<table cellspacing="0" cellpadding="0" border="0" ><tr><td valign="top" style="font: inherit;"><DIV>HI,</DIV>
<DIV> </DIV>
<DIV>Thanks for replay Fekete,</DIV>
<DIV> </DIV>
<DIV>I tryied it but no use i still only recive INFO and WARNING messages not able to recive debug and others.</DIV>
<DIV> </DIV>
<DIV>Regards,</DIV>
<DIV>Add<BR><BR>--- On <B>Thu, 11/11/10, Fekete Robert <I><frobert@balabit.hu></I></B> wrote:<BR></DIV>
<BLOCKQUOTE style="BORDER-LEFT: rgb(16,16,255) 2px solid; PADDING-LEFT: 5px; MARGIN-LEFT: 5px"><BR>From: Fekete Robert <frobert@balabit.hu><BR>Subject: Re: [syslog-ng] Not able to recive all syslog messages<BR>To: "Syslog-ng users' and developers' mailing list" <syslog-ng@lists.balabit.hu><BR>Date: Thursday, 11 November, 2010, 2:30 PM<BR><BR>
<DIV class=plainMail>Hi,<BR>Try:<BR>source s_remote {<BR> tcp(ip(0.0.0.0) port(514));<BR> udp(ip(0.0.0.0) port(514));<BR> so_recvbuf(2097152);<BR> };<BR>and see if it improves your situation.<BR><BR>But you should also:<BR>- use tcpdump to verify that the messages actually arrive to your logserver<BR>- probably increase the net.core.rmem_max parameter of your logserver (for <BR>example, to 1024000). See the redhat manuals for details on how to do this on <BR>your platform.<BR><BR>Robert<BR><BR><BR>add gy wrote:<BR><BR>> Hi,<BR>> <BR>> I have also noted that i am only able to recive Info and warnning <BR>> message i want to recive all messages from devices.<BR>> <BR>> Please can any one help , review syslog config file.<BR>> <BR>> Regards,<BR>>
Add<BR>> <BR>> --- On *Wed, 10/11/10, add gy /<<A href="http://aa.mc453.mail.yahoo.com/mc/compose?to=addyg420@yahoo.com" ymailto="mailto:addyg420@yahoo.com">addyg420@yahoo.com</A>>/* wrote:<BR>> <BR>> <BR>> From: add gy <<A href="http://aa.mc453.mail.yahoo.com/mc/compose?to=addyg420@yahoo.com" ymailto="mailto:addyg420@yahoo.com">addyg420@yahoo.com</A>><BR>> Subject: [syslog-ng] Not able to recive all syslog messages<BR>> To: <A href="http://aa.mc453.mail.yahoo.com/mc/compose?to=syslog-ng@lists.balabit.hu" ymailto="mailto:syslog-ng@lists.balabit.hu">syslog-ng@lists.balabit.hu</A><BR>> Date: Wednesday, 10 November, 2010, 1:34 PM<BR>> <BR>> Hi,<BR>> <BR>> I have installed syslog-ng on RHEL server as log host server for 250<BR>>
router , switches but some time i recive messages some times i dont<BR>> , when i check it on other syslog server on windows i revice syslog<BR>> messages with any problem.<BR>> <BR>> Request to please review syslog-ng config file and give some suggetion.<BR>> <BR>> config file<BR>> -------------------------------------------------------------------------------------------------------------------------<BR>> <BR>> # configuration file for syslog-ng, customized for remote logging<BR>> #<BR>> source s_internal { internal(); };<BR>> destination d_syslognglog { file("/var/log/syslog-ng.log"); };<BR>> log {
source(s_internal); destination(d_syslognglog); };<BR>> # Local sources, filters and destinations are commented out<BR>> # If you want to replace sysklogd simply uncomment the following<BR>> # parts and disable sysklogd<BR>> #<BR>> # Local sources<BR>> #<BR>> #source s_local {<BR>> # unix-dgram("/dev/log");<BR>> # file("/proc/kmsg" log_prefix("kernel:"));<BR>> #};<BR>> #<BR>> # Local filters<BR>> #<BR>> #filter f_messages { level(info..emerg); };<BR>> #filter f_secure { facility(authpriv);
