[syslog-ng] Simple config question
Balint Kovacs
balint.kovacs at balabit.com
Thu Nov 3 23:03:20 CET 2011
On 11/03/2011 10:33 PM, Jakub Jankowski wrote:
> On 2011-11-03, Miguel Alvarez wrote:
>
>>> Well, something similar is possible with syslog-ng aswell: (beware,
>>> completely untested, there might be typos!)
> [...]
>>> source s_snort_alert {
>>> file("/var/log/snort/alert");
>>> tag("snort");
>>> };
> [...]
>>> [1]:
>>> http://www.balabit.com/sites/default/files/documents/syslog-ng-ose-3.2-guides/syslog-ng-ose-v3.2-guide-admin-en.html/bk01-toc.html
>>
>> Wow, thank you so much! That actually looks pretty straight forward.
>>
>> I initially had syslog-ng 3.2.4 installed but it was complaining about
>> the "source plugin tag not found". I thought this was perhaps due to
>> it not being 3.3 so I built and installed 3.3.1 but am still seeing
>> it. Is there something I'm missing from my build or not loading in my
>> config?
>
> It's a typo in Gergely's example. It's "tags", not "tag" :) See the
> docs[2]
>
> [2]
> http://www.balabit.com/sites/default/files/documents/syslog-ng-ose-3.2-guides/syslog-ng-ose-v3.2-guide-admin-en.html/reference_source_file.html
Also, tags() have to be within the file() declaration, so the above
should rather look like
source s_snort_alert {
file("/var/log/snort/alert" tags("snort"));
};
Balint
More information about the syslog-ng
mailing list