[syslog-ng] Before the basic 101 questions

Fegan, Joe Joe.Fegan at hp.com
Tue Jul 21 02:38:05 CEST 2009 

I'm no apache expert, but I think /var/log/apache2 is the name of a directory that contains apache log files, right? But you have defined it as a unix-stream source:

source inputs { internal();
                unix-stream("/var/log/apache2");
                udp();
                tcp(max_connections(100)); };

unix-stream is for reading a socket, not a directory, so this can't work...

You can use "file" sources for individual files in that directory..

________________________________
From: syslog-ng-bounces at lists.balabit.hu [mailto:syslog-ng-bounces at lists.balabit.hu] On Behalf Of lance raymond
Sent: 20 July 2009 21:52
To: Syslog-ng users' and developers' mailing list
Subject: Re: [syslog-ng] Before the basic 101 questions

ok, here is the update. I have built a standalone ubuntu box to be the central server so now have that I can 'play' with.  It's a clean install,and really not sure what to do as this list seems to be the best resource.  So, I would think you can specify 'a' logfile, but I need ALL the apache logs centrally located, so going to say, take everything from /var/log/apache2 and send it to the central log server.

The central log server as I said is a default setup, due to size, I copied them up to a play webserver, the server can be seen here;
server.conf<http://www.darkerforce.com/server.conf>
and the client here (the only thing changed is the remote IP)
client.conf<http://www.darkerforce.com/client.conf>

When left like that and syslog-ng is started on the client I get the following;

Error binding socket; addr='AF_UNIX(/var/log/apache2)', error='Address already in use (98)'
Error initializing source driver; source='inputs'

As I said before, I am not looking for anything complex, etc.  Just want ALL the weblogs to goto one box which is really the function of syslog-ng.  I am sure there is one or two things that need a tweak, and I can go from there.

Thanks.


On Wed, Jul 15, 2009 at 3:45 AM, Sandor Geller <Sandor.Geller at morganstanley.com<mailto:Sandor.Geller at morganstanley.com>> wrote:
Hi,

On Tue, Jul 14, 2009 at 10:06 PM, lance raymond<lance.raymond at gmail.com<mailto:lance.raymond at gmail.com>> wrote:
> What I thought of was to make each file unique;
> ws = webserver;
>
> ws1.domain.com-access_log
> ws2.domain.com-access_log
>
> and just write them each to an nfs share.

It'd not the name of the files which matter. When a single process
(like syslog-ng) writes to a file then NFS behaves well. The problems
start when there are multiple processes trying to access the same
file. Disabling attribute caching in the NFS client could help, but
this could have a big impact on performance.

> Not flaming the group at all, actually Bazsi your name shows up more than
> any of my normal mail :)   But, I have tried twice with a reply or two, and
> once conf files were sent up and/or shown the thread died.  I see some very
> intersting questions, answers on the group and it would be nice to see some
> of these things, but really, I am talking about a handful of webservers
> (nothing fancy) just to write to a central log and it's not working.  The
> basic syslog @server worked perfect, since the platform updates, just not
> working, but I appreciate the reply.

So could you please tell what is the actual problem?

Regards,

Sandor
______________________________________________________________________________
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
FAQ: http://www.campin.net/syslog-ng/faq.html


-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20090721/4dfcb6db/attachment.htm

More information about the syslog-ng mailing list