Forgot to mention, the conf I sent is from the source host. I am just
logging to a regular syslog server. I will eventually be swapping out
my central log server to syslog-ng.
On 7/11/05, Shannon Roddy <[EMAIL PROTECTED]> wrote:
> On 7/11/05, Ryan McCain <[EMAIL PROTECTED]> wrote:
> > I'm trying to implement syslog-ng so I can have a central log host.
> > However, I am not getting any logs from other servers logged to my
> > syslog-ng server. For those who have used syslog-ng, could you look over
> > this config file and let me know if you see any typos?
> >
>
> Without looking too much at your conf, here is what works for me. I
> log both locally and remotely.
>
>
> options {
> long_hostnames(off);
> sync(0);
> stats(43200);
> };
>
> source src { unix-stream("/dev/log"); internal(); pipe("/proc/kmsg"); };
>
> destination net {udp("x.x.x.x");};
> destination messages { file("/var/log/messages"); };
>
> log { source(src); destination(net);};
> log { source(src); destination(messages); };
> log { source(src); destination(console_all); };
>
>
> destination psadpipe { pipe("/var/lib/psad/psadfifo"); };
> filter f_kerninfo { facility(kern) and level(info); };
> log { source(src); filter(f_kerninfo); destination(psadpipe); };
>
