Need help configuring syslog-ng

[frank56]

I tried configuring syslog-ng but got configuration error, so I went back to my previous default settings. Consider me a newbie, even though I was able to boot successfully from my kernel config.

Here is my default syslog:

frank frank # cat /etc/syslog-ng/syslog-ng.conf.old
@version: 3.0
# $Header: /var/cvsroot/gentoo-x86/app-admin/syslog-ng/files/syslog-ng.conf.gentoo.3,v 1.1 2010/04/06 02:11:35 mr_bones_ Exp $
#
# Syslog-ng default configuration file for Gentoo Linux

options {
chain_hostnames(no);

# The default action of syslog-ng is to log a STATS line
# to the file every 10 minutes. That's pretty ugly after a while.
# Change it to every 12 hours so you get a nice daily update of
# how many messages syslog-ng missed (0).
stats_freq(43200);
};

source src {
unix-stream("/dev/log" max-connections(256));
internal();
file("/proc/kmsg");
};

destination messages { file("/var/log/messages"); };

# By default messages are logged to tty12...
destination console_all { file("/dev/tty12"); };
# ...if you intend to use /dev/console for programs like xconsole
# you can comment out the destination line above that references /dev/tty12
# and uncomment the line below.
#destination console_all { file("/dev/console"); };

log { source(src); destination(messages); };
log { source(src); destination(console_all); };

I have also emerged dcron and logrotate

Here is my trial config that failed:

$Header: /var/cvsroot/gentoo-x86/app-admin/syslog-ng/files/syslog-ng.conf.gentoo.3,v 1.1 2010/04/06 02:11:35 mr_bones_ Exp $
#
# Syslog-ng default configuration file for Gentoo Linux

options {
chain_hostnames(no);

# The default action of syslog-ng is to log a STATS line
# to the file every 10 minutes. That's pretty ugly after a while.
# Change it to every 12 hours so you get a nice daily update of
# how many messages syslog-ng missed (0).
stats_freq(43200);
};

source src {
unix-stream("/dev/log" max-connections(256));
internal();
file("/proc/kmsg");
};

destination messages { file("/var/log/messages"); };
destination cron { file("/var/log/cron.log"); };
destination auth { file("/var/log/auth.log"); };

filter f_messages { not facility(cron, auth. autpriv);
filter f_cron { facility(cron; };
filter f_auth { facility(auth, authpriv); };

filter f_warnplus { level(warn, err, crit, emerg); };


# By default messages are logged to tty12...
destination console_all { file("/dev/tty12"); };
# ...if you intend to use /dev/console for programs like xconsole
# you can comment out the destination line above that references /dev/tty12
# and uncomment the line below.
#destination console_all { file("/dev/console"); };

log { source(src); filter(d_cron); filter(f_warnplus); destination(cron); };
log { source(src); filter(f_auth); destination(auth); };
log { source(src); destination(messages); };
# log { source(src); destination(console_all); };

Subsequent edit Aug 6 8:15 am, pst

I was able to add more entries but when I got to the first filter line, the syslog error begins. Here is my latest syslog-ng conf. What could be wrong with my filter line entry?

rank frank # cat /etc/syslog-ng/syslog-ng.conf
@version: 3.2
# $Header: /var/cvsroot/gentoo-x86/app-admin/syslog-ng/files/syslog-ng.conf.gentoo.3.2,v 1.1 2011/01/18 17:44:14 mr_bones_ Exp $
#
# Syslog-ng default configuration file for Gentoo Linux

options {
chain_hostnames(no);

