<html><head><style type="text/css"><!-- DIV {margin:0px;} --></style></head><body><div style="font-family:times new roman, new york, times, serif;font-size:12pt"><div>Is syslogd running on your central server? In this case you have to disable syslogd logging from remote (using -s option) .<br>personally in order to recieve logs from syslogd clients i use this config:<br>source s_sys {<br> udp(ip(0.0.0.0) port(514));<br>};<br><br>filter f_sys { level(info..emerg) and not facility(mail); };<br>destination d_sys {file("/foo/full$DAY.log");};<br><br>log { source(s_sys); filter(f_sys) ; destination(d_sys) ;};<br><br></div><div style="font-family: times new roman,new york,times,serif; font-size: 12pt;"><br><div style="font-family: times new roman,new york,times,serif; font-size: 12pt;">----- Message d'origine ----<br>De : Leandro Ferreira da Silva <ferreira@iqm.unicamp.br><br>À :
Syslog-ng users' and developers' mailing list <syslog-ng@lists.balabit.hu><br>Envoyé le : Mercredi, 23 Juillet 2008, 14h14mn 29s<br>Objet : Re: [syslog-ng] Re : Re : Re : Syslogd + Syslog-ng<br><br>
The configuration is the standart, I only do the follow changes.<br><br>
# sources<br>
source src { unix-dgram("/var/run/log");<br>
unix-dgram("/var/run/logpriv" perm(0600));<br>
udp(); internal(); file("/dev/klog"); };<br><br>
I add this,<br>
source r_src { udp(ip("<b>client.domain</b>") port(514)); };<br><br>
I add this,<br>
destination gafanhoto_messages { file("/var/log/gafanhoto/messages"
owner("root") group("wheel") perm(0640)); };<br><br>
I add this,<br>
log { source(r_src); destination(gafanhoto_messages); };<br><br>
When I start the syslog-ng..<br>
scorpion# /usr/local/etc/rc.d/syslog-ng start<br>
Starting syslog_ng.<br>
Error binding socket; addr='AF_INET(<b>client.domain</b>:514)',
error='Can\'t assign requested address (49)'<br>
Error initializing source driver; source='r_src'<br><br><blockquote type="cite"><div style="font-family: times new roman,new york,times,serif; font-size: 12pt;"><div>Could you send us a partial copy of your syslog-ng configuration?<br></div><div style="font-family: times new roman,new york,times,serif; font-size: 12pt;"><br><div style="font-family: arial,helvetica,sans-serif; font-size: 13px;">-----
Message d'origine ----<br>
De : Leandro Ferreira da Silva <a rel="nofollow" class="moz-txt-link-rfc2396E" ymailto="mailto:ferreira@iqm.unicamp.br" target="_blank" href="mailto:ferreira@iqm.unicamp.br"><ferreira@iqm.unicamp.br></a><br>
À : <a rel="nofollow" class="moz-txt-link-abbreviated" ymailto="mailto:syslog-ng@lists.balabit.hu" target="_blank" href="mailto:syslog-ng@lists.balabit.hu">syslog-ng@lists.balabit.hu</a><br>
Envoyé le : Mardi, 22 Juillet 2008, 21h35mn 02s<br>
Objet : Re: [syslog-ng] Re : Re : Syslogd + Syslog-ng<br><br>
The messages is send to server, the problem is the server that can't <br>
take the messages.<br>
I'm using FreeBSD 7.0 release.<br>
> You can try to launch syslogd in the debug mode and look if your <br>
> messages from the client are really rend to the syslog-ng server.<br>
> What OS do you use?<br>
> ----- Message d'origine ----<br>
> De : Leandro Ferreira da Silva <<a rel="nofollow" ymailto="mailto:ferreira@iqm.unicamp.br" target="_blank" href="mailto:ferreira@iqm.unicamp.br">ferreira@iqm.unicamp.br</a>><br>
> À : "olivier "madmax"rolland" <<a rel="nofollow" ymailto="mailto:madmax2010fr@yahoo.fr" target="_blank" href="mailto:madmax2010fr@yahoo.fr">madmax2010fr@yahoo.fr</a>><br>
> Envoyé le : Mardi, 22 Juillet 2008, 19h54mn 28s<br>
> Objet : Re: Re : [syslog-ng] Syslogd + Syslog-ng<br>
><br>
> The syslogd is correctly configured with *.* @server,<br>
> I can say this because the following command is logging at server.<br>
> tcpdump -nn -i re0 host "machine" and udp port 514<br>
><br>
> The problem is that in some machines I can't install syslog-ng, so<br>
> these machines have to send their logs through syslogd to the
server<br>
> that is using the syslog-ng.<br>
> Any help?<br>
><br>
> > First of all I'm not sure that with *.* your syslogd is able
to work,<br>
> > you might user *.debug in order to log all messages from
debug to the<br>
> > maximal level of logging. Secondly if your computer or server
is in a<br>
> > domain you might test the remote logging as<br>
> > *.debug @server.domain_name<br>
> ><br>
> > ----- Message d'origine ----<br>
> > De : Leandro Ferreira da Silva <<a rel="nofollow" ymailto="mailto:ferreira@iqm.unicamp.br" target="_blank" href="mailto:ferreira@iqm.unicamp.br">ferreira@iqm.unicamp.br</a> <br>
