<br>Thanks for pointing that out.. I did find the correct door file:<br><span style="font-family: courier new,monospace;">Drw-r--r-- 1 root root 0 Jul 21 09:36 /var/run/syslog_door</span><br><br>I fixed the config and bounced syslog-ng but still not getting any log messages.. Looking at the stats I do see where there are logs coming from the internal() source:<br>
<span style="font-family: courier new,monospace;">'source(s_internal)=6', processed='center(queued)=0', processed='destination(l_internal)=6'</span><br style="font-family: courier new,monospace;"><span style="font-family: courier new,monospace;">Jul 21 09:34:56 asglogpup01 syslog-ng[8865]: Log statistics; processed='center(received)=0', processed='destination(l_messages)=0', processed='source(s_streams)=26', processed='src.internal(s_internal#0)=8', stamp='src.internal(s_internal#0)=1279729796', processed='source(s_internal)=8', processed='center(queued)=0', processed='destination(l_internal)=8'</span><br>
<br>Anyone have any ideas?<br><br>Thx,<br>CC<br><br><div class="gmail_quote">On Wed, Jul 21, 2010 at 9:29 AM, Patrick H. <span dir="ltr"><<a href="mailto:syslogng@feystorm.net">syslogng@feystorm.net</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">
<div bgcolor="#ffffff" text="#0050d0">
<font size="-1"><font face="Helvetica, Arial, sans-serif">I had to set
up some solaris boxes several months ago with syslog and had trouble
getting the exact config as well. Unfortunately those boxes are now
gone so I cant pull the configuration off them, but I do know that
/etc/.syslog_door was not the door file. I believe it was
/var/run/syslog_door</font></font><br>
<br>
Sent: Wednesday, July 21, 2010 10:11:41 AM<br>
From: Chuck <a href="mailto:chuck.carson@gmail.com" target="_blank"><chuck.carson@gmail.com></a><br>
To: Syslog-ng users' and developers' mailing list
<a href="mailto:syslog-ng@lists.balabit.hu" target="_blank"><syslog-ng@lists.balabit.hu></a> <br>
Subject: [syslog-ng] Messages Not Getting Logged
<blockquote type="cite"><div><div></div><div class="h5"><span style="font-family: courier new,monospace;">Hello,</span><br style="font-family: courier new,monospace;">
<br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">I am using the
sunfreeware build of syslog-ng 3.04 on a Solaris 10 Update 8 system:</span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">syslog-ng 3.0.4</span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">Revision:
<a href="mailto:ssh+git://bazsi@git.balabit//var/scm/git/syslog-ng/syslog-ng-ose--mainline--3.0#master%231b5d618e301ad94aa20e692ffba16469dece8d10" target="_blank">ssh+git://bazsi@git.balabit//var/scm/git/syslog-ng/syslog-ng-ose--mainline--3.0#master#1b5d618e301ad94aa20e692ffba16469dece8d10</a></span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">Compile-Date: Sep
2 2009 05:14:23</span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">Enable-Threads: off</span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">Enable-Debug: off</span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">Enable-GProf: off</span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">Enable-Memtrace: off</span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">Enable-Sun-STREAMS:
on</span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">Enable-Sun-Door: on</span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">Enable-IPv6: on</span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">Enable-Spoof-Source:
on</span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">Enable-TCP-Wrapper:
off</span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">Enable-SSL: on</span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">Enable-SQL: off</span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">Enable-Linux-Caps:
off</span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">Enable-Pcre: on</span><br style="font-family: courier new,monospace;">
<br>
My internal() source is working but the sun-streams source is not.<br>
<br>
<br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">Here are my options:</span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">options {</span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">
use_fqdn(no);</span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">
flush_lines(0);</span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">
dir_perm(0755);</span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">
dir_group(sysadmin);</span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">
dir_owner(root);</span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">
perm(0644);</span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">
stats_freq(300);</span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">
use_dns(no);</span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">
create_dirs(yes);</span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">
time_reopen(10); </span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;"> };</span><br style="font-family: courier new,monospace;">
<br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">Here are my sources:</span><br style="font-family: courier new,monospace;">
<br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">source
s_internal { internal(); };</span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">source
s_udp { udp(); };</span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">source
s_tcp { tcp(); };</span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">source
s_streams { sun-streams ("/dev/log" door("/etc/.syslog_door"));
};</span><br style="font-family: courier new,monospace;">
<br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">Here are my filters
so far:</span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;"># Level Filters</span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">filter f_emerg {
level (emerg); };</span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">filter f_alert {
level (alert .. emerg); };</span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">filter f_crit {
level (crit .. emerg); };</span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">filter f_err {
