<div>Hi </div> <div> </div> <div>Please can anyone help me how to log message to syslog-ng manually.</div> <div>e.g. in Linux I can log message as # logger "test message" <Return> ; and it goes to file defined in syslog-ng.conf(/var/adm/messages),</div> <div> </div> <div>However in case of HP-UX it is not working as describe above for Linux. Is there any other method to log message manually in HP-UX?</div> <div>Or messages are dropping?</div> <div> </div> <div>Please suggest.</div> <div> </div> <div>Thanks</div> <div>Shamimuddin</div> <div>CSC Noida<BR><BR><B><I>olivier rolland <madmax2010fr@yahoo.fr></I></B> wrote:</div> <BLOCKQUOTE class=replbq style="PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #1010ff 2px solid">You have to put the log device with the pad_size into your system source.<BR>source s_sys {pipe("/dev/log" pad_size(2048));<BR>internal(); };<BR>It's working on my system so you can
try.<BR>You can also add the klog device (/dev/klog) with same options than <BR>/dev/log.<BR><BR>Shamim a écrit :<BR>> <BR>> Hi,<BR>> I've compile syslog-ng-2.0.2 on HP-UX-11.11, however messages are not <BR>> going to desired destinations as defined in the syslog-ng.conf .<BR>> <BR>> my syslog-ng.conf<BR>> ---------------------------------------------<BR>> # syslog-ng configuration file.<BR>> #<BR>> # This should behave pretty much like the original syslog on HP-UX. But<BR>> # it could be configured a lot smarter.<BR>> #<BR>> # See syslog-ng(8) and syslog-ng.conf(8) for more information.<BR>> #<BR>> # 20000925 gb@sysfive.com <mailto:gb@sysfive.com><BR>> options { sync (0);<BR>> time_reopen (10);<BR>> log_fifo_size (1000);<BR>> long_hostnames (off);<BR>> use_dns (no);<BR>> use_fqdn (no);<BR>> create_dirs (no);<BR>> keep_hostname (yes);<BR>> };<BR>> source s_sys {internal();pipe("/dev/log");
};<BR>> destination d_cons { file("/dev/console1"); };<BR>> destination d_mesg { file("/var/adm/syslog/syslog-ng.log"); };<BR>> destination d_mail { file("/var/adm/syslog/mail-ng.log"); };<BR>> destination d_mlrt { usertty("root"); };<BR>> destination d_mlal { usertty("*"); };<BR>> filter f_filter1 { facility(mail) and level(debug); };<BR>> filter f_filter2 { (facility(mail) and level(debug)) or<BR>> level(info); };<BR>> filter f_filter3 { level(alert); };<BR>> filter f_filter4 { level(emerg); };<BR>> log { source(s_sys); destination(d_mail); };<BR>> log { source(s_sys); destination(d_mesg); };<BR>> log { source(s_sys); destination(d_cons);destination(d_mlrt); };<BR>> log { source(s_sys); destination(d_mlal); };<BR>> #<BR>> --------------------------------------------<BR>> Now If I generate message using "logger" utility on system, message <BR>> should go to "/var/adm/syslog/syslog-ng.log", though they are not
going...<BR>> Is there anything wrong with .conf file?<BR>> <BR>> What should be the conf file for central server and client on HP-UX?<BR>> <BR>> <BR>> syslog-ng daemon is running like:<BR>> -------------------------------------------------------------------------------<BR>> syslog-ng service starting.<BR>> # ps -eaf |grep syslog-ng<BR>> root 14437 1 0 10:22:30 ? 0:00 <BR>> /opt/soe/local/syslog-ng-2.0.2/sbin/syslog-ng -f /opt/soe/local<BR>> #<BR>> ------------------------------------------------------------------------------<BR>> <BR>> Thanks<BR>> Shamim<BR>><BR>> */syslog-ng-request@lists.balabit.hu/* wrote:<BR>><BR>> Send syslog-ng mailing list submissions to<BR>> syslog-ng@lists.balabit.hu<BR>><BR>> To subscribe or unsubscribe via the World Wide Web, visit<BR>> https://lists.balabit.hu/mailman/listinfo/syslog-ng<BR>> or, via email, send a message with subject or body 'help' to<BR>>
