<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html;charset=ISO-8859-1" http-equiv="Content-Type">
</head>
<body bgcolor="#ffffff" text="#000000">
The configuration is the standart, I only do the follow changes.<br>
<br>
# sources<br>
source src { unix-dgram("/var/run/log");<br>
unix-dgram("/var/run/logpriv" perm(0600));<br>
udp(); internal(); file("/dev/klog"); };<br>
<br>
I add this,<br>
source r_src { udp(ip("<b>client.domain</b>") port(514)); };<br>
<br>
I add this,<br>
destination gafanhoto_messages { file("/var/log/gafanhoto/messages"
owner("root") group("wheel") perm(0640)); };<br>
<br>
I add this,<br>
log { source(r_src); destination(gafanhoto_messages); };<br>
<br>
When I start the syslog-ng..<br>
scorpion# /usr/local/etc/rc.d/syslog-ng start<br>
Starting syslog_ng.<br>
Error binding socket; addr='AF_INET(<b>client.domain</b>:514)',
error='Can\'t assign requested address (49)'<br>
Error initializing source driver; source='r_src'<br>
<br>
<blockquote cite="mid:236224.16181.qm@web27801.mail.ukl.yahoo.com"
type="cite">
<style type="text/css"><!-- DIV {margin:0px;} --></style>
<div
style="font-family: times new roman,new york,times,serif; font-size: 12pt;">
<div>Could you send us a partial copy of your syslog-ng configuration?<br>
</div>
<div
style="font-family: times new roman,new york,times,serif; font-size: 12pt;"><br>
<div style="font-family: arial,helvetica,sans-serif; font-size: 13px;">-----
Message d'origine ----<br>
De : Leandro Ferreira da Silva <a class="moz-txt-link-rfc2396E" href="mailto:ferreira@iqm.unicamp.br"><ferreira@iqm.unicamp.br></a><br>
À : <a class="moz-txt-link-abbreviated" href="mailto:syslog-ng@lists.balabit.hu">syslog-ng@lists.balabit.hu</a><br>
Envoyé le : Mardi, 22 Juillet 2008, 21h35mn 02s<br>
Objet : Re: [syslog-ng] Re : Re : Syslogd + Syslog-ng<br>
<br>
The messages is send to server, the problem is the server that can't <br>
take the messages.<br>
I'm using FreeBSD 7.0 release.<br>
> You can try to launch syslogd in the debug mode and look if your <br>
> messages from the client are really rend to the syslog-ng server.<br>
> What OS do you use?<br>
> ----- Message d'origine ----<br>
> De : Leandro Ferreira da Silva <<a moz-do-not-send="true"
ymailto="mailto:ferreira@iqm.unicamp.br"
href="mailto:ferreira@iqm.unicamp.br">ferreira@iqm.unicamp.br</a>><br>
> À : "olivier "madmax"rolland" <<a moz-do-not-send="true"
ymailto="mailto:madmax2010fr@yahoo.fr"
href="mailto:madmax2010fr@yahoo.fr">madmax2010fr@yahoo.fr</a>><br>
> Envoyé le : Mardi, 22 Juillet 2008, 19h54mn 28s<br>
> Objet : Re: Re : [syslog-ng] Syslogd + Syslog-ng<br>
><br>
> The syslogd is correctly configured with *.* @server,<br>
> I can say this because the following command is logging at server.<br>
> tcpdump -nn -i re0 host "machine" and udp port 514<br>
><br>
> The problem is that in some machines I can't install syslog-ng, so<br>
> these machines have to send their logs through syslogd to the
server<br>
> that is using the syslog-ng.<br>
> Any help?<br>
><br>
> > First of all I'm not sure that with *.* your syslogd is able
to work,<br>
> > you might user *.debug in order to log all messages from
debug to the<br>
> > maximal level of logging. Secondly if your computer or server
is in a<br>
> > domain you might test the remote logging as<br>
> > *.debug @server.domain_name<br>
> ><br>
> > ----- Message d'origine ----<br>
> > De : Leandro Ferreira da Silva <<a moz-do-not-send="true"
ymailto="mailto:ferreira@iqm.unicamp.br"
href="mailto:ferreira@iqm.unicamp.br">ferreira@iqm.unicamp.br</a> <br>
> <mailto:<a moz-do-not-send="true"
ymailto="mailto:ferreira@iqm.unicamp.br"
href="mailto:ferreira@iqm.unicamp.br">ferreira@iqm.unicamp.br</a>>><br>
> > À : <a moz-do-not-send="true"
ymailto="mailto:syslog-ng@lists.balabit.hu"
href="mailto:syslog-ng@lists.balabit.hu">syslog-ng@lists.balabit.hu</a>
<mailto:<a moz-do-not-send="true"
ymailto="mailto:syslog-ng@lists.balabit.hu"
