<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html;charset=ISO-8859-1" http-equiv="Content-Type">
</head>
<body bgcolor="#ffffff" text="#000000">
<br>
andip írta:
<blockquote cite="mid:20091215113147.434931C0B1@mail.balabit.hu"
type="cite">
<pre wrap="">Hi,
You're right i got the syslog filter, but not destination. i changed that to
_syslog, and as i started syslog-ng again, i got syntax-errors on different
lines. i fixed the lines one after the other (see comments in config file in
original mail). the last error that i could not get past was on line 35,
which is the first filter-line in my config-file.
</pre>
</blockquote>
double quote is missing from filter:<br>
- filter aplog { host (10.20.); };<br>
+ filter aplog { host ("10.20."); };<br>
<br>
<blockquote cite="mid:20091215113147.434931C0B1@mail.balabit.hu"
type="cite">
<pre wrap="">
so since syslog-ng exited with syntax-error, and it reports it being line 35,
i felt sure it had to do with that line, though ofc i can be wrong as i'm an
amateur. i am ofc aware there are/might be errors further down in the
config-file.
i'd very much like to be certain though, before i re-install version 3.0.4
again.
could you please confirm for me that you're aware of this before i try out
your suggested solution?
</pre>
</blockquote>
There is my solution, it worked for me:<br>
<br>
@@ -28,8 +28,7 @@<br>
destination ipflog { file ("/var/log/ipflog"); };<br>
destination imaplog { file ("/var/log/imaplog"); };<br>
destination console { file ("/dev/console"); };<br>
-destination syslog { file ("/var/log/syslog"); }; ###
changed<br>
-to _syslog<br>
+destination _syslog { file ("/var/log/syslog"); }; ###
changedto _syslog<br>
destination komm { file
("/var/log/fwlogs/kommunikasjon-context.log");<br>
};<br>
destination asa { file ("/var/log/fwlogs/asa.log"); };<br>
@@ -47,8 +46,7 @@<br>
destination wifi { file ("/var/log/fwlogs/wifi-context.log"); };<br>
destination aplog { file ("/var/log/aplog/aplog.txt"); };<br>
<br>
-filter aplog { host (10.20.); }; ### this line caused the<br>
-syntax error (line 35)<br>
+filter aplog { host ("10.20."); }; <br>
filter gje { host (10.8.30.28); };<br>
filter nes { host (10.8.30.20); };<br>
filter ull { host (10.8.30.36); };<br>
@@ -75,7 +73,7 @@<br>
filter mail { facility (mail); };<br>
filter daemon { facility (daemon); };<br>
filter auth { facility (auth); };<br>
-filter syslog { facility (syslog); };<br>
+filter _syslog { facility (syslog); };<br>
filter lpr { facility (lpr); };<br>
filter news { facility (news); };<br>
filter uucp { facility (uucp); };<br>
@@ -103,7 +101,7 @@<br>
log { source (sys); filter (mail); destination (maillog); };<br>
#log { source (sys); filter (local0); destination (ipflog); };<br>
#log { source (sys); filter (local1); destination (imaplog); };<br>
-log { source (sys); filter (syslog); destination (syslog); };<br>
+log { source (sys); filter (_syslog); destination (_syslog); };<br>
log { source (sys); filter (emerg); filter (user_none);<br>
destination (console); };<br>
log { source (sys); filter (mesg); filter (user_none);<br>
<br>
<br>
and of course you also have to check the warnings after starting. If
everything is all right put "@version: 3.0" line on the top of your
config.<br>
<blockquote cite="mid:20091215113147.434931C0B1@mail.balabit.hu"
type="cite">
<pre wrap="">
cheers
andip
----- Original Message -----
From: Pallagi Zoltán <a class="moz-txt-link-rfc2396E" href="mailto:pzolee@balabit.hu"><pzolee@balabit.hu></a>
To: Syslog-ng users' and developers' mailing list
<a class="moz-txt-link-rfc2396E" href="mailto:syslog-ng@lists.balabit.hu"><syslog-ng@lists.balabit.hu></a>, <a class="moz-txt-link-abbreviated" href="mailto:andip@syndig.com">andip@syndig.com</a>
Sent: Tue, 15 Dec 2009 10:43:10 +0100
Subject: Re: [syslog-ng] syntax error in config-file
</pre>
<blockquote type="cite">
<pre wrap="">Hi,
In syslog-ng 3.0, "syslog" became a reserved word and you have a
destination and a filter called "syslog" in your config.
Please rename them and it will work
andip írta:
</pre>
<blockquote type="cite">
<pre wrap="">Hi folks,
I just tried updating syslog-ng to version 3.0.4, from 2.1.4. i use the
gentoo linux-distro, and the new version came into "stable" gentoo a few
</pre>
</blockquote>
<pre wrap="">days
</pre>
<blockquote type="cite">
<pre wrap="">ago.
