<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html;charset=ISO-8859-1" http-equiv="Content-Type">
</head>
<body bgcolor="#ffffff" text="#0050d0">
<font size="-1"><font face="Helvetica, Arial, sans-serif">I had to set
up some solaris boxes several months ago with syslog and had trouble
getting the exact config as well. Unfortunately those boxes are now
gone so I cant pull the configuration off them, but I do know that
/etc/.syslog_door was not the door file. I believe it was
/var/run/syslog_door</font></font><br>
<br>
Sent: Wednesday, July 21, 2010 10:11:41 AM<br>
From: Chuck <a class="moz-txt-link-rfc2396E" href="mailto:chuck.carson@gmail.com"><chuck.carson@gmail.com></a><br>
To: Syslog-ng users' and developers' mailing list
<a class="moz-txt-link-rfc2396E" href="mailto:syslog-ng@lists.balabit.hu"><syslog-ng@lists.balabit.hu></a> <br>
Subject: [syslog-ng] Messages Not Getting Logged
<blockquote
cite="mid:AANLkTiksobk8jwLpmfNLU6o8e_XUU6_e-Inohk5EjmwP@mail.gmail.com"
type="cite"><span style="font-family: courier new,monospace;">Hello,</span><br
style="font-family: courier new,monospace;">
<br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">I am using the
sunfreeware build of syslog-ng 3.04 on a Solaris 10 Update 8 system:</span><br
style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">syslog-ng 3.0.4</span><br
style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">Revision:
<a class="moz-txt-link-abbreviated" href="mailto:ssh+git://bazsi@git.balabit//var/scm/git/syslog-ng/syslog-ng-ose--mainline--3.0#master#1b5d618e301ad94aa20e692ffba16469dece8d10">ssh+git://bazsi@git.balabit//var/scm/git/syslog-ng/syslog-ng-ose--mainline--3.0#master#1b5d618e301ad94aa20e692ffba16469dece8d10</a></span><br
style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">Compile-Date: Sep
2 2009 05:14:23</span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">Enable-Threads: off</span><br
style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">Enable-Debug: off</span><br
style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">Enable-GProf: off</span><br
style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">Enable-Memtrace: off</span><br
style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">Enable-Sun-STREAMS:
on</span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">Enable-Sun-Door: on</span><br
style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">Enable-IPv6: on</span><br
style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">Enable-Spoof-Source:
on</span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">Enable-TCP-Wrapper:
off</span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">Enable-SSL: on</span><br
style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">Enable-SQL: off</span><br
style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">Enable-Linux-Caps:
off</span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">Enable-Pcre: on</span><br
style="font-family: courier new,monospace;">
<br>
My internal() source is working but the sun-streams source is not.<br>
<br>
<br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">Here are my options:</span><br
style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">options {</span><br
style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">
use_fqdn(no);</span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">
flush_lines(0);</span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">
dir_perm(0755);</span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">
dir_group(sysadmin);</span><br
style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">
dir_owner(root);</span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">
perm(0644);</span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">
stats_freq(300);</span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">
use_dns(no);</span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">
create_dirs(yes);</span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">
time_reopen(10); </span><br
style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;"> };</span><br
style="font-family: courier new,monospace;">
<br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">Here are my sources:</span><br
style="font-family: courier new,monospace;">
<br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">source
s_internal { internal(); };</span><br
style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">source
s_udp { udp(); };</span><br
style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">source
s_tcp { tcp(); };</span><br
style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">source
s_streams { sun-streams ("/dev/log" door("/etc/.syslog_door"));
};</span><br style="font-family: courier new,monospace;">
<br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">Here are my filters
so far:</span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;"># Level Filters</span><br
style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">filter f_emerg {
level (emerg); };</span><br
style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">filter f_alert {
level (alert .. emerg); };</span><br
style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">filter f_crit {
level (crit .. emerg); };</span><br
style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">filter f_err {
level (err .. emerg); };</span><br
style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">filter f_warning {
level (warning .. emerg); };</span><br
style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">filter f_notice {
level (notice .. emerg); };</span><br
style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">filter f_info {
