$ sudo service syslog-ng restart
* Stopping system logging syslog-ng [ OK ]
* Starting system logging syslog-ng WARNING: Configuration file format is too old, please update it to use the 3.3 format as some constructs might operate inefficiently;
WARNING: global: the default value of log_fifo_size() has changed to 10000 in version 3.3 to reflect log_iw_size() changes for tcp()/udp() window size changes;
WARNING: The default behaviour for injecting messages in db-parser() has changed in version 3.3 from internal to pass-through, use an explicit inject-mode(internal) option for old behaviour;
[ OK ]
Not sure too sure about the usage here - but I didn't recognize the warning and thought I'd bring it up.
Shane, if you haven't had a chance to look into this yet, here are the only hits I got for the two keywords mentioned:
#destination d_net { tcp("127.0.0.1" port(1000) authentication(on) encrypt(on) log_fifo_size(1000)); };
parser p_db {
db-parser(file("/opt/elsa/node/conf/patterndb.xml"));
};
The first is commented out, and the second is in the p_db function that is called as part of the log section where all the bro files are sourced. I don't speak syslogeese, so don't know the effects of it, but I can verify that changing the version to 3.3 at the top of the file does eliminate the warnings...
It also looks like the syslog-ng update restored logging to all the normal files in /var/log, which is a plus for me.. I prefer digging through them with grep over trying to figure out what they were by rooting around in ELSA. :(
--
Pete