<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html;charset=ISO-8859-1" http-equiv="Content-Type">
</head>
<body bgcolor="#ffffff" text="#000000">
BoOnSiOnG wrote:
<blockquote
cite="mid:bb92aee11003300133u279ff2cal499eaf2475de53d0@mail.gmail.com"
type="cite">
<pre wrap="">Hi,
Thank you very much, now it works.
another question, by using the same source
source s_tomcat_catalina {
file("/srv/tomcat/logs/catalina.out" flags(no-parse)
default-facility(local3) default-priority(info));
};
if i forward to central loghost via TCP
my config,
destination ds_forward_catalina { tcp("192.168.203.13",
template("$MESSAGE\n")); };
it seems doesn't work, no logs forwarded to the loghost.
</pre>
</blockquote>
<br>
There is no given port number, are you sure that the syslog-ng of
server side is listening on tcp port 514? <br>
Also, if syslog-ng has already sent these logs to the server <span
id="result_box" class="short_text"><span
style="background-color: rgb(255, 255, 255);" title="korábban">previously
and there is no new log, you have to remove
$syslog-ng-dir/var/syslog-ng.persist file to resend them.<br>
<br>
</span></span>You can also check the debug output of syslog-ng:<br>
just start both syslog-ng in debug mode and you may see the problem:
syslog-ng -Fevd<br>
<blockquote
cite="mid:bb92aee11003300133u279ff2cal499eaf2475de53d0@mail.gmail.com"
type="cite">
<pre wrap="">
On Tue, Mar 30, 2010 at 4:03 PM, Zoltán Pallagi <a class="moz-txt-link-rfc2396E" href="mailto:pzolee@balabit.hu"><pzolee@balabit.hu></a> wrote:
</pre>
<blockquote type="cite">
<pre wrap="">Hi,
BoOnSiOnG wrote:
Hi,
my current config,
source s_tomcat_catalina {
file("/srv/tomcat/logs/catalina.out"
default-facility(local3) default-priority(info));
};
In this case, syslog-ng will try to parse every line as a BSD style message
from this file (but they aren't).
Use the flags(no-parse) option:
source s_tomcat_catalina {
file("/srv/tomcat/logs/catalina.out" flags(no-parse)
default-facility(local3) default-priority(info));
};
destination df_local3.info {
file("/var/log/apache2/tomcat_catalina_log", template("$MESSAGE\n"));
};
original log
Mar 30, 2010 3:26:26 AM org.apache.jk.common.ChannelSocket init
INFO: JK: ajp13 listening on /0.0.0.0:8009
Mar 30, 2010 3:26:26 AM org.apache.jk.server.JkMain start
INFO: Jk running ID=0 time=0/15 config=null
Mar 30, 2010 3:26:26 AM org.apache.catalina.startup.Catalina start
INFO: Server startup in 439 ms
the output for tomcat_catalina_out
30, 2010 3:26:26 AM org.apache.jk.common.ChannelSocket init
JK: ajp13 listening on /0.0.0.0:8009
30, 2010 3:26:26 AM org.apache.jk.server.JkMain start
Jk running ID=0 time=0/15 config=null
30, 2010 3:26:26 AM org.apache.catalina.startup.Catalina start
Server startup in 439 ms
Some part of the message was missing, any idea why?
Thanks again.
On Tue, Mar 30, 2010 at 2:58 PM, Alan McKinnon <a class="moz-txt-link-rfc2396E" href="mailto:Alan.McKinnon@is.co.za"><Alan.McKinnon@is.co.za></a>
wrote:
Use a template and $MESSAGE in the destination.
destination d_tomcat_catalina {
file("/path/to/destination/file",
template("$MESSAGE\n") );
};
On Tuesday 30 March 2010 08:52:33 BoOnSiOnG wrote:
Hello all,
Good day, I have configure syslog-ng to checks catalina.out every
second, but syslog-ng will append date time and machine name to the
log, I would like to know is it possible to configure syslog-ng do not
alter the original log?