level (info .. emerg); };</span><br
style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">filter f_debug {
level (debug .. emerg); };</span><br
style="font-family: courier new,monospace;">
<br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;"># Facility Filters</span><br
style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">filter f_kern {
facility (kern); };</span><br
style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">filter f_user {
facility (user); };</span><br
style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">filter f_mail {
facility (mail); };</span><br
style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">filter f_daemon {
facility (daemon); };</span><br
style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">filter f_auth {
facility (auth); };</span><br
style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">filter f_syslog {
facility (syslog); };</span><br
style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">filter f_lpr {
facility (lpr); };</span><br
style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">filter f_news {
facility (news); };</span><br
style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">filter f_uucp {
facility (uucp); };</span><br
style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">filter f_cron {
facility (cron); };</span><br
style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">filter f_local0 {
facility (local0); };</span><br
style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">filter f_local1 {
facility (local1); };</span><br
style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">filter f_local2 {
facility (local2); };</span><br
style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">filter f_local3 {
facility (local3); };</span><br
style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">filter f_local4 {
facility (local4); };</span><br
style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">filter f_local5 {
facility (local5); };</span><br
style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">filter f_local6 {
facility (local6); };</span><br
style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">filter f_local7 {
facility (local7); };</span><br
style="font-family: courier new,monospace;">
<br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">Here are my
destinations so far:</span><br
style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;"># Destinations:
local files, the console, and the client files</span><br
style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">destination
l_internal { file ("/var/adm/syslog-ng"); };</span><br
style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">destination
l_authlog { file ("/var/log/authlog"); };</span><br
style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">destination
l_messages { file ("/var/log/messages"); };</span><br
style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">destination
l_maillog { file ("/var/log/maillog"); };</span><br
style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">destination
l_ipflog { file ("/var/log/ipflog"); };</span><br
style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">destination
l_imaplog { file ("/var/log/imaplog"); };</span><br
style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">destination
l_syslog { file ("/var/log/syslog"); };</span><br
style="font-family: courier new,monospace;">
<br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">destination
l_console { file ("/dev/console"); };</span><br
style="font-family: courier new,monospace;">
<br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">Here are my log
statements:</span><br style="font-family: courier new,monospace;">
<br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">log { source
(s_internal); destination (l_internal); };</span> # <==== this
one is working<br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">log { source
(s_streams); filter (f_kern); filter (f_debug); destination
(l_messages); };</span> #<====== this on is not working<br
style="font-family: courier new,monospace;">
<br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">I have tried the
following logger tests and am not getting anything logged:</span><br
style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">logger -p
kern.debug "some message"</span><br
style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">logger -p kern.crit
"some message"</span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">logger -p <a
moz-do-not-send="true" href="http://kern.info">kern.info</a> "some
message"</span><br style="font-family: courier new,monospace;">
<br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">I have restarted
syslog-ng and ensured that it is using my most recent syslog-ng.conf
file.</span><br>
<br style="font-family: courier new,monospace;">
<br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">Thanks for any help,</span><br
style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">CC</span><br
style="font-family: courier new,monospace;">
<pre wrap="">
<hr size="4" width="90%">
______________________________________________________________________________
Member info: <a class="moz-txt-link-freetext" href="https://lists.balabit.hu/mailman/listinfo/syslog-ng">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a>
Documentation: <a class="moz-txt-link-freetext" href="http://www.balabit.com/support/documentation/?product=syslog-ng">http://www.balabit.com/support/documentation/?product=syslog-ng</a>
FAQ: <a class="moz-txt-link-freetext" href="http://www.campin.net/syslog-ng/faq.html">http://www.campin.net/syslog-ng/faq.html</a>
</pre>
</blockquote>
</body>
</html>