- Posts: 24
- Thank you received: 0
syslog-ng trouble - long
- susetechie
- Topic Author
- Offline
- Junior Member
Less
More
18 years 10 months ago #12273
by susetechie
"Go away or I will replace you with a very small shell script"
syslog-ng trouble - long was created by susetechie
Hi All,
I am trying to get my syslog-ng server set up. it all seems ok, but
when i try to add my destination and filter at the end, i get an error
about syntax. can someone take a look and tell me what i am doing
wrong? thanks
#@SuSEconfig@
#@SuSEconfig@ This is a template file used by SuSEconfig
#@SuSEconfig@ to generate the final syslog-ng.conf.
#@SuSEconfig@
#@SuSEconfig@ SuSEconfig adds additional log sockets from
#@SuSEconfig@ /etc/sysconfig/syslog to the source bellow.
#@SuSEconfig@
#
# File format description can be found in syslog-ng.conf(5)
# and /usr/share/doc/packages/syslog-ng/syslog-ng.txt.
#
#
# Global options.
#
options {
# Number of syslog lines stored in memory before being written to
files
sync (0);
# Syslog-ng uses queues
log_fifo_size (1000);
# Create log directories as needed
create_dirs (yes);
# Make the group "logs" own the log files and directories
group (logs);
dir_group (logs);
# Set the file and directory permissions
perm (0640);
dir_perm (0750);
# Check client hostnames for valid DNS characters
check_hostname (yes);
# Specify whether to trust hostname in the log message.
# If "yes", then it is left unchanged, if "no" the server
replaces
# it with client's DNS lookup value.
keep_hostname (yes);
# Use DNS fully qualified domain names (FQDN)
# for the names of log file folders
use_fqdn (yes);
use_dns (yes);
# Cache DNS entries for up to 1000 hosts for 12 hours
dns_cache (yes);
dns_cache_size (1000);
dns_cache_expire (43200);
};
#
# 'src' is our main source definition. you can add
# more sources driver definitions to it, or define
# your own sources, i.e.:
#
#source my_src { .... };
#
source src {
#
# include internal syslog-ng messages
# note: the internal() soure is required!
#
internal();
#
# the following line will be replaced by the
# socket list generated by SuSEconfig using
# variables from /etc/sysconfig/syslog:
#
#@SuSEconfig_SOCKETS@
#
# uncomment to process log messages from network:
#
udp(ip("0.0.0.0") port(514));
};
source s_tcp { tcp(ip(x.x.x.x) port(514)); };
#
# Filter definitions
#
filter f_iptables { facility(kern) and match("IN=") and
match("OUT="); };
filter f_console { level(warn) and facility(kern) and not
filter(f_iptables)
or level(err) and not facility(authpriv); };
filter f_newsnotice { level(notice) and facility(news); };
filter f_newscrit { level(crit) and facility(news); };
filter f_newserr { level(err) and facility(news); };
filter f_news { facility(news); };
filter f_mailinfo { level(info) and facility(mail); };
filter f_mailwarn { level(warn) and facility(mail); };
filter f_mailerr { level(err, crit) and facility(mail); };
filter f_mail { facility(mail); };
filter f_cron { facility(cron); };
filter f_local { facility(local0, local1, local2, local3,
local4, local5, local6, local7); };
filter f_messages { not facility(news, mail) and not
filter(f_iptables); };
filter f_warn { level(warn, err, crit) and not
filter(f_iptables); };
filter f_alert { level(alert); };
#filter hq-it-name
filter hq_it_name { host("x.x.x.x"); };
#
# Most warning and errors on tty10 and on the xconsole pipe:
#
destination console { file("/dev/tty10" group(tty) perm(0620)); };
log { source(src); filter(f_console); destination(console); };
destination xconsole { pipe("/dev/xconsole" group(tty) perm(0400)); };
log { source(src); filter(f_console); destination(xconsole); };
# Enable this, if you want that root is informed immediately,
# e.g. of logins:
#
#destination root { usertty("root"); };
#log { source(src); filter(f_alert); destination(root); };
#
# News-messages in separate files:
#
destination newscrit { file("/var/log/news/news.crit"); };
log { source(src); filter(f_newscrit); destination(newscrit); };
