[syslog-ng] Nothing is logged

Ken Garland ken.garland at rotech.com
Fri Aug 26 16:21:04 CEST 2005 

originally i used the gentoo-wiki document to help me out but then i had 
to do some tweaking on my own.

also, use this for php-syslog-ng:

http://www.phpwizardry.com/php-syslog-ng.php

it is much better and maintained.

This is another howto that I found useful:

http://www.campin.net/newlogcheck.html

What I would do in your case is strip down the syslog-ng.conf to a 
simple form and only concentrate on getting it to log into text files 
first. then create your mysql method (i used a mysql pipe) and try to 
get that working.

here is a copy of my syslog-ng.conf

options {
   use_fqdn(no);
   use_dns(yes);
   dns_cache(yes);
   keep_hostname(yes);
   long_hostnames(off);
   sync(0);
   stats(43200);
   log_fifo_size(1024);
}; 

source client_udp { udp(); };
source client_tcp { tcp(); };

destination hosts { 
        file("/var/log/syslogs/messages"
        owner(root) group(root) perm(0600) dir_perm(0700)
        create_dirs(yes));
};

destination d_mysql {
        pipe("/var/log/mysql.pipe" template("INSERT INTO logs
        (host, facility, priority, level, tag, datetime, program, msg)
        VALUES ( '$HOST', '$FACILITY', '$PRIORITY', '$LEVEL', '$TAG', 
        '$YEAR-$MONTH-$DAY $HOUR:$MIN:$SEC', '$PROGRAM', '$MSG' );\n") 
        template-escape(yes));
};

log { source(client_udp); destination(hosts); }; 
log { source(client_tcp); destination(hosts); }; 
log { source(client_udp); destination(d_mysql); }; 
log { source(client_tcp); destination(d_mysql); };





naim abu darwish wrote:

>
> Hi,
> I'm trying to setup a central logging server to get logs from many 
> hosts on a network, and store in a mysql database. I followed the 
> following docs::
>
> http://gentoo-wiki.com/HOWTO_setup_PHP-Syslog-NG
>
> http://vermeer.org/docs/1
>
> only nothing is being logged :D
> my syslog-ng.conf so far::
>
>
> # $Header: /var/cvsroot/gentoo-x86/app-admin/syslog-ng/files/syslog- 
> ng.conf.gentoo,v 1.5 2005/05/12 05:46:10 mr_bones_ Exp $
> #
> # Syslog-ng default configuration file for Gentoo Linux
> # contributed by Michael Sterrett
>
> options {
>          chain_hostnames(off);
>         keep_hostname(yes);
>          log_fifo_size(1024);
>         sync(0);
>
>          # The default action of syslog-ng 1.6.0 is to log a STATS line
>         # to the file every 10 minutes.  That's pretty ugly after a 
> while.
>         # Change it to every 12 hours so you get a nice daily update of
>          # how many messages syslog-ng missed (0).
>         stats(43200);
> };
>
> source shell {
> unix-dgram("/dev/log");
> internal();
> #tcp( port(5141) keep-alive(yes) max-connections(3000));
> udp(ip(0.0.0.0 <http://0.0.0.0>),port(514));
> };
>
> source src { unix-stream("/dev/log"); internal(); pipe("/proc/kmsg"); };
>
> source net {udp(); };
>
> destination messages { file("/var/log/messages"); };
>
> # By default messages are logged to tty12...
> destination console_all { file("/dev/tty12"); };
> # ...if you intend to use /dev/console for programs like xconsole
> # you can comment out the destination line above that references 
> /dev/tty12
> # and uncomment the line below.
> #destination console_all { file("/dev/console"); };
>
> log { source(src); destination(messages); };
> log { source(src); destination(console_all); };
> log { source(shell); filter(allstuff);destination(testfile); };
> log { source(net); destination(testfile); };
> filter allstuff { host("194.146.*"); };
>
> # pipe messages to /var/log/mysql.pipe to be processed by mysql
>
> destination d_mysql { pipe("/var/log/mysql.pipe" template("INSERT INTO 
> logs
> (host, facility, priority, level, tag, datetime, program, msg)
> VALUES ( '$HOST', '$FACILITY', '$PRIORITY', '$LEVEL', '$TAG', 
> '$YEAR-$MONTH-$DAY $HOUR:$MIN:$SEC',
> '$PROGRAM', '$MSG' );\n") template-escape(yes)); };
>
> #destination testfile {
> destination testfile {
> file("/var/log/test/$HOST/zab.log"
> sync(0) log_fifo_size(10) create_dirs(yes)
> owner(root) group(system) perm(0660) dir_perm(0770));
> };
>
> i suspected something wrong with the way i setup mysql database.. 
> thats why i added the last bit, to log to a text file, still nothing 
> .. i cant figure out what else could be wrong.
>
> Any help appreciated.
>
> Greets,
> Naim
>
>------------------------------------------------------------------------
>
>_______________________________________________
>syslog-ng maillist  -  syslog-ng at lists.balabit.hu
>https://lists.balabit.hu/mailman/listinfo/syslog-ng
>Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
>
>  
>

More information about the syslog-ng mailing list