I'm no syslog-ng expert, but i use it to log quite a few things, so my
config-file it not default.
I've read a bit in the admin-guide, but did not find any reason to my
problem.
i've tried converting my 2.1.4 config-file to the new 3.0.4 version, with
</pre>
</blockquote>
</blockquote>
<pre wrap=""><!---->
</pre>
<blockquote type="cite">
<pre wrap="">no
</pre>
<blockquote type="cite">
<pre wrap="">success. this is parts of my old config-file. ### are comments made to
reflect changes i made for v2 -> v3 conversion
</pre>
</blockquote>
</blockquote>
<pre wrap=""><!---->----------------------------------------------------------------------------
</pre>
<blockquote type="cite">
<blockquote type="cite">
<pre wrap="">options {
chain_hostnames(off); ### changed this to "no"
sync(0); ### changed this to "flush_lines"
time_sleep(20);
log_fifo_size (2048);
create_dirs (yes);
perm (0640);
dir_perm (0750);
stats(43200); ### changed this to "stats_freq"
owner (syslogger);
group (syslogger);
perm (0664);
};
source sys {
unix-stream("/dev/log" max-connections(256));
internal();
file("/proc/kmsg");
};
source net { udp(); };
destination clients { file ("/var/log/fwlogs/netclients/$HOST"); };
destination console_all { file ("/dev/tty12"); };
destination authlog { file ("/var/log/authlog"); };
destination messages { file ("/var/log/messages"); };
destination maillog { file ("/var/log/maillog"); };
destination ipflog { file ("/var/log/ipflog"); };
destination imaplog { file ("/var/log/imaplog"); };
destination console { file ("/dev/console"); };
destination syslog { file ("/var/log/syslog"); }; ### changed
</pre>
</blockquote>
<pre wrap="">to _syslog
</pre>
<blockquote type="cite">
<pre wrap="">
</pre>
</blockquote>
<blockquote type="cite">
<pre wrap="">destination komm { file ("/var/log/fwlogs/kommunikasjon-context.log");
</pre>
</blockquote>
</blockquote>
<pre wrap=""><!---->
</pre>
<blockquote type="cite">
<blockquote type="cite">
<pre wrap="">};
destination asa { file ("/var/log/fwlogs/asa.log"); };
destination edb { file ("/var/log/fwlogs/edb-pix.log"); };
destination gje { file ("/var/log/fwlogs/gjerdrum.log"); };
destination nes { file ("/var/log/fwlogs/nes.log"); };
destination ull { file ("/var/log/fwlogs/ullensaker.log"); };
destination hur { file ("/var/log/fwlogs/hurdal.log"); };
destination eid { file ("/var/log/fwlogs/eidsvoll.log"); };
destination nan { file ("/var/log/fwlogs/nannestad.log"); };
destination datas { file ("/var/log/fwlogs/datasenter-context.log"); };
</pre>
</blockquote>
</blockquote>
<pre wrap=""><!---->
</pre>
<blockquote type="cite">
<blockquote type="cite">
<pre wrap="">destination mgmt { file ("/var/log/fwlogs/management-context.log"); };
</pre>
</blockquote>
</blockquote>
<pre wrap=""><!---->
</pre>
<blockquote type="cite">
<blockquote type="cite">
<pre wrap="">destination wifi { file ("/var/log/fwlogs/wifi-context.log"); };
destination aplog { file ("/var/log/aplog/aplog.txt"); };
filter aplog { host (10.20.); }; ### this line caused
</pre>
</blockquote>
</blockquote>
<pre wrap=""><!---->the
</pre>
<blockquote type="cite">
<blockquote type="cite">
<pre wrap="">syntax error (line 35)
filter gje { host (10.8.30.28); };
filter nes { host (10.8.30.20); };
filter ull { host (10.8.30.36); };
filter hur { host (10.8.30.12); };
filter eid { host (10.8.30.44); };
filter nan { host (10.8.30.52); };
filter datas { host (10.8.0.1); };
filter mgmt { host (10.8.30.60); };
filter wifi { host (10.8.30.92); };
filter asa { host (ASA-R111); };
filter komm { host (10.8.30.76); };
filter edb { host (edb-pix); };
filter emerg { level (emerg); };
filter alert { level (alert .. emerg); };
filter crit { level (crit .. emerg); };
filter err { level (err .. emerg); };
filter warning { level (warning .. emerg); };
filter notice { level (notice .. emerg); };
filter info { level (info .. emerg); };
filter debug { level (debug .. emerg); };
filter kern { facility (kern); };
filter user { facility (user); };
filter mail { facility (mail); };
filter daemon { facility (daemon); };
filter auth { facility (auth); };
filter syslog { facility (syslog); };
filter lpr { facility (lpr); };
filter news { facility (news); };
filter uucp { facility (uucp); };
filter cron { facility (cron); };
#filter local0 { facility (local0); };
