SYSLOG-NG - Having trouble with a destination

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Posted by Samuurai on Server Fault See other posts from Server Fault or by Samuurai
Published on 2009-11-18T18:57:05Z Indexed on 2010/04/25 2:34 UTC
Read the original article Hit count: 396

Filed under:
|

Hi,

I'm trying to set up a seperate log file for all windows messages. I've set up a match for MSWinEventLog, but it's completely ignoring my configuration

Here's my config, which is straight after the src object

filter f_windows    { match("MSWinEventLog"); };
destination winFIFO { file("/var/log/splunk/syslog-ng/winFIFO"); };
log { source(src); filter(f_windows); destination(winFIFO); flags(final); };

It all ends up in this one instead:

filter f_messages   { not facility(news, mail) and not filter(f_iptables); };
destination messages { file("/var/log/messages"); };
log { source(src); filter(f_messages); destination(messages); };

Can anyone see what i'm doing wrong?

© Server Fault or respective owner

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Related posts about syslog

Related posts about splunk

  • Running a reverse proxy in front of Splunk 4.x

    as seen on Server Fault - Search for 'Server Fault'
    So, I have previously installed Splunk 3.x behind a reverse proxy and downloaded the latest version (4.0.6 at time of typing) expecting it to be as easy to use as before. Sadly this was not the case. There appears to be some elements which are not being translated correctly through the reverse proxy… >>> More

  • Alternatives to Splunk?

    as seen on Server Fault - Search for 'Server Fault'
    I'm pretty impressed with Splunk, especially version 4. Pretty graphs, alerting (Enterprise only), and fast, accurate, searching. It's a great product. However, the cost just way too high to consider for full production use for our company. All we really need is to be able to index different logs… >>> More

  • Setting up Splunk/IronPort WSA

    as seen on Server Fault - Search for 'Server Fault'
    Hello everyone! I recently stumbled across Splunk 4 (by way of an advert on this very site...) and found that it had an "App" that's designed to work with Cisco IronPort WebSecurity and E-Mail Appliances! That's really awesome, because good IronPort reporting is something our IT-dept. is looking… >>> More

  • Thoughts on Free Splunk

    as seen on Server Fault - Search for 'Server Fault'
    I am considering implementing Splunk at my company but am leery about the financial investment. I noticed there is a free version of Splunk that seem to be good enough. Can anyone tell me if you are using the free version at your company? Do you find the free version to be adequate, or just a springboard… >>> More

  • Nagios vs Splunk

    as seen on Server Fault - Search for 'Server Fault'
    I am looking to implement log tracking at my current company. After some research it seems Nagios and Splunk are the two best options. I was wondering if there is a consensus with which is better. I understand that Splunk can be quite pricey if the non-free version is used. That being said I can… >>> More

Categories cloud

.NET ASP.NET iphone linux python Windows mysql android sql windows-7 html c ruby-on-rails css objective-c ubuntu networking sql-server wpf asp.net-mvc ruby database Xml apache AJAX osx security regex django Performance 12.04 windows-xp mac web-development iphone-sdk vb.net Silverlight apache2 flash server perl best-practices email installation eclipse visual-studio algorithm windows-server-2008 winforms wcf firefox bash dns /Oracle