<div class=MsoNormal><FONT face="Times New Roman" size=3><SPAN style="FONT-SIZE: 12pt">Hi everyone,<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" /><o:p></o:p></SPAN></FONT></div> <div class=MsoNormal><FONT face="Times New Roman" size=3><SPAN style="FONT-SIZE: 12pt"><o:p> </o:p></SPAN></FONT></div> <div class=MsoNormal><FONT face="Times New Roman" size=3><SPAN lang=EN-GB style="FONT-SIZE: 12pt">I have a problems with a “source-file”. Syslog-ng can’t read my “source-file”. I don’t know why, please help me.<o:p></o:p></SPAN></FONT></div> <div class=MsoNormal><FONT face="Times New Roman" size=3><SPAN lang=EN-GB style="FONT-SIZE: 12pt"><o:p> </o:p></SPAN></FONT></div> <div class=MsoNormal><FONT face="Times New Roman" size=3><SPAN lang=EN-GB style="FONT-SIZE: 12pt"><o:p> </o:p></SPAN></FONT></div> <div class=MsoNormal><FONT face="Times New Roman" size=3><SPAN lang=EN-GB style="FONT-SIZE: 12pt">This is my simple syslog-ng.conf file
(Vers- 1.6.11) on my Solaris 8 (Sparc.117350-16);<o:p></o:p></SPAN></FONT></div> <div class=MsoNormal><I><FONT face="Times New Roman" size=3><SPAN lang=EN-GB style="FONT-SIZE: 12pt; FONT-STYLE: italic"><o:p> </o:p></SPAN></FONT></I></div> <div class=MsoNormal><I><FONT face="Times New Roman" size=3><SPAN lang=EN-GB style="FONT-SIZE: 12pt; FONT-STYLE: italic">options { mark(600); sync(0); use_dns(yes); create_dirs(yes);<o:p></o:p></SPAN></FONT></I></div> <div class=MsoNormal><I><FONT face="Times New Roman" size=3><SPAN lang=EN-GB style="FONT-SIZE: 12pt; FONT-STYLE: italic">};<o:p></o:p></SPAN></FONT></I></div> <div class=MsoNormal><I><FONT face="Times New Roman" size=3><SPAN lang=EN-GB style="FONT-SIZE: 12pt; FONT-STYLE: italic">source src_tail {<o:p></o:p></SPAN></FONT></I></div> <div class=MsoNormal><I><FONT face="Times New Roman" size=3><SPAN lang=EN-GB style="FONT-SIZE: 12pt; FONT-STYLE: italic">
file("/var/log/syslog-ng/mar" );<o:p></o:p></SPAN></FONT></I></div> <div class=MsoNormal><I><FONT face="Times New Roman" size=3><SPAN lang=EN-GB style="FONT-SIZE: 12pt; FONT-STYLE: italic"> internal();<o:p></o:p></SPAN></FONT></I></div> <div class=MsoNormal><I><FONT face="Times New Roman" size=3><SPAN lang=EN-GB style="FONT-SIZE: 12pt; FONT-STYLE: italic">};<o:p></o:p></SPAN></FONT></I></div> <div class=MsoNormal><I><FONT face="Times New Roman" size=3><SPAN lang=EN-GB style="FONT-SIZE: 12pt; FONT-STYLE: italic">source s_local {<o:p></o:p></SPAN></FONT></I></div> <div class=MsoNormal><I><FONT face="Times New Roman" size=3><SPAN lang=EN-GB style="FONT-SIZE: 12pt; FONT-STYLE: italic"> sun-streams("/dev/log" door("/etc/.syslog_door"));<o:p></o:p></SPAN></FONT></I></div> <div class=MsoNormal><I><FONT face="Times New Roman" size=3><SPAN lang=EN-GB style="FONT-SIZE: 12pt;
