-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Wednesday 2007-05-23 at 09:43 +1000, Registration Account wrote:
Darryl I tested yesterday with the space and there is no difference.
I did however make some progress with the following
source src { unix-stream("/var/log/skot"); internal(); udp(ip(0.0.0.0) port(514)); };
This script does parse and it does create a file names "skot" and it does bind with UDP 514, however it writes nothing.
I don't think it would. The "source" definition is for reading, not writing. See the manual: * unix-stream <filename> - reads messages from the given AF_UNIX, SOCK_STREAM socket (Linux style) Where did you got the idea it would write there from?
I think I know need to specify the "facility" =="Local0" to which the sending device defines. With Wireshark I can just listen to UDP514 and see the truncated data, however syslog-ng seems not to be written that easy.
It appears that in the case where we want syslog-ng to listen to a port, we cannot use regular source syntax and form. It appears from the manual that the moment the source is a "port" the source logic and syntax changes dramatically.
No, it doesn't.
Now I think I only need to specify the correct facility. I dont think (rightfully) syslog-ng has a command that globally listens to 'anything' on a port
Your thoughts if you have time.
What I do is this: source src { ... ... ... }; source ext { udp(ip("0.0.0.0") port(514)); }; filter f_router { host("router"); }; destination router { file("/var/log/router"); }; log { source(ext); filter(f_router); destination(router); }; This logs everything from the external host "router" to the file "/var/log/router". Everything, all facilities, all levels - in linux standard format, of course. - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Made with pgp4pine 1.76 iD8DBQFGU5cAtTMYHG2NR9URAhojAJwIXJgagYzQu3OIEm54bT4QB/PiFgCfaoZo Q6y2RiG735nl8hHaMwOfg9U= =F0jO -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org