syslog-ng-request@lists.balabit.hu<BR>><BR>> You can reach the person managing the list at<BR>> syslog-ng-owner@lists.balabit.hu<BR>><BR>> When replying, please edit your Subject line so it is more specific<BR>> than "Re: Contents of syslog-ng digest..."<BR>><BR>><BR>> Today's Topics:<BR>><BR>> 1. Re: Is this possible in syslog-ng.conf . (v2.0.2)<BR>> (Balazs Scheidler)<BR>> 2. Re: Setting permissions on log files (Balazs Scheidler)<BR>> 3. Re: Is this possible in syslog-ng.conf . (v2.0.2) (Evan Rempel)<BR>> 4. compilation errors with --enable-spoof-source<BR>> (Ravi Papisetti -X (rpapiset - HCL at Cisco))<BR>> 5. Re: Is this possible in syslog-ng.conf . (v2.0.2)<BR>> (Balazs Scheidler)<BR>> 6. Re: compilation errors with --enable-spoof-source<BR>> (Balazs Scheidler)<BR>> 7. RE: compilation errors with --enable-spoof-source<BR>> (Ravi Papisetti -X (rpapiset - HCL at Cisco))<BR>> 8. RE: compilation errors
with --enable-spoof-source<BR>> (Balazs Scheidler)<BR>><BR>><BR>> ----------------------------------------------------------------------<BR>><BR>> Message: 1<BR>> Date: Mon, 19 Feb 2007 17:14:12 +0100<BR>> From: Balazs Scheidler<BR>> Subject: Re: [syslog-ng] Is this possible in syslog-ng.conf . (v2.0.2)<BR>> To: Syslog-ng users' and developers' mailing list<BR>><BR>> Message-ID: <1171901652.11781.7.camel@bzorp.balabit><BR>> Content-Type: text/plain<BR>><BR>> On Sun, 2007-02-18 at 16:48 -0800, Mr. James W. Laferriere wrote:<BR>><BR>> > Ok . IMO counter intuitive , Tho reasonable with your explanation .<BR>> > One is very used to the 'source' in FW/router/...'s as being the<BR>> source<BR>> > device(s) IP from where a packet came from .<BR>><BR>> syslog-ng is not a firewall :) this is sometimes strange to me as<BR>> well,<BR>> being involved in firewall products as well. But putting the
joke<BR>> aside,<BR>> syslog-ng is a "syslog message pipe" processor: sources generate<BR>> messages, destinations serve as message sinks. Some filtering here and<BR>> there, that's about syslog-ng's internal structure.<BR>><BR>> So, naming source as a source is consistent with syslog-ng itself.<BR>><BR>> > An aside , Can one do the 'Formatting' like my example above ,<BR>> again<BR>> > no examples show up like that , but I am hopeful .<BR>> ><BR>> ><BR>> > > To do that you need the netmask() filter.<BR>> ><BR>> > Next time I'll go looking at the Blog at Gmane first before<BR>> shooting my<BR>> > mouth off . netmask was just the hint I needed .<BR>> > Tho it sure would be nice for netmask() to support the /xx bits<BR>> netmask<BR>> > format .<BR>><BR>> It does support this format.<BR>><BR>> -- <BR>> Bazsi<BR>><BR>><BR>><BR>>
------------------------------<BR>><BR>> Message: 2<BR>> Date: Mon, 19 Feb 2007 17:15:57 +0100<BR>> From: Balazs Scheidler<BR>> Subject: Re: [syslog-ng] Setting permissions on log files<BR>> To: Syslog-ng users' and developers' mailing list<BR>><BR>> Message-ID: <1171901757.11781.10.camel@bzorp.balabit><BR>> Content-Type: text/plain<BR>><BR>> On Mon, 2007-02-19 at 01:45 +0000, Bryan Henderson wrote:<BR>> > With the 'file' destination, Syslog-ng modifies the ownership and<BR>> > permissions of the file when it opens it. There are configuration<BR>> > file options to choose what it sets them to, but AFAICT, no way to<BR>> > have Syslog-ng just leave the files as it finds them.<BR>> ><BR>> > I prefer to maintain permissions and ownership separately; I set<BR>> them<BR>> > when I create the file and expect them to stick. Could there be a<BR>> > configuration file option for that?<BR>>