FONT-STYLE: italic">};<o:p></o:p></SPAN></FONT></I></div> <div class=MsoNormal><I><FONT face="Times New Roman" size=3><SPAN lang=EN-GB style="FONT-SIZE: 12pt; FONT-STYLE: italic">destination d_loghost_localhost {<o:p></o:p></SPAN></FONT></I></div> <div class=MsoNormal><I><FONT face="Times New Roman" size=3><SPAN lang=EN-GB style="FONT-SIZE: 12pt; FONT-STYLE: italic"> udp("10.10.10.48" port(514)); file ("/var/log/syslog-ng/$YEAR.$MONTH.$DAY/localhost.log");<o:p></o:p></SPAN></FONT></I></div> <div class=MsoNormal><I><FONT face="Times New Roman" size=3><SPAN lang=EN-GB style="FONT-SIZE: 12pt; FONT-STYLE: italic">};<o:p></o:p></SPAN></FONT></I></div> <div class=MsoNormal><I><FONT face="Times New Roman" size=3><SPAN lang=EN-GB style="FONT-SIZE: 12pt; FONT-STYLE: italic">log {<o:p></o:p></SPAN></FONT></I></div> <div class=MsoNormal><I><FONT face="Times New Roman" size=3><SPAN lang=EN-GB style="FONT-SIZE: 12pt; FONT-STYLE:
italic"> source(src_tail); source(s_local); destination(d_loghost_localhost) ;<o:p></o:p></SPAN></FONT></I></div> <div class=MsoNormal><I><FONT face="Times New Roman" size=3><SPAN lang=EN-GB style="FONT-SIZE: 12pt; FONT-STYLE: italic">};<o:p></o:p></SPAN></FONT></I></div> <div class=MsoNormal><I><FONT face=Arial size=2><SPAN lang=EN-GB style="FONT-SIZE: 10pt; FONT-STYLE: italic; FONT-FAMILY: Arial"><o:p> </o:p></SPAN></FONT></I></div> <div class=MsoNormal><FONT face=Arial size=2><SPAN lang=EN-GB style="FONT-SIZE: 10pt; FONT-FAMILY: Arial"><o:p> </o:p></SPAN></FONT></div> <div class=MsoNormal><FONT face=Arial size=2><SPAN lang=EN-GB style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">I can see on the remote central server log </SPAN></FONT><SPAN lang=EN-GB>"10.10.10.48" that it is working with the internal messages;<o:p></o:p></SPAN></div> <div class=MsoNormal><FONT face="Times New Roman" size=3><SPAN lang=EN-GB style="FONT-SIZE:
12pt"><o:p> </o:p></SPAN></FONT></div> <div class=MsoNormal><I><FONT face="Times New Roman" size=3><SPAN lang=EN-GB style="FONT-SIZE: 12pt; FONT-STYLE: italic">15:11:50.193397 10.10.1.36.33055 > 10.10.10.48.syslog: udp 92 (DF)<o:p></o:p></SPAN></FONT></I></div> <div class=MsoNormal><I><FONT face="Times New Roman" size=3><SPAN lang=EN-GB style="FONT-SIZE: 12pt; FONT-STYLE: italic">0x0000 4500 0078 df47 4000 fd11 7ec5 0a0a 0124 E..x.G@...~....$<o:p></o:p></SPAN></FONT></I></div> <div class=MsoNormal><I><FONT face="Times New Roman" size=3><SPAN lang=EN-GB style="FONT-SIZE: 12pt; FONT-STYLE: italic">0x0010 0a0a 0a30 811f 0202 0064 9f5e 3c34 353e ...0.....d.^<45><o:p></o:p></SPAN></FONT></I></div> <div class=MsoNormal><I><FONT face="Times New Roman" size=3><SPAN lang=EN-GB style="FONT-SIZE: 12pt; FONT-STYLE: italic">0x0020 4f63 7420 2034 2031
