Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: another time help with syslog-ng
Operating Systems Linux SuSE another time help with syslog-ng Post 302699103 by jackcracker on Tuesday 11th of September 2012 06:19:13 AM
Old 09-11-2012
another time help with syslog-ng
Hi @ all,
there´s another problem which I have with syslog-ng, perhaps somebody have a solution:
We´ve a server which sent his messages-log to another Server - worked well with ... destination logserver ... and so on.
in the /var/log/messages there´s every 5 minutes an entry like this
HTML Code:
...
Sep 10 16:20:01 Servername sshd[25721]: Accepted publickey for user from 123.12.123.123 port 47936 ssh2
...
Because I get rid of these messages I tried to filter it out with syslog-ng.

What I want:
the messages above should be written in a seperate logfile, and the 1-hourly-syslog-status-message from syslog himself
HTML Code:
Sep 11 12:12:26 Servername syslog-ng[18531]: Log statistics; dropped='udp(AF_INET(123.12.123.12:514))=0', processed='ce
nter(queued)=71', processed='center(received)=30', processed='destination(messages)=24', processed='destination(mailinfo)=0
', processed='destination(mailwarn)=0', processed='destination(logserver)=30', processed='destination(localmessages)=0', pr
ocessed='destination(mailerr)=0', processed='destination(newserr)=0', processed='destination(netmgm)=0', processed='destina
tion(warn)=0', processed='destination(console)=0', processed='destination(null)=0', processed='destination(mail)=0', proces
sed='destination(xconsole)=0', processed='destination(firewall)=0', processed='destination(f_publickey)=17', processed='des
tination(acpid)=0', processed='destination(newscrit)=0', processed='destination(newsnotice)=0', processed='source(src)=30'
should be written still in /var/log/messages;
furthermore the Server should sent his messages to a Log-Server but of course without the "publickey" messages, but within the syslog-ng-status-messages
I tried many versions of configuring the syslog-ng.conf but none of them worked well.
Here´re the lines in my syslog-ng.conf:
HTML Code:
...
filter f_messages { not facility(news, mail) and not filter(f_iptables) and not filter("publickey"); };
...
#Filter f_publickey
filter f_publickey { match("publickey"); };
...
# Logfile for publickey-messages
destination publickey { file("/var/log/publickey"); };
log { source(src); filter(f_publickey); destination(publickey); };
but unfortunately it didn´t work -
either the "publickey"-messages will be written together with the syslog-status-message in my defined file or the seperate file keeps empty.

Could anybody told me, where´s my mistake or is there perhaps another solution possible?
Thanks for answers
 

9 More Discussions You Might Find Interesting

1. UNIX for Advanced & Expert Users

How To Provide Time Sync Using Nts-150 Time Server On Unix Network?

can anybody tel lme,how to instal NTS -150 on a unix network,it needs some patch to fetch time frm serve,,?? (2 Replies)
Discussion started by: pesty
2 Replies

2. Shell Programming and Scripting

Merging last and syslog data on time

This is on a HP-UX system. I need to merge the 2 reports, for each line in syslog I need to lookup who was logged in to the pts/# based on the time from the last.txt report. Here is what I get from sulog.log cat syslog | grep "su:" | grep "Jun 14" Jul 14 08:02:48 server1 su: - 2 ... (8 Replies)
Discussion started by: Ikon
8 Replies

3. Shell Programming and Scripting

Convert Epoch Time to Standard Date and Time & Vice Versa

Hi guys, I know that this topic has been discuss numerous times, and I have search the net and this forum for it. However, non able to address the problem I faced so far. I am on Solaris Platform and unable to install additional packages like the GNU date and gawk to make use of their... (5 Replies)
Discussion started by: DrivesMeCrazy
5 Replies