destination newserr { file("/var/log/news/news.err"); };
log { source(src); filter(f_newserr); destination(newserr); };
destination newsnotice { file("/var/log/news/news.notice"); };
log { source(src); filter(f_newsnotice); destination(newserr); };
#
# and optionally also all in one file:
#
#destination news { file("/var/log/news.all"); };
#log { source(src); filter(f_news); destination(news); };
#
# Mail-messages in separate files:
#
destination mailinfo { file("/var/log/mail.info"); };
log { source(src); filter(f_mailinfo); destination(mailinfo); };
destination mailwarn { file("/var/log/mail.warn"); };
log { source(src); filter(f_mailwarn); destination(mailwarn); };
destination mailerr { file("/var/log/mail.err" fsync(yes)); };
log { source(src); filter(f_mailerr); destination(mailerr); };
#
# and also all in one file:
#
destination mail { file("/var/log/mail"); };
log { source(src); filter(f_mail); destination(mail); };
#
# Cron-messages in one file:
#
#destination cron { file("/var/log/cron"); };
#log { source(src); filter(f_cron); destination(cron); };
#
# Some boot scripts use/require local[1-7]:
#
destination localmessages { file("/var/log/localmessages"); };
log { source(src); filter(f_local); destination(localmessages); };
#
# All messages except iptables and the facilities news and mail:
#
destination messages { file("/var/log/messages"); };
log { source(src); filter(f_messages); destination(messages); };
#
# Firewall (iptables) messages in one file:
#
destination firewall { file("/var/log/firewall"); };
log { source(src); filter(f_iptables); destination(firewall); };
#
# Warnings (except iptables) in one file:
#
destination warn { file("/var/log/warn" fsync(yes)); };
log { source(src); filter(f_warn); destination(warn); };
#
# Enable this, if you want to keep all messages in one file:
#
#destination allmessages { file("/var/log/allmessages"); };
#log { source(src); destination(allmessages); };
#Log messages from hq-it-mwilliams
destination local_network {
file
("/var/log/syslog-ng/$YEAR.$MONTH.$DAY/$HOST/$FACILITY.log");
log { source(s_tcp); filter(hq_it_name); destination(local_network); };
I get an error stating syntax error on line 240, being:
log { source(s_tcp); filter(hq_it_name); destination(local_network); };
Can someone tell me what the deal is?
TIA,
susetechie
I am trying to get my syslog-ng server set up. it all seems ok, but
when i try to add my destination and filter at the end, i get an error
about syntax. can someone take a look and tell me what i am doing
wrong? thanks
#@SuSEconfig@
#@SuSEconfig@ This is a template file used by SuSEconfig
#@SuSEconfig@ to generate the final syslog-ng.conf.
#@SuSEconfig@
#@SuSEconfig@ SuSEconfig adds additional log sockets from
#@SuSEconfig@ /etc/sysconfig/syslog to the source bellow.
#@SuSEconfig@
#
# File format description can be found in syslog-ng.conf(5)
# and /usr/share/doc/packages/syslog-ng/syslog-ng.txt.
#
#
# Global options.
#
options {
# Number of syslog lines stored in memory before being written to
files
sync (0);
# Syslog-ng uses queues
log_fifo_size (1000);
# Create log directories as needed
create_dirs (yes);
# Make the group "logs" own the log files and directories
group (logs);
dir_group (logs);
# Set the file and directory permissions
perm (0640);
dir_perm (0750);
# Check client hostnames for valid DNS characters
check_hostname (yes);
# Specify whether to trust hostname in the log message.
# If "yes", then it is left unchanged, if "no" the server
replaces
# it with client's DNS lookup value.
keep_hostname (yes);
# Use DNS fully qualified domain names (FQDN)
# for the names of log file folders
use_fqdn (yes);
use_dns (yes);
# Cache DNS entries for up to 1000 hosts for 12 hours
dns_cache (yes);
dns_cache_size (1000);
dns_cache_expire (43200);
};
#
# 'src' is our main source definition. you can add
# more sources driver definitions to it, or define
# your own sources, i.e.:
#
#source my_src { .... };
