syslog.conf to syslog-ng.conf

[Mrt2006]

Hey guys,

i´m a german, so i´m sorry for my bad english 

i have problems with my syslog-ng. i installed a computer with openSuse 11.

My problem is the following entry in a old syslog.conf

#
# Some foreign boot scripts require local7
#
local0.none                    -/var/log/netlogs/localrest.log
local1.none                    -/var/log/netlogs/localrest.log
local2.none                    -/var/log/netlogs/localrest.log
local3.none                    -/var/log/netlogs/localrest.log
local4.none                    -/var/log/netlogs/localrest.log
local5.none                    -/var/log/netlogs/localrest.log
local6.none                    -/var/log/netlogs/localrest.log
local7.none                    -/var/log/netlogs/localrest.log
local0.debug                    -/var/log/netlogs/netlog.log
local1.debug                    -/var/log/netlogs/router.log
local2.debug                    -/var/log/netlogs/netlog.log
local3.debug                    -/var/log/netlogs/pixlog.log
local4.debug                    -/var/log/netlogs/fbridge.log
local5.debug                    -/var/log/netlogs/switch.log
local6.debug                    -/var/log/netlogs/centil.log
local7.debug                    -/var/log/netlogs/vpn.log

this entry must be in my new syslog-ng.conf, but thats my problem.
I try a lot but nothing works. So guys please help me to edit the entry in the correct form, i´m uninspired.

In my opinion i must use a "facility", but in which form, i don´t know

thank you a lot
greeze Mrt2006

[mutex]

Try this:

Code:

source s_all {
       udp();                    # remote logs arriving at 514/udp
       unix-stream("/dev/log");  # local system logs
       file("/proc/kmsg");       # local kernel logs
       internal();               # internal syslog-ng logs
};

filter f_localnone { facility(local0...local7) and level(none); };
filter f_local0debug { facility(local0) and level(debug); };
filter f_local1debug { facility(local1) and level(debug); };
filter f_local2debug { facility(local2) and level(debug); };
filter f_local3debug { facility(local3) and level(debug); };
filter f_local4debug { facility(local4) and level(debug); };
filter f_local5debug { facility(local5) and level(debug); };
filter f_local6debug { facility(local6) and level(debug); };
filter f_local7debug { facility(local7) and level(debug); };

destination d_localrest{
       file("/var/log/netlogs/localrest.log");
};
destination d_netlog{
       file("/var/log/netlogs/netlog.log");
};
destination d_router{
       file("/var/log/netlogs/router.log");
};
destination d_pixlog{
       file("/var/log/netlogs/pixlog.log");
};
destination d_fbridge{
       file("/var/log/netlogs/fbridge.log");
};
destination d_switch{
       file("/var/log/netlogs/switch.log");
};
destination d_centil{
       file("/var/log/netlogs/centil.log");
};
destination d_vpn{
       file("/var/log/netlogs/vpn.log");
};
log{
        source(s_all);
        filter(f_localnone);
        destination(d_localrest);
};
log{
        source(s_all);
        filter(f_local0debug);
        destination(d_netlog);
};
log{
        source(s_all);
        filter(f_local1debug);
        destination(d_router);
};
log{
        source(s_all);
        filter(f_local2debug);
        destination(d_netlog);
};
log{
        source(s_all);
        filter(f_local3debug);
        destination(d_pixlog);
};
log{
        source(s_all);
        filter(f_local4debug);
        destination(d_fbridge);
};
log{
        source(s_all);
        filter(f_local5debug);
        destination(d_switch);
};
log{
        source(s_all);
        filter(f_local6debug);
        destination(d_centil);
};
log{
        source(s_all);
        filter(f_local7debug);
        destination(d_vpn);
};

[Mrt2006]

thank you very much !
but i have a question. in which position must i paste your code

sorry for this stupid question ^^

[mutex]

That should replace the whole file.

[Mrt2006]

thanks for your help but now i have a problem with restarting the syslog-ng
your config is now the whole syslog-ng.conf file !

and this is the output by starting syslog

maze:/etc/syslog-ng # rcsyslog restart
Shutting down syslog services                                    done
Starting syslog servicessyntax error at 8
Parse error reading configuration file, exiting. (line 8 )
startproc:  exit status of parent of /sbin/syslog-ng: 1
                                                                 failed

so i comment the line 8 out ! and restart the syslog again
but also bad news for me

Shutting down syslog services                                    done
Starting syslog servicesError opening file /proc/kmsg for reading (Permission denied)
Error initializing configuration, exiting.
startproc:  exit status of parent of /sbin/syslog-ng: 1
                                                                 failed

[mutex]

I think the first problem is that your version of syslog-ng doesn't like the ellipses (...).  It should, though.  I think you can replace local0...local7 with local0, local1, local2 and so on.

