Solved

Syslog-Ng will not start when I use macros in the destination drivers

Posted on 2007-11-21
2
458 Views
Last Modified: 2010-05-18
I wanted to collect syslog messages on one machine using syslog-ng.  The server box is a SuSE linux 10.1 machine and syslog-ng 1.6.8-20.18.  Documentation states that I can use a macro ($HOST) when naming the files that I same the messages to.  When I put the macro into the destination line, syslog-ng will not start.  Without the macro it starts correctly.  The first code snippet included does not work, while the second code snippet does.  I do not have both snippets in the syslog-ng.conf file at the same time.  Any insight into this would be helpful.

On a side note, I tried to have the files save to a different place than /var/log and the files would not even be created, but when directed to save in /var/log there was no problem.  Insight into this would also be appreciated.

Thanks in advance.
destination allmessages { file("/var/log/syslog/$HOST/allmessages"); };

log { source(src); destination(allmessages); };
 
 

destination allmessages { file("/var/log/syslog/allmessages"); };

log { source(src); destination(allmessages); };

Open in new window

0
Comment
Question by:KerryChin
2 Comments
 
LVL 2

Accepted Solution

by:
terrydavis earned 250 total points
ID: 20328769
Make sure you have 'create_dirs (yes);' in your options block.
0
 

Author Closing Comment

by:KerryChin
ID: 31410388
That's all it took!  Thank you very much!  I don't know if this works for the going to a different directory other than /var/log, but I mounted the drive under /var/log/syslog and that part is solved for me.  Thanks again!
0

Featured Post

Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

Join & Write a Comment

Hello EE, Today we will learn how to send all your network traffic through Tor which is useful to get around censorship and being tracked all together to a certain degree. This article assumes you will be using Linux, have a minimal knowledge of …
BIND is the most widely used Name Server. A Name Server is the one that translates a site name to it's IP address. There is a new bug in BIND (https://kb.isc.org/article/AA-01272), affecting all versions of BIND 9 from BIND 9.1.0 (inclusive) thro…
In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now