配置文件中的默认配置syslog-ng工作正常,即服务正在成功保存传入的系统日志事件。但是,当syslog-ng修改配置文件以将系统日志数据保存在另一个位置时,该服务不会将数据保存在旧目标和新目标中。
RHEL-6.5
下面是配置文件:
@version:3.2
# syslog-ng configuration file.
options {
flush_lines (0);
time_reopen (10);
log_fifo_size (1000);
long_hostnames (off);
use_dns (no);
use_fqdn (no);
create_dirs (yes);
keep_hostname (yes);
chain_hostnames(off);
dir_perm(0775);
perm(0775);
};
source s_sys {
file ("/proc/kmsg" program_override("kernel: "));
unix-stream ("/dev/log");
internal(); #
};
# Capture incoming events on port 514
source s_net{udp(port(514));};
# Specify the destinations
destination d_cons { file("/dev/console"); };
destination d_mesg { file("/var/log/$HOST/messages-$YEAR$MONTH$DAY"); };
destination d_auth { file("/var/log/$HOST/secure"); };
destination d_mail { file("/var/log/$HOST/maillog" flush_lines(10)); };
destination d_spol { file("/var/log/$HOST/spooler"); };
destination d_boot { file("/var/log/$HOST/boot.log"); };
destination d_cron { file("/var/log/$HOST/cron"); };
destination d_kern { file("/var/log/$HOST/kern"); };
#destination d_mlal { usertty("*"); };
#destination d_all { file("/var/log/$HOST/"); };
答案1
您忘记设置日志块...例如:
log { source(s_net); destination(d_cons); };