Thank you Carlos, Those few lines of code are just what I need. Yes off course I can use KsystemLog - its all set up to chase the file as it grows by the millisecond and has a wide application use. An Xterm will not offer as much I feel. With respect to the substitution of the Priority codes below in place of the value contained the string below as <?> is that also as easy to achieve. Please let me know where to send chocolate! With great thanks and appreciation Scott 2007-04-21 17:31:55] <6>EFW: ALG: prio=1 algmod=http algsesid=70500 action=close reason=backlisted_url url="www.download.windowsupdate.com/msdownload/update/v3-19990518/ca" peer=client connipproto=TCP connrecvif=LAN connsrcip=192.168.100.40 connsrcport=3767 conndestif=core conndestip=202.158.212.136 conndestport=80 origsent=364 termsent=84 Where the number enclosed by < > is equal to 0 Emergency: system is unusable 1 Alert: action must be taken immediately 2 Critical: critical conditions 3 Error: error conditions 4 Warning: warning conditions 5 Notice: normal but significant condition 6 Informational: informational messages 7 Debug: debug-level message Carlos E. R. wrote:
The Saturday 2007-04-21 at 18:05 +1000, Registration Account wrote:
Syslog-ng appears to have many config files and I am not sure which to modify.
I see only one - where are you looking at?
/etc/syslog-ng/syslog-ng.conf
Can anyone assist me with this short line of syntax, given the above Linux Log file's ability to display the file as it changes and the various parameters it uses, some of which I understand but not all. The ability to NOT have to maintain a M$ PC just to be a Syslog +daemon would be a breakthrough for so many sysop's who require real time syslog data.
To log external sources, I add:
source ext { udp(ip("0.0.0.0") port(514)); };
below the existing "source src {... };" section. Later on, I add, for instance:
filter f_router { host("router"); }; ... destination router { file("/var/log/router"); }; log { source(ext); filter(f_router); destination(router); };
I know this is a big ask, but no one but no one currently produces as Linux Syslog Daemon + Log Viewer.
Viewer? I just use plain "less /var/log/file" in an xterm. Or "tailf ..." for a continuous display with less resources spent.
Viewing the log is a completely diferent task from logging it.