href="mailto:syslog-ng@lists.balabit.hu">syslog-ng@lists.balabit.hu</a>><br>
> > Envoyé le : Mardi, 22 Juillet 2008, 0h22mn 35s<br>
> > Objet : [syslog-ng] Syslogd + Syslog-ng<br>
> ><br>
> > Dear Friends.<br>
> ><br>
> > I have some problems.. =P<br>
> > I'm building a log server, I installed the syslog-ng at the
server. The<br>
> > clients has the common syslogd.<br>
> > How Can I do for the syslog-ng receive the messages from
syslogd?<br>
> ><br>
> > The configuration of syslogd.<br>
> > # uncomment this to enable logging to a remote loghost named
loghost<br>
> > *.* @loghost<br>
> ><br>
> > Is this possible?<br>
> > I need to configure of this form, because I can't install and
configure<br>
> > the syslog-ng in all my machines.<br>
> ><br>
> > Thanks for all..<br>
> ><br>
> > Leandro Ferreira<br>
> ><br>
> > <br>
>
______________________________________________________________________________<br>
> > Member info: <a moz-do-not-send="true"
href="https://lists.balabit.hu/mailman/listinfo/syslog-ng"
target="_blank">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a><br>
> > Documentation:<br>
> > <a moz-do-not-send="true"
href="http://www.balabit.com/support/documentation/?product=syslog-ng"
target="_blank">http://www.balabit.com/support/documentation/?product=syslog-ng</a><br>
> > FAQ: <a moz-do-not-send="true"
href="http://www.campin.net/syslog-ng/faq.html" target="_blank">http://www.campin.net/syslog-ng/faq.html</a><br>
> ><br>
> ><br>
> >
------------------------------------------------------------------------<br>
> > Envoyé avec Yahoo! Mail<br>
> > <br>
> <<a moz-do-not-send="true"
href="http://us.rd.yahoo.com/mailuk/taglines/isp/control/*http://us.rd.yahoo.com/evt=52423/*http://fr.docs.yahoo.com/mail/overview/index.html"
target="_blank">http://us.rd.yahoo.com/mailuk/taglines/isp/control/*http://us.rd.yahoo.com/evt=52423/*http://fr.docs.yahoo.com/mail/overview/index.html</a>>.<br>
> > Une boite mail plus intelligente.<br>
><br>
><br>
>
------------------------------------------------------------------------<br>
> Envoyé avec Yahoo! Mail <br>
> <<a moz-do-not-send="true"
href="http://us.rd.yahoo.com/mailuk/taglines/isp/control/*http://us.rd.yahoo.com/evt=52423/*http://fr.docs.yahoo.com/mail/overview/index.html"
target="_blank">http://us.rd.yahoo.com/mailuk/taglines/isp/control/*http://us.rd.yahoo.com/evt=52423/*http://fr.docs.yahoo.com/mail/overview/index.html</a>>.<br>
> Une boite mail plus intelligente. <br>
<br>
______________________________________________________________________________<br>
Member info: <a moz-do-not-send="true"
href="https://lists.balabit.hu/mailman/listinfo/syslog-ng"
target="_blank">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a><br>
Documentation: <a moz-do-not-send="true"
href="http://www.balabit.com/support/documentation/?product=syslog-ng"
target="_blank">http://www.balabit.com/support/documentation/?product=syslog-ng</a><br>
FAQ: <a moz-do-not-send="true"
href="http://www.campin.net/syslog-ng/faq.html" target="_blank">http://www.campin.net/syslog-ng/faq.html</a><br>
<br>
</div>
</div>
</div>
<br>
<hr size="1"> Envoyé avec <a moz-do-not-send="true"
href="http://us.rd.yahoo.com/mailuk/taglines/isp/control/*http://us.rd.yahoo.com/evt=52423/*http://fr.docs.yahoo.com/mail/overview/index.html">Yahoo!
Mail</a>.<br>
Une boite mail plus intelligente.
<pre wrap="">
<hr size="4" width="90%">
______________________________________________________________________________
Member info: <a class="moz-txt-link-freetext" href="https://lists.balabit.hu/mailman/listinfo/syslog-ng">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a>
Documentation: <a class="moz-txt-link-freetext" href="http://www.balabit.com/support/documentation/?product=syslog-ng">http://www.balabit.com/support/documentation/?product=syslog-ng</a>
FAQ: <a class="moz-txt-link-freetext" href="http://www.campin.net/syslog-ng/faq.html">http://www.campin.net/syslog-ng/faq.html</a>
</pre>
</blockquote>
<br>
</body>
</html>