Thank you Carlos, Those few lines of code are just what I need. Yes off course I can use KsystemLog - its all set up to chase the file as it grows by the millisecond and has a wide application use. An Xterm will not offer as much I feel.
With respect to the substitution of the Priority codes below in place of
the value contained the string below as <?> is that also as easy to achieve.
Please let me know where to send chocolate!
With great thanks and appreciation
Scott
2007-04-21 17:31:55] <6>EFW: ALG: prio=1 algmod=http algsesid=70500
action=close reason=backlisted_url
url="www.download.windowsupdate.com/msdownload/update/v3-19990518/ca"
peer=client connipproto=TCP connrecvif=LAN connsrcip=192.168.100.40
connsrcport=3767 conndestif=core conndestip=202.158.212.136
conndestport=80 origsent=364 termsent=84
Where the number enclosed by < > is equal to
0 Emergency: system is unusable
1 Alert: action must be taken immediately
2 Critical: critical conditions
3 Error: error conditions
4 Warning: warning conditions
5 Notice: normal but significant condition
6 Informational: informational messages
7 Debug: debug-level message
Carlos E. R. wrote:
>
> The Saturday 2007-04-21 at 18:05 +1000, Registration Account wrote:
>
> > Syslog-ng appears to have many config files and I am not sure which to
> > modify.
>
> I see only one - where are you looking at?
>
> /etc/syslog-ng/syslog-ng.conf
>
> > Can anyone assist me with this short line of syntax, given the above
> > Linux Log file's ability to display the file as it changes and the
> > various parameters it uses, some of which I understand but not all.
> > The ability to NOT have to maintain a M$ PC just to be a Syslog +daemon
> > would be a breakthrough for so many sysop's who require real time syslog
> > data.
>
> To log external sources, I add:
>
> source ext {
> udp(ip("0.0.0.0") port(514));
> };
>
> below the existing "source src {... };" section. Later on, I add, for
> instance:
>
> filter f_router { host("router"); };
> ...
> destination router { file("/var/log/router"); };
> log { source(ext); filter(f_router); destination(router); };
>
>
>
> > I know this is a big ask, but no one but no one currently produces as
> > Linux Syslog Daemon + Log Viewer.
>
> Viewer? I just use plain "less /var/log/file" in an xterm. Or "tailf ..."
> for a continuous display with less resources spent.
>
> Viewing the log is a completely diferent task from logging it.
>
smime.p7s
Description: S/MIME Cryptographic Signature