The second problem can be fixed by commenting out this line:
       file("/proc/kmsg");       # local kernel logs

[Mrt2006]

thank you again, yesterday i tried a lot and now all works great ...
the problem was your guess and the secound problem was the default config !
i must combine your config with the default config, because Suse need some entry´s


here is my working config 

Code:

#
# Global options.
#
options { long_hostnames(off); sync(0); perm(0640); stats(3600); };

#
# 'src' is our main source definition. you can add
# more sources driver definitions to it, or define
# your own sources, i.e.:
#
#source my_src { .... };
#
source src {
        #
        # include internal syslog-ng messages
        # note: the internal() soure is required!
        #
        internal();

        #
        # the default log socket for local logging:
        #
        unix-dgram("/dev/log");

        #
        # uncomment to process log messages from network:
        #
        udp(ip("0.0.0.0") port(514));
};



#
# Filter definitions
#
filter f_iptables   { facility(kern) and match("IN=") and match("OUT="); };

filter f_console    { level(warn) and facility(kern) and not filter(f_iptables)
                      or level(err) and not facility(authpriv); };

filter f_newsnotice { level(notice) and facility(news); };
filter f_newscrit   { level(crit)   and facility(news); };
filter f_newserr    { level(err)    and facility(news); };
filter f_news       { facility(news); };

filter f_mailinfo   { level(info)      and facility(mail); };
filter f_mailwarn   { level(warn)      and facility(mail); };
filter f_mailerr    { level(err, crit) and facility(mail); };
filter f_mail       { facility(mail); };

filter f_cron       { facility(cron); };

#filter f_local      { facility(local0, local1, local2, local3,
#                               local4, local5, local6, local7); };

#
# acpid messages
#
filter f_acpid_full { match('^acpid:'); };
filter f_acpid      { level(emerg..notice) and match('^acpid:'); };

# this is for the old acpid < 1.0.6
filter f_acpid_old  { match('^\[acpid\]:'); };

filter f_netmgm     { match('^NetworkManager:'); };

filter f_messages   { not facility(news, mail) and not filter(f_iptables) and not filter (f_localinfo) and not filter (f_local0debug) and not filter (f_local1debug) and not filter (f_local2debug) and not filter (f_local3debug) and not filter (f_local4debug) and not filter (f_local5debug) and not filter (f_local6debug) and not filter (f_local7debug); };

filter f_warn       { level(warn, err, crit) and not filter(f_iptables); };
filter f_alert      { level(alert); };


#
# Enable this and adopt IP to send log messages to a log server.
#
#destination logserver { udp("10.10.10.10" port(514)); };
#log { source(src); destination(logserver); };

#
# Enable this, if you want to keep all messages in one file:
# (don't forget to provide logrotation config)
#
#destination allmessages { file("/var/log/allmessages"); };
#log { source(src); destination(allmessages); };

#
# Most warning and errors on tty10 and on the xconsole pipe:
#
destination console  { pipe("/dev/tty10"    owner(-1) group(-1) perm(-1)); };
log { source(src); filter(f_console); destination(console); };

destination xconsole { pipe("/dev/xconsole" owner(-1) group(-1) perm(-1)); };
log { source(src); filter(f_console); destination(xconsole); };

# Enable this, if you want that root is informed immediately,
# e.g. of logins:
#
#destination root { usertty("root"); };
#log { source(src); filter(f_alert); destination(root); };


#
# News-messages in separate files:
#
destination newscrit   { file("/var/log/news/news.crit"
                              owner(news) group(news)); };
log { source(src); filter(f_newscrit); destination(newscrit); };

destination newserr    { file("/var/log/news/news.err"
                              owner(news) group(news)); };
log { source(src); filter(f_newserr); destination(newserr); };

destination newsnotice { file("/var/log/news/news.notice"
                              owner(news) group(news)); };
log { source(src); filter(f_newsnotice); destination(newsnotice); };

