for gods sake! the syslog-ng doesnt run the filters i did, please help.
Dest.:debian
i installed the syslog-ng without apt-get.
unpacking
configure
make
make install
(worked fine!)
then i wrote a (small) init script
> vi /etc/init.d/syslog-ng script
Code:
#! /bin/sh
# /etc/init.d/syslog-ng
#
test -f /usr/sbin/syslog-ng | exit 0
case "$1" in
start)
echo -n "Starting syslog-ng .."
start-stop-daemon --start --quiet --exec /usr/local/sbin/syslog-ng
echo
;;
stop)
echo "Stoping syslog-ng .."
start-stop-daemon --stop --quiet --pidfile /var/run/syslog-ng.pid
echo
;;
restart)
$0 stop
sleep 1
$0 start
;;
*)
echo "Usage: /etc/init.d/syslog-ng {start|stop}"
exit 1
;;
esac
exit 0
then i did
> update-rc.d syslog-ng default
(worked fine!)
> vi /usr/local/etc/syslog-ng/syslog-ng.conf
Code:
# syslog-ng configuration file.
options {
sync (0);
time_reopen (10);
log_fifo_size (1000);
long_hostnames (off);
use_dns (no);
use_fqdn (no);
create_dirs (no);
keep_hostname (yes);
};
source s_sys { file ("/proc/kmsg" log_prefix("kernel: "));
unix-stream ("/dev/log");
internal();
# udp(ip(0.0.0.0) port(514));
};
destination d_cons { file("/dev/console"); };
destination d_mesg { file("/var/log/messages"); };
destination d_auth { file("/var/log/secure"); };
destination d_mail { file("/var/log/maillog" sync(10)); };
destination d_spol { file("/var/log/spooler"); };
destination d_boot { file("/var/log/boot.log"); };
destination d_cron { file("/var/log/cron"); };
destination d_mlal { usertty("*"); };
##########
destination d_arpw {
file("/var/log/arpwatch.log");
};
##########
filter f_filter2 { level(info..emerg) and
not facility(mail,authpriv,cron); };
filter f_filter3 { facility(authpriv); };
filter f_filter4 { facility(mail); };
filter f_filter5 { level(emerg); };
filter f_filter6 { facility(uucp) or
(facility(news) and level(crit..emerg)); };
filter f_filter7 { facility(local7); };
filter f_filter8 { facility(cron); };
##########
filter f_arpw {
match("arpwatch");
};
##########
#log { source(s_sys); filter(f_filter1); destination(d_arpw); };
log { source(s_sys); filter(f_filter2); destination(d_mesg); };
log { source(s_sys); filter(f_filter3); destination(d_auth); };
log { source(s_sys); filter(f_filter4); destination(d_mail); };
log { source(s_sys); filter(f_filter5); destination(d_mlal); };
log { source(s_sys); filter(f_filter6); destination(d_spol); };
log { source(s_sys); filter(f_filter7); destination(d_boot); };
log { source(s_sys); filter(f_filter8); destination(d_cron); };
##########
log {
source(s_sys);
filter(f_arpw);
destination(d_arpw);
};
##########
i am trying to somehow work around the error output of arpwatch but cant even start to write some script because syslog-ng
just doesnt write ANYTHING to /var/log/arpwatch.log
please help im trying to fix this for days and just cant get it to run. what did i miss?