353a 3131 3a35 3020 Oct..4.15:11:50.<o:p></o:p></SPAN></FONT></I></div> <div class=MsoNormal><I><FONT face="Times New Roman" size=3><SPAN style="FONT-SIZE: 12pt; FONT-STYLE: italic">0x0030 7372 635f 7461 696c 4061 7070 7331 6d6e src_tail@testhos<o:p></o:p></SPAN></FONT></I></div> <div class=MsoNormal><I><FONT face="Times New Roman" size=3><SPAN style="FONT-SIZE: 12pt; FONT-STYLE: italic">0x0040 3120 7379 736c 6f67 2d6e 675b 3139 3933 t.syslog-ng[1993<o:p></o:p></SPAN></FONT></I></div> <div class=MsoNormal><I><FONT face="Times New Roman" size=3><SPAN lang=EN-GB style="FONT-SIZE: 12pt; FONT-STYLE: italic">0x0050
305d 0]<o:p></o:p></SPAN></FONT></I></div> <div class=MsoNormal><I><FONT face="Times New Roman" size=3><SPAN lang=EN-GB style="FONT-SIZE: 12pt; FONT-STYLE: italic"><o:p> </o:p></SPAN></FONT></I></div> <div class=MsoNormal><FONT face="Times New Roman" size=3><SPAN lang=EN-GB style="FONT-SIZE: 12pt">I make a test in the local server #<I><SPAN style="FONT-STYLE: italic">logger -p local3.info test1</SPAN></I> and I can see the message on tcpdump in the remote server; <o:p></o:p></SPAN></FONT></div> <div class=MsoNormal><I><FONT face="Times New Roman" size=3><SPAN lang=EN-GB style="FONT-SIZE: 12pt; FONT-STYLE: italic"><o:p> </o:p></SPAN></FONT></I></div> <div class=MsoNormal><I><FONT face="Times New Roman"
size=3><SPAN lang=EN-GB style="FONT-SIZE: 12pt; FONT-STYLE: italic">15:22:58.946246 10.10.1.36.33318 > 10.10.10.48.syslog: udp 78 (DF)<o:p></o:p></SPAN></FONT></I></div> <div class=MsoNormal><I><FONT face="Times New Roman" size=3><SPAN lang=EN-GB style="FONT-SIZE: 12pt; FONT-STYLE: italic">0x0000 4500 006a 014e 4000 fd11 5ccd 0a0a 0124 E..j.N@...\....$<o:p></o:p></SPAN></FONT></I></div> <div class=MsoNormal><I><FONT face="Times New Roman" size=3><SPAN lang=EN-GB style="FONT-SIZE: 12pt; FONT-STYLE: italic">0x0010 0a0a 0a30 8226 0202 0056 852d 3c31 3538 ...0.&...V.-<158<o:p></o:p></SPAN></FONT></I></div> <div class=MsoNormal><I><FONT face="Times New Roman" size=3><SPAN lang=EN-GB style="FONT-SIZE: 12pt; FONT-STYLE: italic">0x0020 3e4f 6374 2020 3420 3135 3a32 323a 3538
>Oct..4.15:22:58<o:p></o:p></SPAN></FONT></I></div> <div class=MsoNormal><I><FONT face="Times New Roman" size=3><SPAN style="FONT-SIZE: 12pt; FONT-STYLE: italic">0x0030 2073 5f6c 6f63 616c 4061 7070 7331 6d6e .s_local@testhos<o:p></o:p></SPAN></FONT></I></div> <div class=MsoNormal><I><FONT face="Times New Roman" size=3><SPAN lang=EN-GB style="FONT-SIZE: 12pt; FONT-STYLE: italic">0x0040 3120 6d61 7266 6162 6961 3a20 5b49 4420 t.marcos:.[ID.<o:p></o:p></SPAN></FONT></I></div> <div class=MsoNormal><I><FONT face="Times New Roman" size=3><SPAN lang=EN-GB style="FONT-SIZE: 12pt; FONT-STYLE: italic">0x0050
