
> log { source(src); filter (f_foo); destination (d_foo) };
>
> doesn´t contains any entries from the remote server.
>
That's because you have two sources that both try to listen on udp port
514, which will not work.
A better solution would be to remove it from the src source, and use two
sources in the log path.
Something like this:
source src {internal();
unix-dgram("/dev/log");
unix-dgram("/var/lib/named/dev/log");
};
source network { udp(port(514)); };
log { source(src); source(network); filter(f_foo); destination(d_foo); };
--
|8]
More information about the syslog-ng
mailing list