SYSLOG-NG - 目标出现问题

SYSLOG-NG - 目标出现问题

我正在尝试为所有 Windows 消息设置一个单独的日志文件。我已经为 MSWinEventLog 设置了一个匹配项,但它完全忽略了我的配置

这是我的配置,它位于 src 对象之后

filter f_windows    { match("MSWinEventLog"); };
destination winFIFO { file("/var/log/splunk/syslog-ng/winFIFO"); };
log { source(src); filter(f_windows); destination(winFIFO); flags(final); };

最终的结果如下:

filter f_messages   { not facility(news, mail) and not filter(f_iptables); };
destination messages { file("/var/log/messages"); };
log { source(src); filter(f_messages); destination(messages); };

有人能看到我做错什么吗?

答案1

嗯...这是我的gentoo 的安全手册经过一些 iptables 修改。老实说,我不记得我是怎么写的,但也许“价值”这个术语有一定的意义?


@version: 3.0                      
#                                  
# /etc/syslog-ng.conf              
#                                  

options {
  stats_freq (0);
  flush_lines (0);
  time_reopen (10);
  log_fifo_size (1000);
  long_hostnames(off); 
  use_dns (no);        
  use_fqdn (no);       
  create_dirs (no);    
  keep_hostname (yes); 
  perm(0640);          
  group("log");        
};                     

source src {
  unix-stream("/dev/log");
  internal();             
  file("/proc/kmsg");     
};                        

destination d_authlog { file("/var/log/auth.log"); };
destination d_syslog { file("/var/log/syslog.log"); };
destination d_cron { file("/var/log/crond.log"); };   
destination d_daemon { file("/var/log/daemon.log"); };
destination d_kernel { file("/var/log/kernel.log"); };
destination d_lpr { file("/var/log/lpr.log"); };      
destination d_user { file("/var/log/user.log"); };    
destination d_uucp { file("/var/log/uucp.log"); };    
destination d_mail { file("/var/log/mail.log"); };    
destination d_news { file("/var/log/news.log"); };    
destination d_ppp { file("/var/log/ppp.log"); };      
destination d_debug { file("/var/log/debug.log"); };  
destination d_messages { file("/var/log/messages.log"); };
destination d_errors { file("/var/log/errors.log"); };    
destination d_everything { file("/var/log/everything.log"); };
destination d_iptables { file("/var/log/iptables.log"); };    
destination d_acpid { file("/var/log/acpid.log"); };          
destination d_console { usertty("root"); };                   

# Log everything to tty12
destination console_all { file("/dev/tty12"); };

filter f_auth { facility(auth); };
filter f_authpriv { facility(auth, authpriv); };
filter f_syslog { program(syslog-ng); };        
filter f_cron { facility(cron); };              
filter f_daemon { facility(daemon); };          
filter f_kernel { facility(kern) and not filter(f_iptables); };
filter f_lpr { facility(lpr); };                               
filter f_mail { facility(mail); };                             
filter f_news { facility(news); };                             
filter f_user { facility(user); };                             
filter f_uucp { facility(cron); };                             
filter f_news { facility(news); };                             
filter f_ppp { facility(local2); };                            
filter f_debug { not facility(auth, authpriv, news, mail); };  
filter f_messages { level(info..warn) and not facility(auth, authpriv, mail, news, cron) and not program(syslog-ng) and not filter(f_iptables); };              
filter f_everything { level(debug..emerg) and not facility(auth, authpriv); };
filter f_emergency { level(emerg); };
filter f_info { level(info); };
filter f_notice { level(notice); };
filter f_warn { level(warn); };
filter f_crit { level(crit); };
filter f_err { level(err); };
filter f_iptables { match("IN=" value("MESSAGE")) and match("OUT=" value("MESSAGE")); };
filter f_acpid { program("acpid"); };

log { source(src); filter(f_acpid); destination(d_acpid); };
log { source(src); filter(f_authpriv); destination(d_authlog); };
log { source(src); filter(f_syslog); destination(d_syslog); };
log { source(src); filter(f_cron); destination(d_cron); };
log { source(src); filter(f_daemon); destination(d_daemon); };
log { source(src); filter(f_kernel); destination(d_kernel); };
log { source(src); filter(f_lpr); destination(d_lpr); };
log { source(src); filter(f_mail); destination(d_mail); };
log { source(src); filter(f_news); destination(d_news); };
log { source(src); filter(f_ppp); destination(d_ppp); };
log { source(src); filter(f_user); destination(d_user); };
log { source(src); filter(f_uucp); destination(d_uucp); };
#log { source(src); filter(f_debug); destination(d_debug); };
log { source(src); filter(f_messages); destination(d_messages); };
log { source(src); filter(f_err); destination(d_errors); };
log { source(src); filter(f_emergency); destination(d_console); };
log { source(src); filter(f_everything); destination(d_everything); };
log { source(src); filter(f_iptables); destination(d_iptables); };

# Log everything to tty12
#log { source(src); destination(console_all); };

答案2

Syslog 有点问题。当我停止服务时,执行“ps -ef |grep syslog”时仍然可以看到它 - 我将其关闭,然后重新启动服务,现在它运行正常。

相关内容