[syslog-ng] Difference in version
vinod samant
vinod.samant.123 at gmail.com
Tue May 8 09:46:44 UTC 2018
Hi ,
I have used same configuration as you have sent ,
client IP:- 192.168.122.61
central server IP:- 192.168.122.184
my Client configuration file:-
@version:3.13
@include "scl.conf"
# syslog-ng configuration file.
#
# This should behave pretty much like the original syslog on RedHat. But
# it could be configured a lot smarter.
#
# See syslog-ng(8) and syslog-ng.conf(5) for more information.
#
# Note: it also sources additional configuration files (*.conf)
# located in /etc/syslog-ng/conf.d/
options {
flush_lines (0);
time_reopen (10);
log_fifo_size (1000);
chain_hostnames (off);
use_dns (no);
use_fqdn (no);
create_dirs (no);
keep_hostname (yes);
};
source s_sys {
system();
internal();
# udp(ip(0.0.0.0) port(514));
};
destination d_cons { file("/dev/console"); };
destination d_mesg { file("/var/log/messages"); };
destination d_auth { file("/var/log/secure"); };
destination d_mail { file("/var/log/maillog" flush_lines(10)); };
destination d_spol { file("/var/log/spooler"); };
destination d_boot { file("/var/log/boot.log"); };
destination d_cron { file("/var/log/cron"); };
destination d_kern { file("/var/log/kern"); };
destination d_mlal { usertty("*"); };
filter f_kernel { facility(kern); };
filter f_default { level(info..emerg) and
not (facility(mail)
or facility(authpriv)
or facility(cron)); };
filter f_auth { facility(authpriv); };
filter f_mail { facility(mail); };
filter f_emergency { level(emerg); };
filter f_news { facility(uucp) or
(facility(news)
and level(crit..emerg)); };
filter f_boot { facility(local7); };
filter f_cron { facility(cron); };
#log { source(s_sys); filter(f_kernel); destination(d_cons); };
log { source(s_sys); filter(f_kernel); destination(d_kern); };
log { source(s_sys); filter(f_default); destination(d_mesg); };
log { source(s_sys); filter(f_auth); destination(d_auth); };
log { source(s_sys); filter(f_mail); destination(d_mail); };
log { source(s_sys); filter(f_emergency); destination(d_mlal); };
log { source(s_sys); filter(f_news); destination(d_spol); };
log { source(s_sys); filter(f_boot); destination(d_boot); };
log { source(s_sys); filter(f_cron); destination(d_cron); };
# Source additional configuration files (.conf extension only)
@include "/etc/syslog-ng/conf.d/*.conf"
# vim:ft=syslog-ng:ai:si:ts=4:sw=4:et:
#
source s_apache {
wildcard-file(
base-dir("/var/log/httpd/")
filename-pattern("*access_*")
flags(no-parse)
)
destination d_central {
network("192.168.122.184" port(udp))
}
log {
source(s_apache)
destination(d_central)
}
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>ERROR<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
If I am starting syslog-ng then ,its showing below error
[root at master syslog-ng]# service syslog-ng start
Error parsing source, syntax error, unexpected KW_DESTINATION, expecting
';' in /etc/syslog-ng/syslog-ng.conf at line 83, column 1:
destination d_central {
^^^^^^^^^^^
syslog-ng documentation:
https://www.balabit.com/support/documentation?product=syslog-ng-ose
contact: https://lists.balabit.hu/mailman/listinfo/syslog-ng
[root at master syslog-ng]#
So,Please help to configure client and central server.
*Thanks & Regards :-*
*VINOD SINGH SAUD*
*(M):- 09718663552*
*(W):-09997645597*
*(E) :- vinod.samant.123 at gmail.com <vinod.samant.123 at gmail.com>*
On Mon, May 7, 2018 at 7:30 PM, Gergely Nagy <algernon at balabit.com> wrote:
> Hi!
>
> >>>>> "vinod" == vinod samant <vinod.samant.123 at gmail.com> writes:
>
> vinod> 1.first one is using command yum install syslog-ng , and it
> has been
> vinod> installed ,if this way is wright then what will be the client
> and server
> vinod> side configuration,Suppose
>
> The client should be configured to read the logs, the server to accept
> them and put them where you want 'em. See below for two simple examples.
>
> vinod> apache writing custom log on
> vinod> /usr/local/apache/logs/xyz_access_2018-05-07.log ,Client IP:-
> 10.10.64.1
> vinod> ,server IP:- 10.10.64.100.
>
> It looks like you're using files with dates in them, so you'll need a
> wildcard source. Something along these lines may serve as a starting
> point:
>
> ------------------------- * -------------------------
>
> # client config
>
> @version: 3.15
>
> source s_apache {
> wildcard-file(
> base-dir("/usr/local/apache/logs");
> filename-pattern("*_access_*.log");
> flags(no-parse);
> );
> };
>
> destination d_central {
> network("10.0.0.1" port(1234));
> };
>
> log {
> source(s_apache);
> destination(d_central);
> };
>
> ------------------------- * -------------------------
>
> # server config
>
> @version: 3.15
>
> source s_network {
> network(port(1234));
> };
>
> destination d_all {
> file("/var/log/all.log" template("${MSG}\n");
> };
>
> log {
> source(s_network);
> destination(d_all);
> };
>
> ------------------------- * -------------------------
>
> If you want to have the same filename on the server side, that becomes a
> bit less trivial, but still doable. You'll have to transfer the filename
> too, and extract it on the server side.
>
> This should be doable, because the ${FILE_NAME} macro on the client
> contains the file a log line was read from, you can put this into the
> message sent to the server, where it can be extracted and used to
> construct the file the message gets saved to.
>
> The following thread might be of use if you want to go down this path:
> https://lists.balabit.hu/pipermail/syslog-ng/2015-March/021906.html
>
> I also recommend reading - or at least browsing the relevant parts of -
> the syslog-ng administrator's guide. It has a lot of helpful information
> about the configuration file syntax, options, and whatnot:
> https://syslog-ng.com/documents/html/syslog-ng-ose-
> 3.14-guides/en/syslog-ng-ose-guide-admin/html/index.html
>
> vinod> 2. Second i have downloaded tar.gz file form github and trying
> to install
> vinod> ,But i am facing lots of dependency problem.
>
> vinod> Can you explain difference between both way installation which
> i am triyng
> vinod> ?
>
> If you install from a binary package, you won't have to compile
> anything. But you are limited to the version of syslog-ng your
> distribution ships with (unless you use a third-party repository, which
> you don't appear to be using). When compiling from source, you'll need
> plenty of development tools - I'd recommend checking out the
> docker-based building solution Laszlo Budai mentioned in his reply:
> https://github.com/balabit/syslog-ng/blob/master/dbld/
> images/centos6.dockerfile
>
> This should make it a *lot* easier to compile from source, as it has all
> the dependencies already installed. There are some notes on how to use
> the Dockerfile here:
> https://github.com/balabit/syslog-ng/tree/master/dbld
>
> The main difference between source and binary package is like the
> difference between a recipe and a finished dish: if you have the recipe
> (source), the ingredients and tools (dependencies, compiler, etc), then
> you can cook the dish (binary package). Or you can order (download) the
> finshed food (binary package), where someone else did the cooking for
> you. :)
>
> --
> |8]
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20180508/17116bf1/attachment-0001.html>
More information about the syslog-ng
mailing list