4. UNIX for Dummies Questions & Answers

Extracting a Time Span from Syslog Messages File

Hi all, I need your help to explain how I can extract a time span from the syslog messages file on a Solaris 10 system. Here is an example extract of the syslog messages: Dec 4 11:51:38 hajap141-0107.nls.jlrint.com 267938: Dec 4 11:51:36: %DOT11-6-DISASSOC: Interface Dot11Radio0,... (4 Replies)
Discussion started by: wthomas
4 Replies

5. Solaris

modifying date and time and time zone on solaris 5.10 with (redundant server) veritas

I have a cluster of two Solaris server (veritas cluster). one working and the other is standby I am going to change the date on them , and am looking for a secure solution as it is giving an important service. my opinion is that the active one doesn't need to be restarted (if I don't change the... (1 Reply)
Discussion started by: barry1946
1 Replies

6. Shell Programming and Scripting

Adding time to date time in UNIX shell scipting

I needed some help in adding a duration (in seconds) to a start time (in hhmmss format) and a start date (in mmddyy format) in order to get an end date and end time. The concept of a leap year is also to be considered while incrementing the day. The code/ function that I have formed so far is as... (3 Replies)
Discussion started by: codehelp04
3 Replies

7. Shell Programming and Scripting

Convert UTC time into current UNIX sever time zone

Hi guys thanks for the help for my previous posts.Now i have a requirement that i download a XMl file which has UTC time stamp.I need to convert UTC time into Unix server timezone. For ex if the time zone of unix server is CDT then i need to convert into CDT.whatever may be the system time... (5 Replies)
Discussion started by: mohanalakshmi
5 Replies

8. Programming

Find gaps in time data and replace missing time value and column 2 value by interpolation in awk

Dear all, I am kindly seeking assistance on the following issue. I am working with data that is sampled every 0.05 hours (that is 3 minutes intervals) here is a sample data from the file 5.00000 15.5030 5.05000 15.6680 5.10000 16.0100 5.15000 16.3450 5.20000 16.7120 5.25000... (4 Replies)
Discussion started by: malandisa
4 Replies

9. Shell Programming and Scripting

Calculate Time diff in milli milliseconds(Time format : HH:MM:SS,NNN)

Hi All, I have one file which contains time for request and response. I want to calculate time difference in milliseconds for each line. This file can contain 10K lines. Sample file with 4 lines. for first line. Request Time: 15:23:45,255 Response Time: 15:23:45,258 Time diff... (6 Replies)
Discussion started by: Raza Ali
6 Replies

LEARN ABOUT DEBIAN

syslog2dlf

SYSLOG2DLF.IN(1)					  LogReport's Lire Documentation					  SYSLOG2DLF.IN(1)

NAME

       syslog2dlf - convert syslog log files to DLF

SYNOPSIS

       syslog2dlf

DESCRIPTION

       This script uses the Lire::Syslog module to create a DLF representation of the syslog log files. It can process all the syslog log formats
       supported by that module.

EXAMPLES

       To process a log as produced by syslog:

	$ syslog2dlf < syslog.log

       syslog2dlf will be rarely used on its own, but is more likely called by lr_log2report:

	$ lr_log2report syslog < /var/log/syslog.log

SEE ALSO

       Lire::Syslog(3pm)

VERSION

       $Id: syslog2dlf.in,v 1.6 2006/07/23 13:16:36 vanbaal Exp $

AUTHOR

       Francis J. Lacoste <flacoste@logreport.org>

COPYRIGHT

       Copyright (C) 2002 Stichting LogReport Foundation LogReport@LogReport.org

       This program is part of Lire.

       Lire is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free
       Software Foundation; either version 2 of the License, or (at your option) any later version.

       This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of
       MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for more details.

       You should have received a copy of the GNU General Public License along with this program (see COPYING); if not, check with
       http://www.gnu.org/copyleft/gpl.html.

Lire 2.1.1							    2006-07-23							  SYSLOG2DLF.IN(1)
All times are GMT -4. The time now is 04:17 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy