by I am having an issue with my syslog-ng. I recently installed syslog-ng
version 1.5.19 and configured it with the following configuration (at end
of post).
It should read from /dev/log and /proc/kmsg and then filter them
accordingly. Unfortunately I noticed that sometimes it freezes up and needs
to be restarted. In my firewall log (everything that iptables outputs) I
noticed 2 hours without anything in the log, which is impossible. I also
noticed garbled lines that dmesg shows correctly. Here is an example:
Restarting syslog-ng usually solves that problem.
So, my question is, how do I fix syslog-ng? Or should I use klog with some
options set so that all messages are logged.
Thanks,
Scott
# Global Options
options { sync( 0 ); mark( 600 ); };
# Valid sources are /dev/log and the kernel
source src { unix-stream( "/dev/log" ); file( "/proc/kmsg" ); internal(); };
# Create output destinations
destination mailfile { file( "/var/log/maillog-ng" ); }; # Put mail stuff here
destination messages { file( "/var/log/messages-ng" ); }; #system stuff here
destination firewall { file( "/var/log/firewall-ng" ); }; #Firewall stuff
# handle mail messages imap and sendmail are the only ones used right now
filter mail { match( "sendmail" ) or match( "imapd" ); };
filter notmail { not match( "imapd" ) and not match( "sendmail" ); };
# filter fireall log stuff
filter firewall { match( "firewall:" ); };
filter notfirewall { not match( "firewall:" ); };
# Log the mail stuff to the mail file
log { source( src ); filter( mail ); destination( mailfile ); };
# Log the firewall stuff to the firewall log
log { source( src ); filter( firewall ); destination( firewall ); };
# Do not log mail stuff to messages, do not log camera stuff either
log { source( src ); filter( notmail ); filter( notfirewall ); destination( mess
ages ); };