S O L V E D ! Thanks to all who participated especially Darryl - The answer was staring me in the face all the time. At the very top of the file gives the clue
All that is required is simply
source src {internal(); udp(ip(0.0.0.0) port(514)); };
This line is present in PC IP that receives the data and without a
destination will default to the system log "messages"
Open KSystem Log - Default log is the system or messages file - The data
is all present and changes before my eyes.
We all did it and personally I would like to know if anyone has success
in creating an additional source. I really don't believe its possible.
Good Night All 00:27
Scott
Registration Account wrote:
> I want to build a Syslog Server. I have a Linux Log file viewer so most
> of the work is done. http://www.kiwisyslog.com/log-viewer-v2-beta-info.htm
> I needs syslog-ng to listen to UDP/514 and write a continuous file on
> the information it hears. Fortunately I do not need any log rotation as
> the file is only text base and although it has the potential to reach
> large sizes I can deal with a lot of space.
> Syslog-ng appears to have many config files and I am not sure which to
> modify.
> Can anyone assist me with this short line of syntax, given the above
> Linux Log file's ability to display the file as it changes and the
> various parameters it uses, some of which I understand but not all.
> The ability to NOT have to maintain a M$ PC just to be a Syslog +daemon
> would be a breakthrough for so many sysop's who require real time syslog
> data.
> Data from my multiple IDS's is sent to my current M$ Windows
> Syslog+Daemon, however I do have a large Linux IDS Management Module
> that does number crunching, provides warnings and reports but cannot
> display the data in realtime. Syslog data is sent to UDP/514 to
> Facility's numbering Local 0-7. The text stream looks something like
>
> [2007-04-21 17:31:55] <6>EFW: ALG: prio=1 algmod=http algsesid=70500
> action=close reason=backlisted_url
> url="www.download.windowsupdate.com/msdownload/update/v3-19990518/ca"
> peer=client connipproto=TCP connrecvif=LAN connsrcip=192.168.100.40
> connsrcport=3767 conndestif=core conndestip=202.158.212.136
> conndestport=80 origsent=364 termsent=84
>
> Where the number enclosed by < > is equal to
>
> 0 Emergency: system is unusable
> 1 Alert: action must be taken immediately
> 2 Critical: critical conditions
> 3 Error: error conditions
> 4 Warning: warning conditions
> 5 Notice: normal but significant condition
> 6 Informational: informational messages
> 7 Debug: debug-level message
>
> If anyone is really board and wants to learn about the convention there is a
> short war and piece version at http://www.faqs.org/rfcs/rfc3164.html
>
> Dont worry about understand the text, thats my job. I just offer it as
> an example for delineation purposes.
>
> I know this is a big ask, but no one but no one currently produces as
> Linux Syslog Daemon + Log Viewer.
> In my reading of my 2000 page into to C++, I have only got to page 95
> and I know this is a 3 line entry into a config.
> Please tell me if I ask too much.
>
> Many thanks if anyone can assist.
>
> Scott :'(
>
>
smime.p7s
Description: S/MIME Cryptographic Signature
