[syslog-ng] Some messages are missing

Tinnis G tinnisg at gmail.com
Mon Mar 14 03:38:56 CET 2011 

Hi,

I am not getting all the messages  in the message log files . If someone
helps me , it will be really appreciated.
We have remote servers , where we are keeping the log files too.

I feel that the problem is in the filter.  Please correct me.  I want all
the logs will be reported .

Mentioning below the configuration file on each server. These are all same
throughout.

Thanks in advance.

_________________________________________________________
options {       sync (0);
                time_reopen (10);
                log_fifo_size (1000);
                long_hostnames(off);
                use_dns (yes);
                use_fqdn (no);
                create_dirs (yes);
                keep_hostname (yes);
                stats (3600);
};

source src {    unix-stream("/dev/log");
                internal();
                pipe("/proc/kmsg");
    };

# Remote logging
################
## Auth log
destination loghost1 { tcp("log1.xx.org" port(514)); };
destination loghost2 { tcp("log2.xx.org" port(514)); };
destination loghost3 { tcp("log3.xx.org" port(514)); };
filter f_auth { facility(auth); };
log { source(src); filter(f_auth); destination(loghost1); };
log { source(src); filter(f_auth); destination(loghost2); };
log { source(src); filter(f_auth); destination(loghost3); };
#
## Authpriv log
destination loghost1 { tcp("log1.xx.org" port(514)); };
destination loghost2 { tcp("log2.xx.org" port(514)); };
destination loghost3 { tcp("log3.xx.org" port(514)); };
filter f_authpriv { facility(auth, authpriv); };
log { source(src); filter(f_authpriv); destination(loghost1); };
log { source(src); filter(f_authpriv); destination(loghost2); };
log { source(src); filter(f_authpriv); destination(loghost3); };

##  Everything log
destination loghost1 { tcp("log1.xx.org" port(514)); };
destination loghost2 { tcp("log2.xx.org" port(514)); };
destination loghost3 { tcp("log3.xx.org" port(514)); };
filter f_everything { level(debug..emerg); };
log { source(src); filter(f_everything); destination(loghost1); };
log { source(src); filter(f_everything); destination(loghost2); };
log { source(src); filter(f_everything); destination(loghost3); };
#
# Local logging
################

# Local Destinations
#%%%%%%%%%%%%%%%%%%%
destination authpriv { file("/var/log/authpriv.log"); };
destination auth { file("/var/log/auth.log"); };
destination syslog { file("/var/log/syslog.log"); };
destination messages { file("/var/log/messages.log"); };
destination cron { file("/var/log/cron.log"); };
destination daemon { file("/var/log/daemon.log"); };
destination kernel { file("/var/log/kernel.log"); };
destination lpr { file("/var/log/lpr.log"); };
destination mail { file("/var/log/mail.log"); };
destination debug { file("/var/log/debug.log"); };
#
#
destination console { usertty("root"); };
destination console_all { file("/dev/tty12"); };

# Local Filters
###############
filter f_syslog { not facility(authpriv, mail); };
filter f_messages { level(info..warn) and not facility(auth, authpriv, mail,
news); };
filter f_authpriv { facility(auth, authpriv); };
filter f_auth { facility(auth); };
filter f_cron { facility(cron); };
filter f_daemon { facility(daemon); };
filter f_kernel { facility(kern); };
filter f_lpr { facility(lpr); };
filter f_mail { facility(mail); };
filter f_debug { not facility(auth, authpriv, news, mail); };
#
#
filter f_emergency { level(emerg); };
filter f_info { level(info); };
filter f_notice { level(notice); };
filter f_warn { level(warn); };
filter f_crit { level(crit); };
filter f_err { level(err); };

# Local Log
############
log { source(src); filter(f_syslog); destination(syslog); };
log { source(src); filter(f_messages); destination(messages); };
log { source(src); filter(f_authpriv); destination(authpriv); };
log { source(src); filter(f_auth); destination(auth); };
log { source(src); filter(f_cron); destination(cron); };
log { source(src); filter(f_daemon); destination(daemon); };
log { source(src); filter(f_kernel); destination(kernel); };
log { source(src); filter(f_lpr); destination(lpr); };
log { source(src); filter(f_mail); destination(mail); };
log { source(src); filter(f_debug); destination(debug); };
#
log { source(src); filter(f_emergency); destination(console); };
log { source(src); destination(console_all); };
#

## END /etc/syslog-ng/syslog-ng.conf


_________________________________________________________
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20110313/adc22027/attachment.htm

More information about the syslog-ng mailing list