[syslog-ng] Multiple dates
Sandbox
sandboxheh at gmail.com
Thu Jun 8 07:38:54 UTC 2017
Hi,
I just started to test, learn etc syslog-ng, my server configuration is
really basic:
Q: Can i filter (and mark them on client) the incoming logs, so i dont have
to open multiple ports for different logs?
#-----------------------------------Source---------------------------------
source s_network_testweb01_access {
tcp(ip(192.168.56.48)
port("16601"));
};
source s_network_testweb01_error {
tcp(ip(192.168.56.48)
port("16602"));
};
source s_network_testweb01_referer {
tcp(ip(192.168.56.48)
port("16603"));
};
#------------------------------------Destination--------------------------
destination d_apache_access_testweb01 {
file("/var/log/syslog-ng/apache2/$FULLHOST.access"
owner("root")
group("adm")
perm(0640)
create_dirs(yes)
dir_owner("root")
dir_group("adm")
persist-name("testweb_access"));
....
file("/var/log/archive/$R_YEAR/apache/$R_MONTH/$FULLHOST.access.$R_DAY"
owner("root")
group("adm")
perm(0640)
create_dirs(yes)
dir_owner("root")
dir_group("adm")
persist-name("testweb_access_archive"));
};
destination d_apache_error_testweb01 {
file("/var/log/syslog-ng/apache2/$FULLHOST.error"
owner("root")
group("adm")
perm(0640)
create_dirs(yes)
dir_owner("root")
dir_group("adm")
persist-name("testweb_error"));
....
file("/var/log/archive/$R_YEAR/apache/$R_MONTH/$FULLHOST.error.$R_DAY"
owner("root")
group("adm")
perm(0640)
create_dirs(yes)
dir_owner("root")
dir_group("adm")
persist-name("testweb_error_archive"));
};
destination d_apache_referer_testweb01 {
file("/var/log/syslog-ng/apache2/$FULLHOST.referer"
owner("root")
group("adm")
perm(0640)
create_dirs(yes)
dir_owner("root")
dir_group("adm")
persist-name("testweb_referer"));
....
file("/var/log/archive/$R_YEAR/apache/$R_MONTH/$FULLHOST.referer.$R_DAY"
owner("root")
group("adm")
perm(0640)
create_dirs(yes)
dir_owner("root")
dir_group("adm")
persist-name("testweb_referer_archive"));
};
#---------------------Connections--------------------------
log { source(s_network_testweb01_access);
destination(d_apache_access_testweb01); };
log { source(s_network_testweb01_error);
destination(d_apache_error_testweb01); };
log { source(s_network_testweb01_referer);
destination(d_apache_referer_testweb01); };
The stored log:
Q: Why does it store the date 3 times in every logs?
Jun 8 08:20:11 192.168.7.30 133 <13>1 2017-06-08T08:20:11+02:00 testweb01
- - - [meta sequenceId="24"] :1 - - [08/Jun/2017:08:20:10 +0200] "GET /
HTTP/1.1" 200 3004
Also my client configuration:
#Log sources
source s_apache_error {
file("/var/log/apache2/error_testweb_log" follow-freq(1));
};
source s_apache_access {
file("/var/log/apache2/access_testweb_log" follow-freq(1));
};
source s_apache_referer {
file("/var/log/apache2/www_referer_log" follow-freq(1));
};
#LOG Destination
destination d_network_access {
syslog("192.168.56.48"
transport("tcp")
ip-protocol(4)
port("16601")
persist-name("testweb_access"));
};
destination d_network_error {
syslog("192.168.56.48"
transport("tcp")
ip-protocol(4)
port("16602")
persist-name("testweb_error"));
};
destination d_network_referer {
syslog("192.168.56.48"
transport("tcp")
ip-protocol(4)
port("16603")
persist-name("testweb_referer"));
};
#LOG connections
log { source(s_apache_access); destination(d_network_access); };
log { source(s_apache_error); destination(d_network_error); };
log { source(s_apache_referer); destination(d_network_referer); };
Thanks, Robert
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20170608/5b899325/attachment-0001.html>
More information about the syslog-ng
mailing list