3730 70<o:p></o:p></SPAN></FONT></I></div> <div class=MsoNormal><I><FONT face="Times New Roman" size=3><SPAN lang=EN-GB style="FONT-SIZE: 12pt; FONT-STYLE: italic"><o:p> </o:p></SPAN></FONT></I></div> <div class=MsoNormal><FONT face="Times New Roman" size=3><SPAN lang=EN-GB style="FONT-SIZE: 12pt">The file destination local is writing only the <I><SPAN style="FONT-STYLE: italic">internal()</SPAN></I> but nothing about my file “<I><SPAN style="FONT-STYLE: italic">/var/log/syslog-ng/mar</SPAN></I>” ;<o:p></o:p></SPAN></FONT></div> <div class=MsoNormal><FONT face="Times New Roman" size=3><SPAN lang=EN-GB style="FONT-SIZE: 12pt"><o:p> </o:p></SPAN></FONT></div> <div class=MsoNormal><FONT face="Times New Roman"
size=3><SPAN lang=EN-GB style="FONT-SIZE: 12pt">#tail <I><SPAN style="FONT-STYLE: italic">/var/log/syslog-ng/$YEAR.$MONTH.$DAY/localhost.log</SPAN></I><o:p></o:p></SPAN></FONT></div> <div class=MsoNormal><I><FONT face="Times New Roman" size=3><SPAN lang=EN-GB style="FONT-SIZE: 12pt; FONT-STYLE: italic">Oct 4 15:22:54 src_tail@testhost syslog-ng[23738]: syslog-ng version 1.6.11 starting<o:p></o:p></SPAN></FONT></I></div> <div class=MsoNormal><I><FONT face="Times New Roman" size=3><SPAN lang=EN-GB style="FONT-SIZE: 12pt; FONT-STYLE: italic">Oct 4 15:32:54 src_tail@testhost syslog-ng[23738]: STATS: dropped 0<o:p></o:p></SPAN></FONT></I></div> <div class=MsoNormal><FONT face="Times New Roman" size=3><SPAN lang=EN-GB style="FONT-SIZE: 12pt"><o:p> </o:p></SPAN></FONT></div> <div class=MsoNormal><FONT face="Times New Roman" size=3><SPAN lang=EN-GB style="FONT-SIZE: 12pt">This test script is running “<I><SPAN style="FONT-STYLE: italic">while true;
do date >>/var/log/syslog-ng/mar; sleep 5; done &</SPAN></I>” and it is writing every 5 seconds on my “source file” but I can see nothing on the remote host and nothing in local host (root@testhost# snoop -d hme0 10.10.10.48) or local file.<o:p></o:p></SPAN></FONT></div> <div class=MsoNormal><FONT face="Times New Roman" size=3><SPAN lang=EN-GB style="FONT-SIZE: 12pt"><o:p> </o:p></SPAN></FONT></div> <div class=MsoNormal><FONT face="Times New Roman" size=3><SPAN lang=EN-GB style="FONT-SIZE: 12pt">root@testhost # ps -ef|grep syslog<o:p></o:p></SPAN></FONT></div> <div class=MsoNormal><FONT face="Times New Roman" size=3><SPAN lang=EN-GB style="FONT-SIZE: 12pt"> root 28281 1 0 Sep 19 ? 0:00 /usr/sbin/syslogd<o:p></o:p></SPAN></FONT></div> <div class=MsoNormal><FONT face="Times New Roman" size=3><SPAN lang=EN-GB style="FONT-SIZE: 12pt"> root
28310 1 1 16:09:21 ? 0:00 /usr/local/sbin/syslog-ng -f /etc/syslog-ng.conf<o:p></o:p></SPAN></FONT></div> <div class=MsoNormal><FONT face="Times New Roman" size=3><SPAN lang=EN-GB style="FONT-SIZE: 12pt">root@testhost # ls -la /var/log/syslog-ng/mar<o:p></o:p></SPAN></FONT></div> <div class=MsoNormal><FONT face="Times New Roman" size=3><SPAN lang=EN-GB style="FONT-SIZE: 12pt">-rwxrwxrwx 1 root other 64042 Oct 4 16:09 /var/log/syslog-ng/mar<o:p></o:p></SPAN></FONT></div> <div class=MsoNormal><FONT face="Times New Roman" size=3><SPAN lang=EN-GB style="FONT-SIZE: 12pt"><o:p> </o:p></SPAN></FONT></div> <div class=MsoNormal><FONT face="Times New Roman" size=3><SPAN lang=EN-GB style="FONT-SIZE: 12pt"><o:p> </o:p></SPAN></FONT></div> <div class=MsoNormal><FONT face="Times New Roman" size=3><SPAN lang=EN-GB style="FONT-SIZE:
