1) make sure udp listener is on
netstat -anop|grep 514
2) If not, add udp(); as source to syslog-ng.conf
# udp source
source s_udp {
udp();
};
3) create a destination
destination d_name { file("/var/log/file.log"); };
4) create a filter
filter f_name {
host("192.168.123.123")
and facility(auth,authpriv);
};
5) Create the logging for the filter to the destination
log {
source(s_udp);
filter(f_name);
destination(d_name);
};
Do add the remote logging on the servers, if needed tcpdump on the syslog-ng server to verify that log entries come in.
Thursday, March 25, 2010
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment