[syslog-ng] tuning syslog-ng 3.3.3
Johnson, Chris (HP TippingPoint Roseville)
chris.johnson3 at hp.com
Thu Jan 12 21:34:26 CET 2012
I'm trying to tune syslog-ng 3.3.3.
My first attempt is to use the log_fetch_limit parameter, but I'm running into the problem of where to define it!
The Admin guide says I can put it in the global options{}, but that generates and error saying it has been taken out of the global area and needs to be specified by the source and I can't seem to find the correct source syntax.
My config (pared down):
@version: 3.3
@include "scl.conf"
options {
# log_fetch_limit(100);
};
source s_local {
system();
internal();
};
#############################################################################
# Service all
filter f_all_pgm_01{program("*" type("glob"));};
filter f_all_lvl_01.01{level(info..emerg)};
destination d_all_01{file("/var/log/system.log" suppress(30));};
log {
source(s_local);
filter(f_all_pgm_01);
filter(f_all_lvl_01.01);
destination(d_all_01);
};
I've tried putting it in:
source s_local{ system( log_fetch_limit(100); ); ...};
source s_local{ system(); ... log_fetch_limit(100); };
log{ source(s_local log_fetch_limit(100);); ... };
each generate a 'syslog-ng[1567]: Error parsing configuration;' error.
Any ideas on *where* I should put it?
Thanks,
Chris
----------------------------------------
Christopher Johnson
chris.johnson3 at hp.com<mailto:chris.johnson3 at hp.com>
HP Software - Security Product Group
(916) 785-2817
----------------------------------------
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20120112/84088d7d/attachment.htm
More information about the syslog-ng
mailing list