I want to build a Syslog Server. I have a Linux Log file viewer so most of the work is done. http://www.kiwisyslog.com/log-viewer-v2-beta-info.htm I needs syslog-ng to listen to UDP/514 and write a continuous file on the information it hears. Fortunately I do not need any log rotation as the file is only text base and although it has the potential to reach large sizes I can deal with a lot of space. Syslog-ng appears to have many config files and I am not sure which to modify. Can anyone assist me with this short line of syntax, given the above Linux Log file's ability to display the file as it changes and the various parameters it uses, some of which I understand but not all. The ability to NOT have to maintain a M$ PC just to be a Syslog +daemon would be a breakthrough for so many sysop's who require real time syslog data. Data from my multiple IDS's is sent to my current M$ Windows Syslog+Daemon, however I do have a large Linux IDS Management Module that does number crunching, provides warnings and reports but cannot display the data in realtime. Syslog data is sent to UDP/514 to Facility's numbering Local 0-7. The text stream looks something like
[2007-04-21 17:31:55] <6>EFW: ALG: prio=1 algmod=http algsesid=70500 action=close reason=backlisted_url url="www.download.windowsupdate.com/msdownload/update/v3-19990518/ca" peer=client connipproto=TCP connrecvif=LAN connsrcip=192.168.100.40 connsrcport=3767 conndestif=core conndestip=202.158.212.136 conndestport=80 origsent=364 termsent=84 Where the number enclosed by < > is equal to 0 Emergency: system is unusable 1 Alert: action must be taken immediately 2 Critical: critical conditions 3 Error: error conditions 4 Warning: warning conditions 5 Notice: normal but significant condition 6 Informational: informational messages 7 Debug: debug-level message If anyone is really board and wants to learn about the convention there is a short war and piece version at http://www.faqs.org/rfcs/rfc3164.html Dont worry about understand the text, thats my job. I just offer it as an example for delineation purposes. I know this is a big ask, but no one but no one currently produces as Linux Syslog Daemon + Log Viewer. In my reading of my 2000 page into to C++, I have only got to page 95 and I know this is a 3 line entry into a config. Please tell me if I ask too much. Many thanks if anyone can assist. Scott :'(
smime.p7s
Description: S/MIME Cryptographic Signature