> <mailto:<a rel="nofollow" ymailto="mailto:ferreira@iqm.unicamp.br" target="_blank" href="mailto:ferreira@iqm.unicamp.br">ferreira@iqm.unicamp.br</a>>><br>
> > À : <a rel="nofollow" ymailto="mailto:syslog-ng@lists.balabit.hu" target="_blank" href="mailto:syslog-ng@lists.balabit.hu">syslog-ng@lists.balabit.hu</a>
<mailto:<a rel="nofollow" ymailto="mailto:syslog-ng@lists.balabit.hu" target="_blank" href="mailto:syslog-ng@lists.balabit.hu">syslog-ng@lists.balabit.hu</a>><br>
> > Envoyé le : Mardi, 22 Juillet 2008, 0h22mn 35s<br>
> > Objet : [syslog-ng] Syslogd + Syslog-ng<br>
> ><br>
> > Dear Friends.<br>
> ><br>
> > I have some problems.. =P<br>
> > I'm building a log server, I installed the syslog-ng at the
server. The<br>
> > clients has the common syslogd.<br>
> > How Can I do for the syslog-ng receive the messages from
syslogd?<br>
> ><br>
> > The configuration of syslogd.<br>
> > # uncomment this to enable logging to a remote loghost named
loghost<br>
> > *.* @loghost<br>
> ><br>
> > Is this possible?<br>
> > I need to configure of this form, because I can't install and
configure<br>
> > the syslog-ng in all my machines.<br>
> ><br>
> > Thanks for all..<br>
> ><br>
> > Leandro Ferreira<br>
> ><br>
> > <br>
>
______________________________________________________________________________<br>
> > Member info: <a rel="nofollow" target="_blank" href="https://lists.balabit.hu/mailman/listinfo/syslog-ng">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a><br>
> > Documentation:<br>
> > <a rel="nofollow" target="_blank" href="http://www.balabit.com/support/documentation/?product=syslog-ng">http://www.balabit.com/support/documentation/?product=syslog-ng</a><br>
> > FAQ: <a rel="nofollow" target="_blank" href="http://www.campin.net/syslog-ng/faq.html">http://www.campin.net/syslog-ng/faq.html</a><br>
> ><br>
> ><br>
> >
------------------------------------------------------------------------<br>
> > Envoyé avec Yahoo! Mail<br>
> > <br>
> <<a rel="nofollow" target="_blank" href="http://us.rd.yahoo.com/mailuk/taglines/isp/control/*http://us.rd.yahoo.com/evt=52423/*http://fr.docs.yahoo.com/mail/overview/index.html">http://us.rd.yahoo.com/mailuk/taglines/isp/control/*http://us.rd.yahoo.com/evt=52423/*http://fr.docs.yahoo.com/mail/overview/index.html</a>>.<br>
> > Une boite mail plus intelligente.<br>
><br>
><br>
>
------------------------------------------------------------------------<br>
> Envoyé avec Yahoo! Mail <br>
> <<a rel="nofollow" target="_blank" href="http://us.rd.yahoo.com/mailuk/taglines/isp/control/*http://us.rd.yahoo.com/evt=52423/*http://fr.docs.yahoo.com/mail/overview/index.html">http://us.rd.yahoo.com/mailuk/taglines/isp/control/*http://us.rd.yahoo.com/evt=52423/*http://fr.docs.yahoo.com/mail/overview/index.html</a>>.<br>
> Une boite mail plus intelligente. <br><br>
______________________________________________________________________________<br>
Member info: <a rel="nofollow" target="_blank" href="https://lists.balabit.hu/mailman/listinfo/syslog-ng">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a><br>
Documentation: <a rel="nofollow" target="_blank" href="http://www.balabit.com/support/documentation/?product=syslog-ng">http://www.balabit.com/support/documentation/?product=syslog-ng</a><br>
FAQ: <a rel="nofollow" target="_blank" href="http://www.campin.net/syslog-ng/faq.html">http://www.campin.net/syslog-ng/faq.html</a><br><br></div></div></div><br><hr size="1"> Envoyé avec <a rel="nofollow" target="_blank" href="http://us.rd.yahoo.com/mailuk/taglines/isp/control/*http://us.rd.yahoo.com/evt=52423/*http://fr.docs.yahoo.com/mail/overview/index.html">Yahoo!
Mail</a>.<br>
Une boite mail plus intelligente.
<pre><hr size="4" width="90%"><br>______________________________________________________________________________<br>Member info: <a rel="nofollow" class="moz-txt-link-freetext" target="_blank" href="https://lists.balabit.hu/mailman/listinfo/syslog-ng">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a><br>Documentation: <a rel="nofollow" class="moz-txt-link-freetext" target="_blank" href="http://www.balabit.com/support/documentation/?product=syslog-ng">http://www.balabit.com/support/documentation/?product=syslog-ng</a><br>FAQ: <a rel="nofollow" class="moz-txt-link-freetext" target="_blank" href="http://www.campin.net/syslog-ng/faq.html">http://www.campin.net/syslog-ng/faq.html</a><br><br></pre></blockquote><br></div></div></div><br>
<hr size="1">
Envoyé avec <a href="http://us.rd.yahoo.com/mailuk/taglines/isp/control/*http://us.rd.yahoo.com/evt=52423/*http://fr.docs.yahoo.com/mail/overview/index.html">Yahoo! Mail</a>.<br>Une boite mail plus intelligente. </a></body></html>