<table cellspacing="0" cellpadding="0" border="0" ><tr><td valign="top" style="font: inherit;"><DIV>Dear All,</DIV>
<DIV> </DIV>
<DIV>i am still suffring form the issue in syslog-ng can anyone please review my config file.</DIV>
<DIV> </DIV>
<DIV>And tell me where excatly i need to make changes.</DIV>
<DIV> </DIV>
<DIV>Regards,</DIV>
<DIV>Add <BR><BR>--- On <B>Wed, 10/11/10, Fekete Robert <I><frobert@balabit.hu></I></B> wrote:<BR></DIV>
<BLOCKQUOTE style="BORDER-LEFT: rgb(16,16,255) 2px solid; PADDING-LEFT: 5px; MARGIN-LEFT: 5px"><BR>From: Fekete Robert <frobert@balabit.hu><BR>Subject: Re: [syslog-ng] Not able to recive all syslog messages<BR>To: "Syslog-ng users' and developers' mailing list" <syslog-ng@lists.balabit.hu><BR>Date: Wednesday, 10 November, 2010, 2:52 PM<BR><BR>
<DIV class=plainMail>Hi, you might have to increase your UDP receive buffer (so_recvbuf() option in <BR>syslog-ng) and the net.core.rmem_max option on your host, see<BR><BR><A href="http://www.balabit.com/sites/default/files/documents/syslog-ng-ose-v3.2-guide-admin-en.html/reference_source_tcpudp.html" target=_blank>http://www.balabit.com/sites/default/files/documents/syslog-ng-ose-v3.2-guide-admin-en.html/reference_source_tcpudp.html</A><BR><BR>Others have reported similar problems recently with the default UDP settings of <BR>RHEL, you might have run into the same issue.<BR><BR>Regards,<BR>Robert<BR><BR><BR><BR>add gy wrote:<BR><BR>> Hi,<BR>> <BR>> I have installed syslog-ng on RHEL server as log host server for 250 <BR>> router , switches but some time i recive messages some times i dont , <BR>> when i check it on other syslog server on windows i revice syslog <BR>> messages with any problem.<BR>> <BR>> Request to
please review syslog-ng config file and give some suggetion.<BR>> <BR>> config file<BR>> -------------------------------------------------------------------------------------------------------------------------<BR>> <BR>> # configuration file for syslog-ng, customized for remote logging<BR>> #<BR>> source s_internal { internal(); };<BR>> destination d_syslognglog { file("/var/log/syslog-ng.log"); };<BR>> log { source(s_internal); destination(d_syslognglog); };<BR>> # Local sources, filters and destinations are commented out<BR>> # If you want to replace sysklogd simply uncomment the following<BR>> # parts and disable sysklogd<BR>> #<BR>> # Local sources<BR>> #<BR>> #source s_local {<BR>> # unix-dgram("/dev/log");<BR>> # file("/proc/kmsg" log_prefix("kernel:"));<BR>> #};<BR>> #<BR>> # Local filters<BR>> #<BR>>
#filter f_messages { level(info..emerg); };<BR>> #filter f_secure { facility(authpriv); };<BR>> #filter f_mail { facility(mail); };<BR>> #filter f_cron { facility(cron); };<BR>> #filter f_emerg { level(emerg); };<BR>> #filter f_spooler { level(crit..emerg) and facility(uucp, news); };<BR>> #filter f_local7 { facility(local7); };<BR>> #<BR>> # Local destinations<BR>> #<BR>> #destination d_messages { file("/var/log/messages"); };<BR>> #destination d_secure { file("/var/log/secure"); };<BR>> #destination d_maillog { file("/var/log/maillog"); };<BR>> #destination d_cron { file("/var/log/cron"); };<BR>> #destination d_console { usertty("root"); };<BR>> #destination d_spooler { file("/var/log/spooler"); };<BR>> #destination d_bootlog { file("/var/log/boot.log"); };<BR>> #<BR>> # Local logs - order DOES matter !<BR>> #<BR>> #log { source(s_local); filter(f_emerg); destination(d_console); };<BR>>
#log { source(s_local); filter(f_secure); destination(d_secure); <BR>> flags(final); };<BR>> #log { source(s_local); filter(f_mail); destination(d_maillog); <BR>> flags(final); };<BR>> #log { source(s_local); filter(f_cron); destination(d_cron); <BR>> flags(final); };<BR>> #log { source(s_local); filter(f_spooler); destination(d_spooler); };<BR>> #log { source(s_local); filter(f_local7); destination(d_bootlog); };<BR>> #log { source(s_local); filter(f_messages); destination(d_messages); };<BR>> <BR>> # Remote logging<BR>> source s_remote {<BR>> tcp(ip(0.0.0.0) port(514));<BR>> udp(ip(0.0.0.0) port(514));<BR>> };<BR>> destination d_separatedbyhosts {<BR>> file("/var/log/syslog-ng/$HOST/messages" owner("root") <BR>> group("root") perm(0655) dir_perm(0744) create_dirs(yes));<BR>> };<BR>>
log { source(s_remote); destination(d_separatedbyhosts); };<BR>> ------------------------------------------------------------------------------------------------------------------------<BR>> <BR>> Regards,<BR>> Add<BR>> <BR>> <BR>> <BR>> ------------------------------------------------------------------------<BR>> <BR>> ______________________________________________________________________________<BR>> Member info: <A href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" target=_blank>https://lists.balabit.hu/mailman/listinfo/syslog-ng</A><BR>> Documentation: <A href="http://www.balabit.com/support/documentation/?product=syslog-ng" target=_blank>http://www.balabit.com/support/documentation/?product=syslog-ng</A><BR>> FAQ: <A href="http://www.campin.net/syslog-ng/faq.html" target=_blank>http://www.campin.net/syslog-ng/faq.html</A><BR>>
<BR><BR>______________________________________________________________________________<BR>Member info: <A href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" target=_blank>https://lists.balabit.hu/mailman/listinfo/syslog-ng</A><BR>Documentation: <A href="http://www.balabit.com/support/documentation/?product=syslog-ng" target=_blank>http://www.balabit.com/support/documentation/?product=syslog-ng</A><BR>FAQ: <A href="http://www.campin.net/syslog-ng/faq.html" target=_blank>http://www.campin.net/syslog-ng/faq.html</A><BR><BR></DIV></BLOCKQUOTE></td></tr></table><br>