level

Tom asked 2 months ago

Hey,
In an attempt to find out what the heck is going on with my network, I’ve just freshly installed this on my router and confirmed that it is functional:
@version:3.9
options {
chain_hostnames(no);
create_dirs(yes);
flush_lines(0);
keep_hostname(yes);
log_fifo_size(256);
log_msg_size(1024);
stats_freq(0);
flush_lines(0);
use_fqdn(no);
};
source src {
internal();
unix-dgram(“/dev/log”);
};
source net {
udp(ip(0.0.0.0) port(514));
};
source kernel {
file(“/proc/kmsg” program_override(“kernel”));
};
destination messages {
file(“/opt/var/log/messages”);
};
filter f_info { level(info); };
log {
source(src);
source(net);
source(kernel);
destination(messages);
};
# put any customization files in this directory
@include “/opt/etc/syslog-ng.d/”
 
Things are very quiet in the messages file.  What do you think the default level is?  How can I globally increase it to (info)?  The only line I’ve added is the filter and that did nothing.
My attempts to make additional changes  in the log section have been a complete failure and prevent it from even starting.  I’m not ready for a huge complicated syslog-ng config at this point.  
 
Thanks!

1 Answers
furiel1 answered 2 months ago

Filters are entities that drop messages that do not match to the filter conditions. If there are no messages arriving to the messages file without a filter, then adding a filter will not help. By the way, the f_info is not active in your configuration. The filter must be added into the log {} path to be activated.
As for what could be the reason messages not  seen in the messages file: It can be either there are no messages arriving to syslog-ng, or it can be some problem with the destination file, for example permission problem.
To generate messages, you can try with something similar:
echo “hello” | nc -u 127.0.0.1 514
to see if it works.
Also it would worth start syslog-ng in the foreground with debug logs enabled during the investination: syslog-ng -Fevd. You can find all information you need: the incoming message, filter matching information, error logs etc.