[syslog-ng] Syslog-ng Questions

[Miah Lang]

> Is it possible to configure multiple sources, one with flags(no-parse) and one without?
>  
> e.g.
>  
> source s_syslog-ports {
>         udp(port(514));
>         tcp(port(1514) max-connections(100));
>         tcp(port(514) max-connections(100));
> };
>  
> source s_syslog_np-ports {
>         udp(port(514) flags(no-parse));
>         tcp(port(1514) max-connections(100) flags(no-parse));
>         tcp(port(514) max-connections(100) flags(no-parse));
> };
>  
> filter f_Cisco-router { in-list("/etc/syslog-ng/filter/Cisco-router.txt", value("SOURCEIP")); };
> destination d_Cisco-router {file("/var/log/IT/network/router/cisco/${SOURCEIP}/${SOURCEIP}-${YEAR}${MONTH}${DAY}.log" template(t_message-only));};
> log {source(s_syslog-ports); filter(f_Cisco-router); destination(d_Cisco-router);};
>  
> filter f_Cisco-switch { in-list("/etc/syslog-ng/filter/Cisco-switch.txt", value("SOURCEIP")); };
> destination d_Cisco-switch {file("/var/log/IT/network/switch/cisco/${SOURCEIP}/${SOURCEIP}-${YEAR}${MONTH}${DAY}.log" template(t_message-only));};
> log {source(s_syslog_np-ports); filter(f_Cisco-switch); destination(d_Cisco-switch);};
>  
> Whenever I do this, I get an error message when restarting the service.
> “Job for syslog-ng.service failed because the control process exited with error code. See "systemctl status syslog-ng.service" and "journalctl -xe" for details.”
> “Cannot add dependency job for unit microcode.service, ignoring: Unit is not loaded properly: Invalid argument.”
>  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20170222/e3e97a28/attachment.html>