3

I am unable to send /var/log/audit/audit.log to remote server.

I have tried below methods but no luck.

After done below configuration am not able to restart the syslog-ng service.

syslog-ng version is syslog-ng-1.6.8-20.21.1 in sles10.

method1 :

source s_auditlog {pipe(“/var/log/audit/audit.log);};
destination d_audit_access { file(“/var/log/audit/$FULLHOST” template(“$MSGONLYn”) template-escape(no) owner(“root”) group(“root”) perm(0640));};
destination d_host { udp("10.253.1.231" port (514)); };
log {source(s_auditlog); destination(d_host); };

method2 :

source auditlog { file("/var/log/audit/audit.log" log_prefix("audit: "); };
destination d_host { udp("10.253.1.231" port (514)); };
log{ source(auditlog); destination(d_host); };
HopelessN00b
  • 53,795
  • 33
  • 135
  • 209
user210034
  • 31
  • 2
  • Method 1 will not work since /var/log/audit/audit.log is probably a file, not a named pipe. In Method 2 you have unbalanced parentheses on the first line. – hcsteve Feb 19 '14 at 20:46
  • Thanks for the response. i have added brackets as below --- source auditlog { file ( "/var/log/audit/audit.log" ) log_prefix("audit: "); }; but still service is failing Re-Starting syslog servicessyntax error at 199 Parse error reading configuration file, exiting. (line 199) startproc: exit status of parent of /sbin/syslog-ng: 1 failed – user210034 Feb 20 '14 at 06:03
  • 1
    This error message is very clear - syslog-ng was unable to parse line 199 of your config. Look at line 199 and compare it to the grammar of the config file. – hcsteve Feb 20 '14 at 11:37
  • Is it really /var/log/audit/audit.log you want to send on, or is it the information that ends up in that log? – Jenny D Feb 21 '14 at 08:16
  • I need to send only /var/log/audit/audit.log – user210034 Mar 21 '14 at 06:50

0 Answers0