><BR>><BR>> IIRC, you can use -1 for various options, which means "do not touch".<BR>> But I would need to test it. The code in the C part is there, the only<BR>> question that remains whether the parser accepts "-1" in the place of<BR>> owner/group/permissions.<BR>><BR>> -- <BR>> Bazsi<BR>><BR>><BR>><BR>> ------------------------------<BR>><BR>> Message: 3<BR>> Date: Mon, 19 Feb 2007 09:02:15 -0800<BR>> From: Evan Rempel<BR>> Subject: Re: [syslog-ng] Is this possible in syslog-ng.conf . (v2.0.2)<BR>> To: "Syslog-ng users' and developers' mailing list"<BR>><BR>> Message-ID: <45D9D817.7050309@uvic.ca><BR>> Content-Type: text/plain; charset=ISO-8859-1; format=flowed<BR>><BR>> Balazs Scheidler wrote:<BR>> > On Sun, 2007-02-18 at 16:48 -0800, Mr. James W. Laferriere wrote:<BR>> ><BR>> >> Ok . IMO counter intuitive , Tho reasonable with your<BR>> explanation .<BR>> >>
One is very used to the 'source' in FW/router/...'s as being<BR>> the source<BR>> >> device(s) IP from where a packet came from .<BR>> ><BR>> > syslog-ng is not a firewall :) this is sometimes strange to me<BR>> as well,<BR>> > being involved in firewall products as well. But putting the<BR>> joke aside,<BR>> > syslog-ng is a "syslog message pipe" processor: sources generate<BR>> > messages, destinations serve as message sinks. Some filtering<BR>> here and<BR>> > there, that's about syslog-ng's internal structure.<BR>> ><BR>> > So, naming source as a source is consistent with syslog-ng itself.<BR>><BR>> I think that the author of the original comment was refereing to<BR>> the IP address binding<BR>> in the source definition<BR>><BR>> source network { tcp( ip(xxxx) ); };<BR>><BR>> where the IP address is NOT the source at all, it is a local IP<BR>> address to bind the listener
to.<BR>> Perhaps the syntax should be<BR>><BR>> source network { tcp( bind(xxxx) ); };<BR>><BR>> since the bind address MUST be ip since the definition is already<BR>> defined to be tcp.<BR>><BR>> I think it is a little counter intuitive even within the scope of<BR>> syslog-ng.<BR>><BR>> Evan.<BR>><BR>><BR>> ><BR>> >> An aside , Can one do the 'Formatting' like my example above ,<BR>> again<BR>> >> no examples show up like that , but I am hopeful .<BR>> >><BR>> >><BR>> >>> To do that you need the netmask() filter.<BR>> >> Next time I'll go looking at the Blog at Gmane first before<BR>> shooting my<BR>> >> mouth off . netmask was just the hint I needed .<BR>> >> Tho it sure would be nice for netmask() to support the /xx bits<BR>> netmask<BR>> >> format .<BR>> ><BR>> > It does support this format.<BR>>
><BR>><BR>><BR>> -- <BR>> Evan Rempel erempel@uvic.ca<BR>> Senior Programmer Analyst 250.721.7691<BR>> Computing Services<BR>> University of Victoria<BR>><BR>><BR>> ------------------------------<BR>><BR>> Message: 4<BR>> Date: Mon, 19 Feb 2007 13:09:41 -0600<BR>> From: "Ravi Papisetti -X (rpapiset - HCL at Cisco)"<BR>><BR>> Subject: [syslog-ng] compilation errors with --enable-spoof-source<BR>> To: "syslog-ng@lists.balabit.hu"<BR>> Message-ID: <5A8F8213-CAC5-4190-A902-FE91C0DC844D@mimectl><BR>> Content-Type: text/plain; charset="iso-8859-1"<BR>><BR>> Hi,<BR>><BR>> I am using syslog-ng 1.6.11 and trying to compile this package with<BR>> ./configure --enable-spoof-source, it throws errors as below<BR>><BR>> checking whether to enable Sun STREAMS support... yes<BR>> checking whether to enable Sun door support... yes<BR>> checking whether to enable TCP wrapper support... no<BR>>