# The default action of syslog-ng is to log a STATS line
# to the file every 10 minutes. That's pretty ugly after a while.
# Change it to every 12 hours so you get a nice daily update of
# how many messages syslog-ng missed (0).
stats_freq(43200);
# The default action of syslog-ng is to log a MARK line
# to the file every 20 minutes. That's seems high for most
# people so turn it down to once an hour. Set it to zero
# if you don't want the functionality at all.
mark_freq(3600);
};

source src {
unix-stream("/dev/log" max-connections(256));
internal();
file("/proc/kmsg");
};

destination messages { file("/var/log/messages"); };
destination cron { file("/var/log/cron.log"); };
destination auth { file("/var/log/auth.log)"); };

filter f_messages { not facility(cron, auth, autopriv); };
# By default messages are logged to tty12...
destination console_all { file("/dev/tty12"); };
# ...if you intend to use /dev/console for programs like xconsole
# you can comment out the destination line above that references /dev/tty12
# and uncomment the line below.
#destination console_all { file("/dev/console"); };

log { source(src); destination(messages); };
log { source(src); destination(console_all); };
frank frank #

[frank56]

I guess its ok to reply to oneself. I corrected some of my mistakes. by following a better link for syslog-ng ver 3.2. Syslog-ng - Gentoo Linux Wiki

The following configuration is working for me, but I still need to work on the log { source(src) entries at the bottom. In a few hours I may have that solved, somehow I think my two entries at the bottom are incomplete.

rank frank # cat /etc/syslog-ng/syslog-ng.conf

@version: 3.2

# $Header: /var/cvsroot/gentoo-x86/app-admin/syslog-ng/files/syslog-ng.conf.gentoo.3.2,v 1.1 2011/01/18 17:44:14 mr_bones_ Exp $

#

# Syslog-ng default configuration file for Gentoo Linux



options {

chain_hostnames(no);



# The default action of syslog-ng is to log a STATS line

# to the file every 10 minutes. That's pretty ugly after a while.

# Change it to every 12 hours so you get a nice daily update of

# how many messages syslog-ng missed (0).

stats_freq(43200);

# The default action of syslog-ng is to log a MARK line

# to the file every 20 minutes. That's seems high for most

# people so turn it down to once an hour. Set it to zero

# if you don't want the functionality at all.

mark_freq(3600);

};



source src {

unix-stream("/dev/log" max-connections(256));

internal();

file("/proc/kmsg");

};



destination messages { file("/var/log/messages"); };

destination cron { file("/var/log/cron.log"); };

destination auth { file("/var/log/auth.log)"); };



filter f_messages { level(info..warn) and not facility(auth, authpriv, mail, news); };

filter f_cron { facility(cron); };

filter f_auth { facility(auth); };

filter f_authpriv { facility(auth, authpriv); };

filter f_warn { level(warn); };



# By default messages are logged to tty12...

destination console_all { file("/dev/tty12"); };

# ...if you intend to use /dev/console for programs like xconsole

# you can comment out the destination line above that references /dev/tty12

# and uncomment the line below.

#destination console_all { file("/dev/console"); };



log { source(src); destination(messages); };

log { source(src); destination(console_all); };

frank frank #

[balabit]

Hi,

could you please describe what you are trying to accomplish?

The line "filter f_messages { not facility(cron, auth, autopriv); };" seems to be syntactically incorrect, for details on how to use filters and boolean operators, check the syslog-ng Administrator Guide.

You probably need something like:

filter demo_filter { not host("example1") and not host("auth") and not host("authpriv"); };

(BTW, authpriv is misspelled in your config.)

HTH

Regards,

Robert Fekete

[frank56]

Hi,

could you please describe what you are trying to accomplish?

The line "filter f_messages { not facility(cron, auth, autopriv); };" seems to be syntactically incorrect, for details on how to use filters and boolean operators, check the syslog-ng Administrator Guide.

You probably need something like:

filter demo_filter { not host("example1") and not host("auth") and not host("authpriv"); };

(BTW, authpriv is misspelled in your config.)

HTH

Regards,

Robert Fekete

Thanks Robert, What I would like to accomplish is having a log tool to post errors with my system, to enable those users that are trying to help me. I do not run a server, I am not even sure if syslog-ng was intended for me. Coming from Debian, I don't remember dealing with Syslog-ng. So basically any logger that would allow me to post my computer probems would suffice. I think one of my weakness is following the Adminstrators guide, and following correct syntax examples. Also if there is another link that explains syslog in a more basic way, It may help me also. At any rate, I will take another look at the Adminstrators Guide you suggested.