Ok how if I want to send just a log using level if severity, For example from severity 4 -->0 , The following is the full conf file:
=======================================
# configuration file for syslog-ng, customized for remote logging
source s_internal { internal(); };
destination d_syslognglog { file("/var/log/syslog-ng.log"); };
log { source(s_internal); destination(d_syslognglog); };
# Remote logging
source s_remote {
tcp(ip(0.0.0.0) port(514));
udp(ip(0.0.0.0) port(514));
};
destination d_separatedbyhosts {
file("/var/log/syslog-ng/servers/$HOST/$FACILITY.log" owner("root") group("root") perm(0640) dir_perm(0750) create_dirs(yes));
};
log { source(s_remote); destination(d_separatedbyhosts); };
options {
# Number of syslog lines stored in memory before being written to files
flush_lines (0);
# Syslog-ng uses queues
log_fifo_size (1000);
# Create log directories as needed
create_dirs (yes);
# Make the group "logs" own the log files and directories
group (logs);
dir_group (logs);
# Set the file and directory permissions
perm (0640);
dir_perm (0750);
# Check client hostnames for valid DNS characters
check_hostname (yes);
# Specify whether to trust hostname in the log message.
# If "yes", then it is left unchanged, if "no" the server replaces
# it with client's DNS lookup value.
keep_hostname (yes);
# Use DNS fully qualified domain names (FQDN)
# for the names of log file folders
use_fqdn (yes);
use_dns (yes);
# Cache DNS entries for up to 1000 hosts for 12 hours
dns_cache (yes);
dns_cache_size (1000);
# messages and label it "d_localhost"
source s_localhost {
pipe ("/proc/kmsg" program_override("kernel: "));
unix-stream ("/dev/log");
internal();
};
# Define the destination "d_localhost" log directory
destination d_localhost {
file ("/var/log/syslog-ng/localhost/$FACILITY.log");
};
# Define all the sources of network generated syslog
# messages and label it "d_network"
source s_network {
tcp(max-connections(5000));
udp();
};
# Define the destination "d_network" log directory
destination d_network {
file ("/var/log/syslog-ng/$YEAR.$MONTH.$DAY/$HOST/$FACILITY.log");
};
# Any logs that match the "s_localhost" source should be logged
# in the "d_localhost" directory
log { source(s_localhost);
destination(d_localhost);
};
---------- Post updated 07-06-09 at 02:55 AM ---------- Previous update was 07-05-09 at 07:18 AM ----------
It worked now successfuly
with the following
=============
source sme {file (/var/log/syslog-ng/servers/Central.mc.tedata.net/authpriv.log); };
destination maillog { program ("/usr/local/bin/syslog-mail-perl" );
};
log {source(sme); destination(maillog); };
Thanks
---------- Post updated at 07:47 AM ---------- Previous update was at 02:55 AM ----------
Dears I still have a small problem that when It tried to send emails I found that I must restart syslog every time to send the mails to sendmail, In another word it buffer the emails tell I restart syslog-ng then It forwerd it to send mail and can see it in the mail log.
Do you have any idea for that ?
Thanks
the perl script
+++++++++++++++++++++++++++++++++++=
#!/usr/bin/perl -n
# thanks to Brian Dowling for an example with security in mind.
$TO = 'reaky@domain.com';
$FROM = $TO;
s/^//;
open(MAIL, "|/usr/sbin/sendmail -t");
print MAIL "EOT";
To: $TO
From: $FROM
Subject: SME Log Alert: $_
$_
EOT
close(MAIL);
+++++++++++++++++++++++++++++++++++++++