[syslog-ng] Quick set of eyeballs on this
James Lay
jlay at slave-tothe-box.net
Mon Aug 25 22:48:05 CEST 2014
Can anyone see anything blatantly wrong with this? The goal is to
syslog as usual, but to forward firewall messages to a different server.
Thanks for looking all.
James
@version:3.3.5
options {
use_dns(no);
flush_lines(0);
stats_freq(43200);
};
source s_local {
unix-stream("/dev/log");
udp(ip(0.0.0.0) port(514));
tcp(ip(0.0.0.0) port(514));
file("/proc/kmsg");
};
destination d_file {
file("/var/log/messages");
};
destination d_syslogserver { udp ("x.x.x.x", port(7514)); };
filter f_syslogfilter {
not (
message("0x0004")
or message("169\.254\.")
or message("192\.168\.")
);
};
filter f_firewall {
message("ASA-4-71005")
or message("ASA-2-106100")
};
log {
source(s_local);
filter(f_syslogfilter);
destination(d_file);
};
log {
source(s_local);
filter(f_firewall);
destination(d_syslogserver);
};
More information about the syslog-ng
mailing list