my config,
source s_tomcat_catalina {
file("/srv/tomcat/logs/catalina.out"
default-facility(local3)
default-priority(info)); };
log output,
Mar 29 21:43:38 forward Mar: 29, 2010 9:43:37 PM
org.apache.coyote.http11.Http11Protocol start
Mar 29 21:43:38 forward INFO: Starting Coyote HTTP/1.1 on http-8080
Mar 29 21:43:38 forward Mar: 29, 2010 9:43:37 PM
org.apache.jk.common.ChannelSocket init
Mar 29 21:43:38 forward INFO: JK: ajp13 listening on /0.0.0.0:8009
Mar 29 21:43:38 forward Mar: 29, 2010 9:43:37 PM
org.apache.jk.server.JkMain start
Mar 29 21:43:38 forward INFO: Jk running ID=0 time=0/14 config=null
Mar 29 21:43:38 forward Mar: 29, 2010 9:43:37 PM
org.apache.catalina.startup.Catalina start
Mar 29 21:43:38 forward INFO: Server startup in 428 ms
Thanks. :)
___________________________________________________________________________
___ Member info: <a class="moz-txt-link-freetext" href="https://lists.balabit.hu/mailman/listinfo/syslog-ng">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a>
Documentation:
<a class="moz-txt-link-freetext" href="http://www.balabit.com/support/documentation/?product=syslog-ng">http://www.balabit.com/support/documentation/?product=syslog-ng</a> FAQ:
<a class="moz-txt-link-freetext" href="http://www.campin.net/syslog-ng/faq.html">http://www.campin.net/syslog-ng/faq.html</a>
--
Alan McKinnon
Systems Engineer^W Technician
Infrastructure Services
Internet Solutions
+27 11 575 7585
Please note: This email and its content are subject to the disclaimer as
displayed at the following link
<a class="moz-txt-link-freetext" href="http://www.is.co.za/legal/E-mail+Confidentiality+Notice+and+Disclaimer.htm">http://www.is.co.za/legal/E-mail+Confidentiality+Notice+and+Disclaimer.htm</a>.
Should you not have Web access, send a mail to <a class="moz-txt-link-abbreviated" href="mailto:disclaimers@is.co.za">disclaimers@is.co.za</a> and a
copy will be emailed to you.
______________________________________________________________________________
Member info: <a class="moz-txt-link-freetext" href="https://lists.balabit.hu/mailman/listinfo/syslog-ng">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a>
Documentation:
<a class="moz-txt-link-freetext" href="http://www.balabit.com/support/documentation/?product=syslog-ng">http://www.balabit.com/support/documentation/?product=syslog-ng</a>
FAQ: <a class="moz-txt-link-freetext" href="http://www.campin.net/syslog-ng/faq.html">http://www.campin.net/syslog-ng/faq.html</a>
______________________________________________________________________________
Member info: <a class="moz-txt-link-freetext" href="https://lists.balabit.hu/mailman/listinfo/syslog-ng">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a>
Documentation:
<a class="moz-txt-link-freetext" href="http://www.balabit.com/support/documentation/?product=syslog-ng">http://www.balabit.com/support/documentation/?product=syslog-ng</a>
FAQ: <a class="moz-txt-link-freetext" href="http://www.campin.net/syslog-ng/faq.html">http://www.campin.net/syslog-ng/faq.html</a>
--
pzolee
</pre>
</blockquote>
<pre wrap=""><!---->______________________________________________________________________________
Member info: <a class="moz-txt-link-freetext" href="https://lists.balabit.hu/mailman/listinfo/syslog-ng">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a>
Documentation: <a class="moz-txt-link-freetext" href="http://www.balabit.com/support/documentation/?product=syslog-ng">http://www.balabit.com/support/documentation/?product=syslog-ng</a>
FAQ: <a class="moz-txt-link-freetext" href="http://www.campin.net/syslog-ng/faq.html">http://www.campin.net/syslog-ng/faq.html</a>
</pre>
</blockquote>
<br>
<br>
<pre class="moz-signature" cols="72">--
pzolee
</pre>
</body>
</html>