[syslog-ng] IP Address folder

Julien Groselle julien.groselle at gmail.com
Wed Mar 28 11:06:37 CEST 2012


Hi,

Just a bump in case of my message was unfortunately deleted...
Help still needed.
--
JG

Le 21 mars 2012 10:47, Julien Groselle <julien.groselle at gmail.com> a écrit :

> Hello everybody,
>
> I work for a lange society, and we use syslog-ng for 5 years now.
> We have a centralized server with storage tank to keep logs securly.
>
> Concretely, we have 2 centralized servers syslog-ng in chrooted
> environement, and 50 clients servers.
>
> Since we use TLS transport in place of stunnel workaround, we have many
> issues :
> - First of all, many logs aren't writen in $HOST folder but in IPADDRESS
> folder. So, to be clear, this is an exemple :
> # ls
> drwxr-x---   8 root adm      4,0K  1 mars  00:07 10.0.0.1
> drwxr-x---  53 root adm      4,0K 19 mars  00:35 host1
>
> I assume that host1 have 10.0.0.1 IP address and
>
> # tree 192.168.100.79/2012-03/
> 10.0.0.1/2012-03/
> ├── 02-user-10.0.0.1.log.bz2
> ├── 06-user-10.0.0.1.log.bz2
> ├── 07-user-10.0.0.1.log.bz2
> ├── 08-user-10.0.0.1.log.bz2
> ├── 09-user-10.0.0.1.log.bz2
> ├── 12-user-10.0.0.1.log.bz2
> ├── 13-user-10.0.0.1.log.bz2
> ├── 14-user-10.0.0.1.log.bz2
> ├── 15-user-10.0.0.1.log.bz2
> ├── 16-user-10.0.0.1.log.bz2
> └── 19-user-10.0.0.1.log
>
> # tree host1/2012-03/ |grep 19-
> ├── 19-apache.access-host1.log
> ├── 19-apache.error-host1.log
> ├── 19-authpriv-host1.log
> ├── 19-auth-host1.log
> ├── 19-cron-host1.log
> ├── 19-daemon-host1.log
> ├── 19-kern-host1.log
> ├── 19-mail-host1.log
> ├── 19-nagios-host1.log
> ├── 19-puppetd-host1.log
> ├── 19-syslog-host1.log
> └── 19-user-host1.log
>
> (we have this problem with many servers)
> In facility "user" for host 10.0.0.1 in fact i have log for snmptrapd...
> But why ??
>
> We have config for snmpd but not for snmptrapd...
> So i have tried to define a default facility => failed
> After i have tried many dns and hostnames options => failed
>
> As anyone here have a way to search for me ?
> If you need more details, i'm your's.
>
> Kind regards.
> --
> JG
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20120328/df07c445/attachment.htm 


More information about the syslog-ng mailing list