};<BR>> #filter f_mail { facility(mail); };<BR>> #filter f_cron { facility(cron); };<BR>> #filter f_emerg { level(emerg); };<BR>> #filter f_spooler { level(crit..emerg) and facility(uucp, news); };<BR>> #filter f_local7 { facility(local7); };<BR>> #<BR>> # Local destinations<BR>> #<BR>> #destination d_messages { file("/var/log/messages"); };<BR>> #destination d_secure { file("/var/log/secure"); };<BR>> #destination d_maillog { file("/var/log/maillog"); };<BR>> #destination d_cron { file("/var/log/cron"); };<BR>> #destination d_console { usertty("root"); };<BR>> #destination
d_spooler { file("/var/log/spooler"); };<BR>> #destination d_bootlog { file("/var/log/boot.log"); };<BR>> #<BR>> # Local logs - order DOES matter !<BR>> #<BR>> #log { source(s_local); filter(f_emerg); destination(d_console); };<BR>> #log { source(s_local); filter(f_secure); destination(d_secure);<BR>> flags(final); };<BR>> #log { source(s_local); filter(f_mail); destination(d_maillog);<BR>> flags(final); };<BR>> #log { source(s_local); filter(f_cron); destination(d_cron);<BR>> flags(final); };<BR>> #log { source(s_local); filter(f_spooler); destination(d_spooler); };<BR>> #log { source(s_local);
filter(f_local7); destination(d_bootlog); };<BR>> #log { source(s_local); filter(f_messages); destination(d_messages); };<BR>> <BR>> # Remote logging<BR>> source s_remote {<BR>> tcp(ip(0.0.0.0) port(514));<BR>> udp(ip(0.0.0.0) port(514));<BR>> };<BR>> destination d_separatedbyhosts {<BR>> file("/var/log/syslog-ng/$HOST/messages" owner("root")<BR>> group("root") perm(0655) dir_perm(0744) create_dirs(yes));<BR>> };<BR>> log { source(s_remote); destination(d_separatedbyhosts); };<BR>>
------------------------------------------------------------------------------------------------------------------------<BR>> <BR>> Regards,<BR>> Add<BR>> <BR>> <BR>> <BR>> -----Inline Attachment Follows-----<BR>> <BR>> ______________________________________________________________________________<BR>> Member info: <A href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" target=_blank>https://lists.balabit.hu/mailman/listinfo/syslog-ng</A><BR>> Documentation:<BR>> <A href="http://www.balabit.com/support/documentation/?product=syslog-ng" target=_blank>http://www.balabit.com/support/documentation/?product=syslog-ng</A><BR>> FAQ: <A href="http://www.campin.net/syslog-ng/faq.html"
target=_blank>http://www.campin.net/syslog-ng/faq.html</A><BR>> <BR>> <BR>> <BR>> ------------------------------------------------------------------------<BR>> <BR>> ______________________________________________________________________________<BR>> Member info: <A href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" target=_blank>https://lists.balabit.hu/mailman/listinfo/syslog-ng</A><BR>> Documentation: <A href="http://www.balabit.com/support/documentation/?product=syslog-ng" target=_blank>http://www.balabit.com/support/documentation/?product=syslog-ng</A><BR>> FAQ: <A href="http://www.campin.net/syslog-ng/faq.html" target=_blank>http://www.campin.net/syslog-ng/faq.html</A><BR>> <BR><BR>______________________________________________________________________________<BR>Member info: <A href="https://lists.balabit.hu/mailman/listinfo/syslog-ng"
target=_blank>https://lists.balabit.hu/mailman/listinfo/syslog-ng</A><BR>Documentation: <A href="http://www.balabit.com/support/documentation/?product=syslog-ng" target=_blank>http://www.balabit.com/support/documentation/?product=syslog-ng</A><BR>FAQ: <A href="http://www.campin.net/syslog-ng/faq.html" target=_blank>http://www.campin.net/syslog-ng/faq.html</A><BR><BR></DIV></BLOCKQUOTE></td></tr></table><br>