12pt"><o:p> </o:p></SPAN></FONT></div> <div class=MsoNormal><FONT face="Times New Roman" size=3><SPAN lang=EN-GB style="FONT-SIZE: 12pt">Can you help me?<o:p></o:p></SPAN></FONT></div> <div class=MsoNormal><FONT face="Times New Roman" size=3><SPAN lang=EN-GB style="FONT-SIZE: 12pt">Thanks in advance,<o:p></o:p></SPAN></FONT></div> <div class=MsoNormal><FONT face="Times New Roman" size=3><SPAN lang=EN-GB style="FONT-SIZE: 12pt"><o:p> </o:p></SPAN></FONT></div> <div class=MsoNormal><FONT face="Times New Roman" size=3><SPAN lang=EN-GB style="FONT-SIZE: 12pt">Marcos Fabian.<o:p></o:p></SPAN></FONT></div> <div class=MsoNormal><FONT face="Times New Roman" size=3><SPAN lang=EN-GB style="FONT-SIZE: 12pt"><o:p> </o:p></SPAN></FONT></div> <div class=MsoNormal><FONT face="Times New Roman" size=3><SPAN lang=EN-GB style="FONT-SIZE: 12pt"><o:p> </o:p></SPAN></FONT></div> <div class=MsoNormal><FONT face="Times New Roman" size=3><SPAN lang=EN-GB
style="FONT-SIZE: 12pt">PS- Also when I include the option “follow_freq(1)” on the syslog-ng.conf ; <o:p></o:p></SPAN></FONT></div> <div class=MsoNormal><I><FONT face="Times New Roman" size=3><SPAN lang=EN-GB style="FONT-SIZE: 12pt; FONT-STYLE: italic">source s_tail { file("/var/log/apache/access.log" follow_freq(1) flags(no-parse)); };</SPAN></FONT></I><SPAN lang=EN-GB><o:p></o:p></SPAN></div> <div class=MsoNormal><FONT face="Times New Roman" size=3><SPAN lang=EN-GB style="FONT-SIZE: 12pt">I have the next error;<o:p></o:p></SPAN></FONT></div> <div class=MsoNormal><FONT face="Times New Roman" size=3><SPAN lang=EN-GB style="FONT-SIZE: 12pt"># /usr/local/sbin/syslog-ng -d -v /etc/syslog-ng.conf<o:p></o:p></SPAN></FONT></div> <div class=MsoNormal><FONT face="Times New Roman" size=3><SPAN lang=EN-GB style="FONT-SIZE: 12pt">syntax error at 10<o:p></o:p></SPAN></FONT></div> <div class=MsoNormal><I><FONT face="Times New Roman" size=3><SPAN lang=EN-GB style="FONT-SIZE: 12pt;
FONT-STYLE: italic">Parse error reading configuration file, exiting. (line 10)<o:p></o:p></SPAN></FONT></I></div> <div class=MsoNormal><FONT face="Times New Roman" size=3><SPAN lang=EN-GB style="FONT-SIZE: 12pt"><o:p> </o:p></SPAN></FONT></div><p> 
<hr size=1>Yahoo! oneSearch: Finally, <a href="http://us.rd.yahoo.com/evt=48252/*http://mobile.yahoo.com/mobileweb/onesearch?refer=1ONXIC"> mobile search
that gives answers</a>, not web links.