#filter local1 { facility (local1); };
#filter local2 { facility (local2); };
#filter local3 { facility (local3); };
#filter local4 { facility (local4); };
#filter local5 { facility (local5); };
#filter local6 { facility (local6); };
#filter local7 { facility (local7); };
filter user_none { not facility (user); };
filter kern_debug { filter (kern) and filter (debug); };
filter daemon_notice { filter (daemon) and filter (notice); };
filter mail_crit { filter (mail) and filter (crit); };
filter mesg { filter (kern_debug) or
filter (daemon_notice) or
filter (mail_crit); };
filter authinfo { filter (auth) or program (sudo); };
log { source (sys); destination(messages); };
log { source (sys); destination(console_all); };
log { source (sys); filter (authinfo); destination (authlog); };
log { source (sys); filter (mail); destination (maillog); };
#log { source (sys); filter (local0); destination (ipflog); };
#log { source (sys); filter (local1); destination (imaplog); };
log { source (sys); filter (syslog); destination (syslog); };
log { source (sys); filter (emerg); filter (user_none);
destination (console); };
log { source (sys); filter (mesg); filter (user_none);
destination (messages); };
log { source (net); destination (clients); };
log { source (net); filter (komm); destination (komm); };
log { source (net); filter (asa); destination (asa); };
log { source (net); filter (mgmt); destination (mgmt); };
log { source (net); filter (wifi); destination (wifi); };
log { source (net); filter (datas); destination (datas); };
log { source (net); filter (wifi); destination (wifi); };
log { source (net); filter (gje); destination (gje); };
log { source (net); filter (nan); destination (nan); };
log { source (net); filter (ull); destination (ull); };
log { source (net); filter (hur); destination (hur); };
log { source (net); filter (eid); destination (eid); };
log { source (net); filter (nes); destination (nes); };
log { source (net); filter (edb); destination (edb); };
log { source (net); filter (aplog); destination (aplog); };
#log { source (net); filter (komm); destination (komm); };
----------------------------------------------------------------------
This is the error i got :
syntax error in /etc/syslog-ng/syslog-ng.conf at line 35.
syslog-ng documentation:
<a class="moz-txt-link-freetext" href="http://www.balabit.com/support/documentation/?product=syslog-ng">http://www.balabit.com/support/documentation/?product=syslog-ng</a>
mailing list: <a class="moz-txt-link-freetext" href="https://lists.balabit.hu/mailman/listinfo/syslog-ng">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a>
</pre>
</blockquote>
</blockquote>
<pre wrap=""><!---->
</pre>
<blockquote type="cite">
<blockquote type="cite">
<pre wrap="">
* Configuration error. Please fix your configfile
(/etc/syslog-ng/syslog-ng.conf)
It is not a very big deal at the moment, as i've reverted back to version
</pre>
</blockquote>
</blockquote>
<pre wrap=""><!---->
</pre>
<blockquote type="cite">
<blockquote type="cite">
<pre wrap="">2.1.4, but i'd like to keep my system current, and somewhat up to date.
</pre>
</blockquote>
<pre wrap="">this
</pre>
<blockquote type="cite">
<pre wrap="">server's main function is as a syslogger for a few firewalls though, so i
</pre>
</blockquote>
</blockquote>
<pre wrap=""><!---->
</pre>
<blockquote type="cite">
<blockquote type="cite">
<pre wrap="">cannot leave it unable to log for long.
hope someone can help.
cheers
andip
</pre>
</blockquote>
</blockquote>
<pre wrap=""><!---->_____________________________________________________________________________
</pre>
<blockquote type="cite">
<pre wrap="">_
</pre>
<blockquote type="cite">
<pre wrap="">Member info: <a class="moz-txt-link-freetext" href="https://lists.balabit.hu/mailman/listinfo/syslog-ng">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a>
Documentation:
</pre>
</blockquote>
<pre wrap=""><a class="moz-txt-link-freetext" href="http://www.balabit.com/support/documentation/?product=syslog-ng">http://www.balabit.com/support/documentation/?product=syslog-ng</a>
</pre>
<blockquote type="cite">
<pre wrap="">FAQ: <a class="moz-txt-link-freetext" href="http://www.campin.net/syslog-ng/faq.html">http://www.campin.net/syslog-ng/faq.html</a>
</pre>
</blockquote>
</blockquote>
</blockquote>
<br>
</body>
</html>