• 6
name

A PHP Error was encountered

Severity: Notice

Message: Undefined index: userid

Filename: views/question.php

Line Number: 191

Backtrace:

File: /home/prodcxja/public_html/questions/application/views/question.php
Line: 191
Function: _error_handler

File: /home/prodcxja/public_html/questions/application/controllers/Questions.php
Line: 433
Function: view

File: /home/prodcxja/public_html/questions/index.php
Line: 315
Function: require_once

name Punditsdkoslkdosdkoskdo

Filtering dpkg logs in syslog-ng

I am new to syslog-ng, and I am setting a syslog-ng, where I am receiving logs of syslog, auth.log and dpkg.log. Although I was able to get the logs for syslog and auth.log, but I am unable to write the dpkg logs to seperate file and it is getting written in both dpkg log files as well as syslog log files. The configuration file for the server is as follows:

options {
    create_dirs(yes);
    owner(root);
    group(root);
    perm(0640);
    dir_owner(root);
    dir_group(root);
    dir_perm(0750);
};

source s_dl {
   network (
   transport("tcp")
   port(3993)
);
};

filter f_dpkg{
    tags("dpkg");
};

destination d_host-specific {

  file("/var/log/servers/$HOST/$YEAR/$MONTH/$HOST-$YEAR-$MONTH-$DAY.log");
};

destination d_syslog {
        file("/var/log/servers/$HOST/$YEAR/$MONTH/$HOST-$YEAR-$MONTH-$DAY-syslog.log");
};

destination d_dpkg {
    file("/var/log/servers/$HOST/$YEAR/$MONTH/$HOST-$YEAR-$MONTH-$DAY-dpkg.log");
};

log {
    source(s_dl);
    filter(f_auth);
    destination(d_host-specific);
};

log {
    source(s_dl);
    filter(f_syslog3);
    destination(d_syslog);
 };

log{
    source(s_dl);
    filter(f_dpkg);
    destination(d_dpkg);
};

The configuration file for the syslog-ng client is as follows:

 source s_dpkg {
   file('/var/log/dpkg.log'); tags('dpkg'));
 };
 destination d_net { tcp("192.168.48.15" port(3993)); };
 filter f_tag { tags("dpkg"); };
 log { source(s_src); filter(f_auth); destination(d_net);};
 log { source(s_src); filter(f_syslog3); destination(d_net);};
 log { source(s_dpkg); filter(f_test); destination(d_net);};

Can anybody point me out where my mistake is or what should be the proper way to get the details. Note: I need to use the same port for accepting all logs of a single host as I cannot keep on adding new ports to accept different logs from the same machine.

The problem is that the tag that your client adds to dpkg messages is not transferred to the server side (because it's not a part of the original message).

Also, it seems to me that this whole tagging is needed because the original dpkg logs do not fill the PROGRAM field of the syslog messages. So the easiest way to solve the problem IMHO is:

HTH

  • 0
Reply Report

Warm tip !!!

This article is reproduced from Stack Exchange / Stack Overflow, please click

Trending Tags