[syslog-ng] Difference in version
Gergely Nagy
algernon at balabit.com
Mon May 7 14:00:50 UTC 2018
Hi!
>>>>> "vinod" == vinod samant <vinod.samant.123 at gmail.com> writes:
vinod> 1.first one is using command yum install syslog-ng , and it has been
vinod> installed ,if this way is wright then what will be the client and server
vinod> side configuration,Suppose
The client should be configured to read the logs, the server to accept
them and put them where you want 'em. See below for two simple examples.
vinod> apache writing custom log on
vinod> /usr/local/apache/logs/xyz_access_2018-05-07.log ,Client IP:- 10.10.64.1
vinod> ,server IP:- 10.10.64.100.
It looks like you're using files with dates in them, so you'll need a
wildcard source. Something along these lines may serve as a starting
point:
------------------------- * -------------------------
# client config
@version: 3.15
source s_apache {
wildcard-file(
base-dir("/usr/local/apache/logs");
filename-pattern("*_access_*.log");
flags(no-parse);
);
};
destination d_central {
network("10.0.0.1" port(1234));
};
log {
source(s_apache);
destination(d_central);
};
------------------------- * -------------------------
# server config
@version: 3.15
source s_network {
network(port(1234));
};
destination d_all {
file("/var/log/all.log" template("${MSG}\n");
};
log {
source(s_network);
destination(d_all);
};
------------------------- * -------------------------
If you want to have the same filename on the server side, that becomes a
bit less trivial, but still doable. You'll have to transfer the filename
too, and extract it on the server side.
This should be doable, because the ${FILE_NAME} macro on the client
contains the file a log line was read from, you can put this into the
message sent to the server, where it can be extracted and used to
construct the file the message gets saved to.
The following thread might be of use if you want to go down this path:
https://lists.balabit.hu/pipermail/syslog-ng/2015-March/021906.html
I also recommend reading - or at least browsing the relevant parts of -
the syslog-ng administrator's guide. It has a lot of helpful information
about the configuration file syntax, options, and whatnot:
https://syslog-ng.com/documents/html/syslog-ng-ose-3.14-guides/en/syslog-ng-ose-guide-admin/html/index.html
vinod> 2. Second i have downloaded tar.gz file form github and trying to install
vinod> ,But i am facing lots of dependency problem.
vinod> Can you explain difference between both way installation which i am triyng
vinod> ?
If you install from a binary package, you won't have to compile
anything. But you are limited to the version of syslog-ng your
distribution ships with (unless you use a third-party repository, which
you don't appear to be using). When compiling from source, you'll need
plenty of development tools - I'd recommend checking out the
docker-based building solution Laszlo Budai mentioned in his reply:
https://github.com/balabit/syslog-ng/blob/master/dbld/images/centos6.dockerfile
This should make it a *lot* easier to compile from source, as it has all
the dependencies already installed. There are some notes on how to use
the Dockerfile here:
https://github.com/balabit/syslog-ng/tree/master/dbld
The main difference between source and binary package is like the
difference between a recipe and a finished dish: if you have the recipe
(source), the ingredients and tools (dependencies, compiler, etc), then
you can cook the dish (binary package). Or you can order (download) the
finshed food (binary package), where someone else did the cooking for
you. :)
--
|8]
More information about the syslog-ng
mailing list