level (err .. emerg); };</span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">filter f_warning {
level (warning .. emerg); };</span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">filter f_notice {
level (notice .. emerg); };</span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">filter f_info {
level (info .. emerg); };</span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">filter f_debug {
level (debug .. emerg); };</span><br style="font-family: courier new,monospace;">
<br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;"># Facility Filters</span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">filter f_kern {
facility (kern); };</span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">filter f_user {
facility (user); };</span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">filter f_mail {
facility (mail); };</span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">filter f_daemon {
facility (daemon); };</span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">filter f_auth {
facility (auth); };</span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">filter f_syslog {
facility (syslog); };</span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">filter f_lpr {
facility (lpr); };</span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">filter f_news {
facility (news); };</span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">filter f_uucp {
facility (uucp); };</span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">filter f_cron {
facility (cron); };</span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">filter f_local0 {
facility (local0); };</span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">filter f_local1 {
facility (local1); };</span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">filter f_local2 {
facility (local2); };</span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">filter f_local3 {
facility (local3); };</span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">filter f_local4 {
facility (local4); };</span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">filter f_local5 {
facility (local5); };</span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">filter f_local6 {
facility (local6); };</span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">filter f_local7 {
facility (local7); };</span><br style="font-family: courier new,monospace;">
<br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">Here are my
destinations so far:</span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;"># Destinations:
local files, the console, and the client files</span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">destination
l_internal { file ("/var/adm/syslog-ng"); };</span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">destination
l_authlog { file ("/var/log/authlog"); };</span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">destination
l_messages { file ("/var/log/messages"); };</span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">destination
l_maillog { file ("/var/log/maillog"); };</span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">destination
l_ipflog { file ("/var/log/ipflog"); };</span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">destination
l_imaplog { file ("/var/log/imaplog"); };</span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">destination
l_syslog { file ("/var/log/syslog"); };</span><br style="font-family: courier new,monospace;">
<br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">destination
l_console { file ("/dev/console"); };</span><br style="font-family: courier new,monospace;">
<br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">Here are my log
statements:</span><br style="font-family: courier new,monospace;">
<br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">log { source
(s_internal); destination (l_internal); };</span> # <==== this
one is working<br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">log { source
(s_streams); filter (f_kern); filter (f_debug); destination
(l_messages); };</span> #<====== this on is not working<br style="font-family: courier new,monospace;">
<br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">I have tried the
following logger tests and am not getting anything logged:</span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">logger -p
kern.debug "some message"</span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">logger -p kern.crit
"some message"</span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">logger -p <a href="http://kern.info" target="_blank">kern.info</a> "some
message"</span><br style="font-family: courier new,monospace;">
<br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">I have restarted
syslog-ng and ensured that it is using my most recent syslog-ng.conf
file.</span><br>
<br style="font-family: courier new,monospace;">
<br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">Thanks for any help,</span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">CC</span><br style="font-family: courier new,monospace;">
</div></div><pre><hr width="90%" size="4">
______________________________________________________________________________
Member info: <a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" target="_blank">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a>
Documentation: <a href="http://www.balabit.com/support/documentation/?product=syslog-ng" target="_blank">http://www.balabit.com/support/documentation/?product=syslog-ng</a>
FAQ: <a href="http://www.campin.net/syslog-ng/faq.html" target="_blank">http://www.campin.net/syslog-ng/faq.html</a>
</pre>
</blockquote>
</div>
<br>______________________________________________________________________________<br>
Member info: <a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" target="_blank">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a><br>
Documentation: <a href="http://www.balabit.com/support/documentation/?product=syslog-ng" target="_blank">http://www.balabit.com/support/documentation/?product=syslog-ng</a><br>
FAQ: <a href="http://www.campin.net/syslog-ng/faq.html" target="_blank">http://www.campin.net/syslog-ng/faq.html</a><br>
<br>
<br></blockquote></div><br>