#
source src {
#
# include internal syslog-ng messages
# note: the internal() soure is required!
#
internal();
#
# the following line will be replaced by the
# socket list generated by SuSEconfig using
# variables from /etc/sysconfig/syslog:
#
#@SuSEconfig_SOCKETS@
#
# uncomment to process log messages from network:
#
udp(ip("0.0.0.0") port(514));
};
source s_tcp { tcp(ip(x.x.x.x) port(514)); };
#
# Filter definitions
#
filter f_iptables { facility(kern) and match("IN=") and
match("OUT="); };
filter f_console { level(warn) and facility(kern) and not
filter(f_iptables)
or level(err) and not facility(authpriv); };
filter f_newsnotice { level(notice) and facility(news); };
filter f_newscrit { level(crit) and facility(news); };
filter f_newserr { level(err) and facility(news); };
filter f_news { facility(news); };
filter f_mailinfo { level(info) and facility(mail); };
filter f_mailwarn { level(warn) and facility(mail); };
filter f_mailerr { level(err, crit) and facility(mail); };
filter f_mail { facility(mail); };
filter f_cron { facility(cron); };
filter f_local { facility(local0, local1, local2, local3,
local4, local5, local6, local7); };
filter f_messages { not facility(news, mail) and not
filter(f_iptables); };
filter f_warn { level(warn, err, crit) and not
filter(f_iptables); };
filter f_alert { level(alert); };
#filter hq-it-name
filter hq_it_name { host("x.x.x.x"); };
#
# Most warning and errors on tty10 and on the xconsole pipe:
#
destination console { file("/dev/tty10" group(tty) perm(0620)); };
log { source(src); filter(f_console); destination(console); };
destination xconsole { pipe("/dev/xconsole" group(tty) perm(0400)); };
log { source(src); filter(f_console); destination(xconsole); };
# Enable this, if you want that root is informed immediately,
# e.g. of logins:
#
#destination root { usertty("root"); };
#log { source(src); filter(f_alert); destination(root); };
#
# News-messages in separate files:
#
destination newscrit { file("/var/log/news/news.crit"); };
log { source(src); filter(f_newscrit); destination(newscrit); };
destination newserr { file("/var/log/news/news.err"); };
log { source(src); filter(f_newserr); destination(newserr); };
destination newsnotice { file("/var/log/news/news.notice"); };
log { source(src); filter(f_newsnotice); destination(newserr); };
#
# and optionally also all in one file:
#
#destination news { file("/var/log/news.all"); };
#log { source(src); filter(f_news); destination(news); };
#
# Mail-messages in separate files:
#
destination mailinfo { file("/var/log/mail.info"); };
log { source(src); filter(f_mailinfo); destination(mailinfo); };
destination mailwarn { file("/var/log/mail.warn"); };
log { source(src); filter(f_mailwarn); destination(mailwarn); };
destination mailerr { file("/var/log/mail.err" fsync(yes)); };
log { source(src); filter(f_mailerr); destination(mailerr); };
#
# and also all in one file:
#
destination mail { file("/var/log/mail"); };
log { source(src); filter(f_mail); destination(mail); };
#
# Cron-messages in one file:
#
#destination cron { file("/var/log/cron"); };
#log { source(src); filter(f_cron); destination(cron); };
#
# Some boot scripts use/require local[1-7]:
#
destination localmessages { file("/var/log/localmessages"); };
log { source(src); filter(f_local); destination(localmessages); };
#
# All messages except iptables and the facilities news and mail:
#
destination messages { file("/var/log/messages"); };
log { source(src); filter(f_messages); destination(messages); };
#
# Firewall (iptables) messages in one file:
#
destination firewall { file("/var/log/firewall"); };
log { source(src); filter(f_iptables); destination(firewall); };
#
# Warnings (except iptables) in one file:
#
destination warn { file("/var/log/warn" fsync(yes)); };
log { source(src); filter(f_warn); destination(warn); };
#
# Enable this, if you want to keep all messages in one file:
#
#destination allmessages { file("/var/log/allmessages"); };
#log { source(src); destination(allmessages); };
#Log messages from hq-it-mwilliams
destination local_network {
file
("/var/log/syslog-ng/$YEAR.$MONTH.$DAY/$HOST/$FACILITY.log");
log { source(s_tcp); filter(hq_it_name); destination(local_network); };
I get an error stating syntax error on line 240, being:
log { source(s_tcp); filter(hq_it_name); destination(local_network); };
Can someone tell me what the deal is?
TIA,
susetechie
"Go away or I will replace you with a very small shell script"
Time to create page: 0.123 seconds