#
# and optionally also all in one file:
# (don't forget to provide logrotation config)
#
#destination news { file("/var/log/news.all"); };
#log { source(src); filter(f_news); destination(news); };


#
# Mail-messages in separate files:
#
destination mailinfo { file("/var/log/mail.info"); };
log { source(src); filter(f_mailinfo); destination(mailinfo); };

destination mailwarn { file("/var/log/mail.warn"); };
log { source(src); filter(f_mailwarn); destination(mailwarn); };

destination mailerr  { file("/var/log/mail.err" fsync(yes)); };
log { source(src); filter(f_mailerr);  destination(mailerr); };

#
# and also all in one file:
#
destination mail { file("/var/log/mail"); };
log { source(src); filter(f_mail); destination(mail); };


#
# acpid messages in one file:
#
destination acpid { file("/var/log/acpid"); };
destination null { };
log { source(src); filter(f_acpid); destination(acpid); flags(final); };
#
# if you want more verbose acpid logging, comment the destination(null)
# line and uncomment the destination(acpid) line
#
log { source(src); filter(f_acpid_full); destination(null); flags(final); };
# log { source(src); filter(f_acpid_full); destination(acpid); flags(final); };
#
# old acpid < 1.0.6
log { source(src); filter(f_acpid_old); destination(acpid); flags(final); };

#
# NetworkManager messages in one file:
#
destination netmgm { file("/var/log/NetworkManager"); };
log { source(src); filter(f_netmgm); destination(netmgm); flags(final); };


#
# Cron-messages in one file:
# (don't forget to provide logrotation config)
#
#destination cron { file("/var/log/cron"); };
#log { source(src); filter(f_cron); destination(cron); };


#
# Some boot scripts use/require local[1-7]:
#
#destination localmessages { file("/var/log/localmessages"); };
#log { source(src); filter(f_local); destination(localmessages); };


#
# All messages except iptables and the facilities news and mail:
#
destination messages { file("/var/log/messages"); };
log { source(src); filter(f_messages); destination(messages); };


#
# Firewall (iptables) messages in one file:
#
destination firewall { file("/var/log/firewall"); };
log { source(src); filter(f_iptables); destination(firewall); };


#
# Warnings (except iptables) in one file:
#
destination warn { file("/var/log/warn" fsync(yes)); };
log { source(src); filter(f_warn); destination(warn); };

filter f_localinfo { level(info) and facility(local0,local2,local3,local4,local5,local6,local7); };
filter f_local0debug { facility(local0) and level(debug); };
filter f_local1debug { facility(local1) and level(debug); };
filter f_local2debug { facility(local2) and level(debug); };
filter f_local3debug { facility(local3) and level(debug); };
filter f_local4debug { facility(local4) and level(debug); };
filter f_local5debug { facility(local5) and level(debug); };
filter f_local6debug { facility(local6) and level(debug); };
filter f_local7debug { facility(local7) and level(debug); };

destination d_localrest{
       file("/var/log/netlogs/localrest.log");
};
destination d_netlog{
       file("/var/log/netlogs/netlog.log");
};
destination d_router{
       file("/var/log/netlogs/router.log");
};
destination d_pixlog{
       file("/var/log/netlogs/pixlog.log");
};
destination d_fbridge{
       file("/var/log/netlogs/fbridge.log");
};
destination d_switch{
       file("/var/log/netlogs/switch.log");
};
destination d_centil{
       file("/var/log/netlogs/centil.log");
};
destination d_vpn{
       file("/var/log/netlogs/vpn.log");
};
log{
        source(src);
        filter(f_localinfo);
        destination(d_localrest);
};
log{
        source(src);
        filter(f_local0debug);
        destination(d_netlog);
};
log{
        source(src);
        filter(f_local1debug);
        destination(d_router);
};
log{
        source(src);
        filter(f_local2debug);
        destination(d_netlog);
};
log{
        source(src);
        filter(f_local3debug);
        destination(d_pixlog);
};
log{
        source(src);
        filter(f_local4debug);
        destination(d_fbridge);
};
log{
        source(src);
        filter(f_local5debug);
        destination(d_switch);
};
log{
        source(src);
        filter(f_local6debug);
        destination(d_centil);
};
log{
        source(src);
        filter(f_local7debug);
        destination(d_vpn);
};

thank you a lot !

[mutex]

Glad it worked for you.