I've tried the K56602501 instructions but get nothing, i've got to be missing something.
- modify syslog {
auth-priv-from notice
auth-priv-to emerg
cron-from warning
cron-to emerg
daemon-from notice
daemon-to emerg
description none
include none
iso-date disabled
kern-from notice
kern-to emerg
mail-from notice
mail-to emerg
messages-from notice
messages-to warning
remote-servers none
user-log-from notice
user-log-to emerg
}
- Replace the include none line with the desired syslog filter. For example, to configure syslog-ng to log warning through emergency log level messages to UDP port 514 on destination hosts 192.168.1.1 and 192.168.1.2, use the following syntax:
include "
filter f_audit{
match(AUDIT);
};
destination d_syslog_server {
udp(\"192.168.1.1\" port (514));
udp(\"192.168.1.2\" port (514));
};
log {
source(s_syslog_pipe);
filter(f_audit);
destination(d_syslog_server);
};
"