| View previous topic :: View next topic |
| Author |
Message |
flipnode
Apprentice
Joined: 03 Oct 2004
Posts: 172
Location: USA
|
 Posted: Sat Mar 12, 2005 2:44 am Post subject: Syslog-ng configuration setup / filters |
 |
|
I am configuring the syslog-ng.conf file, i'm not sure exactly what filters do? Maybe someone can explain this to me.
Also, any good url links explaining about syslog-ng configuration? I've found 1 on my own, just maybe someone has something that will help me out more.
Thanks guys..
_________________
I think Gentoo is great! |
|
| Back to top |
|
 |
Sith_Happens
Veteran
Joined: 15 Dec 2004
Posts: 1807
Location: The University of Maryland at College Park
|
| Posted: Sat Mar 12, 2005 3:09 am Post subject: |
|
|
Configuring Syslog-ng is really simple, you define sources, filters, and destinations, then you define a log action, which gets information from a destination, filters it according to one or more filters you define, then logs it to a destination. First you have sources, like this: | Code: | | source local { unix-stream("/dev/log"); internal(); }; |
It can also be written like this (more like C code) | Code: | source local
{
unix-stream("/dev/log");
internal();
}; |
Another example of a good source is /proc/kmsg for kernel messages. Then you have filters. You can filter based on log level, program, string matching, and you can combine different filter functions using logical operators within a single filter to create advanced filtering actions. If you wanted to log shorewall messages to a seperate file, then it would be a good idea to have a filter which looks for lines that contain the string "Shorewall": | Code: | | filter shorewall { match("Shorewall"); }; |
Then, there are the destinations, the files or devices (like tty's) that you want to log to. In this case we create a destination entry to a file called shorewall.log in /var/log: | Code: | | destination shorewall { file("/var/log/shorewall.log"); }; |
Then finally you put it all together in a log entry, we take the source we made, filter it using our shorewall filter, then log it to /var/log/shorewall: | Code: | | log { source(local); filter(shorewall); destination(shorewall); }; |
Here is a gentoo wiki entry which can give you a more in depth explanation.
_________________
"That question was less stupid; though you asked it in a profoundly stupid way."
I'm the brains behind Jackass! | Tutorials: Shorewall |
|
| Back to top |
|
|
flipnode
Apprentice
Joined: 03 Oct 2004
Posts: 172
Location: USA
|
| Posted: Sun Mar 13, 2005 9:33 am Post subject: |
|
|
Thanks man, good info:P
_________________
I think Gentoo is great! |
|
| Back to top |
|
|
59729
Apprentice
Joined: 21 Jun 2004
Posts: 279
|
| Posted: Sun Mar 13, 2005 12:31 pm Post subject: |
|
|
| Except the /proc/kmsg, seems I't doesn't contain anything and if I cat it it just stands there doing nothing untill i break the attempt ^C |
|
| Back to top |
|
|
Sith_Happens
Veteran
Joined: 15 Dec 2004
Posts: 1807
Location: The University of Maryland at College Park
|
| Posted: Sun Mar 13, 2005 1:16 pm Post subject: |
|
|
the format is | Code: | source kern{ pipe (/proc/kmsg);};
#or
source kern{ file (/proc/kmsg);}; |
The reason you can't use cat to read the file, is it only "contains" anything when there is a kernel message, it doesn't act like a log file, otherwise you wouldn't need syslog-ng. 
_________________
"That question was less stupid; though you asked it in a profoundly stupid way."
I'm the brains behind Jackass! | Tutorials: Shorewall |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
Networking & Security
