-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
The Wednesday 2007-05-23 at 09:43 +1000, Registration Account wrote:
> Darryl I tested yesterday with the space and there is no difference.
>
> I did however make some progress with the following
>
> source src { unix-stream("/var/log/skot"); internal(); udp(ip(0.0.0.0)
> port(514)); };
>
> This script does parse and it does create a file names "skot" and it
> does bind with UDP 514, however it writes nothing.
I don't think it would. The "source" definition is for reading, not
writing. See the manual:
* unix-stream <filename> - reads messages from the given AF_UNIX,
SOCK_STREAM socket (Linux style)
Where did you got the idea it would write there from?
> I think I know need
> to specify the "facility" =="Local0" to which the sending device
> defines. With Wireshark I can just listen to UDP514 and see the
> truncated data, however syslog-ng seems not to be written that easy.
>
> It appears that in the case where we want syslog-ng to listen to a port,
> we cannot use regular source syntax and form. It appears from the manual
> that the moment the source is a "port" the source logic and syntax
> changes dramatically.
No, it doesn't.
> Now I think I only need to specify the correct facility. I dont think
> (rightfully) syslog-ng has a command that globally listens to 'anything'
> on a port
>
> Your thoughts if you have time.
What I do is this:
source src {
...
...
...
};
source ext {
udp(ip("0.0.0.0") port(514));
};
filter f_router { host("router"); };
destination router { file("/var/log/router"); };
log { source(ext); filter(f_router); destination(router); };
This logs everything from the external host "router" to the file
"/var/log/router". Everything, all facilities, all levels - in linux
standard format, of course.
- --
Cheers,
Carlos E. R.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: Made with pgp4pine 1.76
iD8DBQFGU5cAtTMYHG2NR9URAhojAJwIXJgagYzQu3OIEm54bT4QB/PiFgCfaoZo
Q6y2RiG735nl8hHaMwOfg9U=
=F0jO
-----END PGP SIGNATURE-----
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