checking whether to enable spoof_source support... ./configure:<BR>> test: too many arguments<BR>> configure: error: libnet-config not found<BR>><BR>> It compiles fine without --enable-spoof-source this option. Could<BR>> you do the needful.<BR>><BR>> Thanks,<BR>> Ravi Kumar P.<BR>> -------------- next part --------------<BR>> An HTML attachment was scrubbed...<BR>> URL:<BR>> http://lists.balabit.hu/pipermail/syslog-ng/attachments/20070219/dc8ca38e/attachment-0001.html<BR>><BR>> ------------------------------<BR>><BR>> Message: 5<BR>> Date: Mon, 19 Feb 2007 20:23:01 +0100<BR>> From: Balazs Scheidler<BR>> Subject: Re: [syslog-ng] Is this possible in syslog-ng.conf . (v2.0.2)<BR>> To: Syslog-ng users' and developers' mailing list<BR>><BR>> Message-ID: <1171912981.11781.12.camel@bzorp.balabit><BR>> Content-Type: text/plain<BR>><BR>> On Mon, 2007-02-19 at 09:02 -0800, Evan Rempel wrote:<BR>>
> Balazs Scheidler wrote:<BR>> > > On Sun, 2007-02-18 at 16:48 -0800, Mr. James W. Laferriere wrote:<BR>> > ><BR>> > >> Ok . IMO counter intuitive , Tho reasonable with your<BR>> explanation .<BR>> > >> One is very used to the 'source' in FW/router/...'s as being<BR>> the source<BR>> > >> device(s) IP from where a packet came from .<BR>> > ><BR>> > > syslog-ng is not a firewall :) this is sometimes strange to me<BR>> as well,<BR>> > > being involved in firewall products as well. But putting the<BR>> joke aside,<BR>> > > syslog-ng is a "syslog message pipe" processor: sources generate<BR>> > > messages, destinations serve as message sinks. Some filtering<BR>> here and<BR>> > > there, that's about syslog-ng's internal structure.<BR>> > ><BR>> > > So, naming source as a source is consistent with syslog-ng itself.<BR>> ><BR>>
> I think that the author of the original comment was refereing to<BR>> the IP address binding<BR>> > in the source definition<BR>> ><BR>> > source network { tcp( ip(xxxx) ); };<BR>> ><BR>> > where the IP address is NOT the source at all, it is a local IP<BR>> address to bind the listener to.<BR>> > Perhaps the syntax should be<BR>> ><BR>> > source network { tcp( bind(xxxx) ); };<BR>> ><BR>> > since the bind address MUST be ip since the definition is<BR>> already defined to be tcp.<BR>> ><BR>> > I think it is a little counter intuitive even within the scope<BR>> of syslog-ng.<BR>> ><BR>><BR>> ip is an alias for localip(), but it's true that all examples use<BR>> ip().<BR>><BR>> -- <BR>> Bazsi<BR>><BR>><BR>><BR>> ------------------------------<BR>><BR>> Message: 6<BR>> Date: Mon, 19 Feb 2007 20:23:34 +0100<BR>> From: Balazs Scheidler<BR>>
Subject: Re: [syslog-ng] compilation errors with --enable-spoof-source<BR>> To: Syslog-ng users' and developers' mailing list<BR>><BR>> Message-ID: <1171913014.11781.14.camel@bzorp.balabit><BR>> Content-Type: text/plain<BR>><BR>> On Mon, 2007-02-19 at 13:09 -0600, Ravi Papisetti -X (rpapiset -<BR>> HCL at<BR>> Cisco) wrote:<BR>> > Hi,<BR>> ><BR>> > I am using syslog-ng 1.6.11 and trying to compile this package with<BR>> > ./configure --enable-spoof-source, it throws errors as below<BR>> ><BR>> > checking whether to enable Sun STREAMS support... yes<BR>> > checking whether to enable Sun door support... yes<BR>> > checking whether to enable TCP wrapper support... no<BR>> > checking whether to enable spoof_source support... ./configure:<BR>> test:<BR>> > too many arguments<BR>> > configure: error: libnet-config not found<BR>> ><BR>> > It compiles fine without
--enable-spoof-source this option.<BR>> Could you<BR>> > do the needful.<BR>> ><BR>><BR>> You need libnet in order to compile syslog-ng with spoof source<BR>> support.<BR>><BR>> -- <BR>> Bazsi<BR>><BR>><BR>><BR>> ------------------------------<BR>><BR>> Message: 7<BR>> Date: Mon, 19 Feb 2007 16:36:42 -0600<BR>> From: "Ravi Papisetti -X (rpapiset - HCL at Cisco)"<BR>><BR>> Subject: RE: [syslog-ng] compilation errors with --enable-spoof-source<BR>> To: "Syslog-ng users' and developers' mailing list"<BR>><BR>> Message-ID: <6F4AD076-DD4B-45CE-9B37-8C326CB89BA9@mimectl><BR>> Content-Type: text/plain; charset="us-ascii"<BR>><BR>> An HTML attachment was scrubbed...<BR>> URL:<BR>> http://lists.balabit.hu/pipermail/syslog-ng/attachments/20070219/5f74b573/attachment-0001.htm<BR>><BR>> ------------------------------<BR>><BR>> Message: 8<BR>> Date: Tue, 20 Feb 2007 08:59:33
+0000<BR>> From: Balazs Scheidler<BR>> Subject: RE: [syslog-ng] compilation errors with --enable-spoof-source<BR>> To: Syslog-ng users' and developers' mailing list<BR>><BR>> Message-ID: <1171961973.9887.0.camel@bzorp.balabit><BR>> Content-Type: text/plain<BR>><BR>> On Mon, 2007-02-19 at 16:36 -0600, Ravi Papisetti -X (rpapiset -<BR>> HCL at<BR>> Cisco) wrote:<BR>> > Already that is installed in my m/c. Compilations went successful<BR>> > without this option. I understand that libnet is to compile this<BR>> > package.<BR>> ><BR>> > Let us know how to check if Libnet package installation is fine<BR>> in my<BR>> > system or not.<BR>><BR>> if libnet is installed, you should have a script called libnet-config<BR>> somewhere in your path. that's what the configure script does not<BR>> find.<BR>><BR>> -- <BR>> Bazsi<BR>><BR>><BR>><BR>>
------------------------------<BR>><BR>> _______________________________________________<BR>> syslog-ng maillist - syslog-ng@lists.balabit.hu<BR>> https://lists.balabit.hu/mailman/listinfo/syslog-ng<BR>><BR>><BR>> End of syslog-ng Digest, Vol 22, Issue 21<BR>> *****************************************<BR>><BR>><BR>> ------------------------------------------------------------------------<BR>> New Yahoo! Mail is the ultimate force in competitive emailing. Find <BR>> out more at the Yahoo! Mail Championships <BR>> <HTTP: evt="44106/*http://mail.yahoo.net/uk/" uk.rd.yahoo.com *http: games championships default taglines uk mail>. <BR>> Plus: play games and win prizes.<BR>> ------------------------------------------------------------------------<BR>><BR>> _______________________________________________<BR>> syslog-ng maillist - syslog-ng@lists.balabit.hu<BR>> https://lists.balabit.hu/mailman/listinfo/syslog-ng<BR>>
Frequently asked questions at http://www.campin.net/syslog-ng/faq.html<BR>><BR>> <BR><BR><BR><BR><BR><BR>___________________________________________________________________________ <BR>Yahoo! Mail réinvente le mail ! Découvrez le nouveau Yahoo! Mail et son interface révolutionnaire.<BR>http://fr.mail.yahoo.com<BR></BLOCKQUOTE><BR></mailto:gb@sysfive.com><p> 
<hr size=1>
The <a href="http://us.rd.yahoo.com/mail/uk/taglines/default/nowyoucan/free_from_isp/*http://us.rd.yahoo.com/evt=40565/*http://uk.docs.yahoo.com/nowyoucan.html">all-new Yahoo! Mail</a> goes wherever you go - free your email address from your Internet provider.