Messages from kernel, syslog-ng are being written but not the ones coming on udp 514 to the destination file as seen below. <br><br>[root@aspsyslog ~]# ls -ltr /var/log/messages_syslog-ng.log<br><span style="background-color: rgb(255, 0, 0);">-rw-r--r-- 1</span> root root 24645 2010-11-17 15:32 /var/log/messages_syslog-ng.log<br>
<br>Nov 17 14:28:55 s_all@aspsyslog syslog-ng[4460]: Configuration reload request received, reloading configuration;<br>Nov 17 14:29:40 s_all@aspsyslog syslog-ng[4460]: Configuration reload request received, reloading configuration;<br>
Nov 17 14:30:09 s_all@aspsyslog syslog-ng[4460]: Configuration reload request received, reloading configuration;<br>Nov 17 14:36:33 s_all@aspsyslog syslog-ng[4460]: Termination requested via signal, terminating;<br>Nov 17 14:36:33 s_all@aspsyslog syslog-ng[4460]: syslog-ng shutting down; version='3.1.2'<br>
Nov 17 14:36:40 s_all@aspsyslog syslog-ng[8051]: syslog-ng starting up; version='3.1.2'<br>Nov 17 14:40:49 s_all@aspsyslog syslog-ng[8051]: Configuration reload request received, reloading configuration;<br>Nov 17 14:47:07 s_all@aspsyslog syslog-ng[8051]: Termination requested via signal, terminating;<br>
Nov 17 14:47:07 s_all@aspsyslog syslog-ng[8051]: syslog-ng shutting down; version='3.1.2'<br>Nov 17 14:55:43 s_all@aspsyslog kernel: device eth0 entered promiscuous mode<br>Nov 17 14:56:09 s_all@aspsyslog kernel: device eth0 left promiscuous mode<br>
Nov 17 14:58:04 s_all@aspsyslog kernel: device eth0 entered promiscuous mode<br>Nov 17 14:58:11 s_all@aspsyslog kernel: device eth0 left promiscuous mode<br><br><br><br><br><div class="gmail_quote">On Wed, Nov 17, 2010 at 4:29 PM, Martin Holste <span dir="ltr"><<a href="mailto:mcholste@gmail.com">mcholste@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">Hm, maybe a permissions issue with writing? Try putting in<br>
/tmp/somefile as the destination and see if that works. Also, you<br>
should verify that messages are in fact arriving on the server using<br>
tcpdump.<br>
<div><div></div><div class="h5"><br>
On Wed, Nov 17, 2010 at 3:44 PM, keshava Veerabhadraiah<br>
<<a href="mailto:mv.keshava@gmail.com">mv.keshava@gmail.com</a>> wrote:<br>
> Hi<br>
> I am new to syslog-ng and I have gone through other post to see if I can<br>
> get a resolution to my problem.<br>
> Syslog is not writing to the destination file any messages received on udp()<br>
> or tcp().<br>
> I have made sure that syslog server is receiving the syslog messages as seen<br>
> from the tcpdump<br>
><br>
><br>
> 15:09:55.422423 IP 10.140.141.6.syslog > aspsyslog.sungardebs.com.syslog:<br>
> SYSLOG local4.warning, length: 153<br>
> 15:09:55.434638 IP 10.140.141.6.syslog > aspsyslog.sungardebs.com.syslog:<br>
> SYSLOG <a href="http://local4.info" target="_blank">local4.info</a>, length: 184<br>
> 15:09:55.470383 IP 10.140.141.6.syslog > aspsyslog.sungardebs.com.syslog:<br>
> SYSLOG <a href="http://local4.info" target="_blank">local4.info</a>, length: 176<br>
> 15:09:55.473519 IP 10.140.141.6.syslog > aspsyslog.sungardebs.com.syslog:<br>
> SYSLOG <a href="http://local4.info" target="_blank">local4.info</a>, length: 190<br>
> 15:09:55.493361 IP 10.140.141.6.syslog > aspsyslog.sungardebs.com.syslog:<br>
> SYSLOG <a href="http://local4.info" target="_blank">local4.info</a>, length: 180<br>
> 15:09:55.493748 IP aspsyslog.sungardebs.com.ssh > nim.sungardebs.com.42703:<br>
> P 128608:129696(1088) ack 289 win 461 <nop,nop,timestamp 88706531<br>
> 1310848493><br>
> 15:09:55.495519 IP 10.140.141.9.syslog > aspsyslog.sungardebs.com.syslog:<br>
> SYSLOG <a href="http://local4.info" target="_blank">local4.info</a>, length: 188<br>
> 15:09:55.495548 IP 10.140.141.9.syslog > aspsyslog.sungardebs.com.syslog:<br>
> SYSLOG local4.debug, length: 90<br>
> 15:09:55.495556 IP 10.140.141.9.syslog > aspsyslog.sungardebs.com.syslog:<br>
> SYSLOG local4.debug, length: 85<br>
> 15:09:55.521115 IP 10.140.141.6.syslog > aspsyslog.sungardebs.com.syslog:<br>
> SYSLOG local4.debug, length: 87<br>
> 15:09:55.521188 IP 10.140.141.6.syslog > aspsyslog.sungardebs.com.syslog:<br>
> SYSLOG <a href="http://local4.info" target="_blank">local4.info</a>, length: 188<br>
> 15:09:55.522041 IP 10.140.141.6.syslog > aspsyslog.sungardebs.com.syslog:<br>
> SYSLOG <a href="http://local4.info" target="_blank">local4.info</a>, length: 175<br>
> 15:09:55.522212 IP 10.140.141.7.syslog > aspsyslog.sungardebs.com.syslog:<br>
> SYSLOG <a href="http://local4.info" target="_blank">local4.info</a>, length: 164<br>
><br>
><br>
><br>
> Here is how my syslog-ng config looks.<br>
><br>
> @version: 3.0<br>
> #Default configuration file for syslog-ng.<br>
> #<br>
> # For a description of syslog-ng configuration file directives, please read<br>
> # the syslog-ng Administrator's guide at:<br>
> #<br>
> # <a href="http://www.balabit.com/dl/html/syslog-ng-admin-guide_en.html/bk01-toc.html" target="_blank">http://www.balabit.com/dl/html/syslog-ng-admin-guide_en.html/bk01-toc.html</a><br>
> #<br>
><br>
> options {<br>
> chain_hostnames(no);<br>
> create_dirs (no);<br>
> dir_perm(0755);<br>
> dns_cache(no);<br>
> keep_hostname(yes);<br>
> log_fifo_size(2048);<br>
> log_msg_size(1024);<br>
> log_iw_size (500);<br>
> long_hostnames(on);<br>
> perm(0644);<br>
> stats_freq(3600);<br>
> flush_lines(100);<br>
> time_reopen (10);<br>
> use_dns(no);<br>
> use_fqdn(yes);<br>
> # max_connections(100);<br>
><br>
> };<br>
><br>
> source s_all {<br>
> udp(so_rcvbuf(2048576));<br>
> tcp();<br>
> unix-stream("/dev/log");<br>
> internal();<br>
> file("/proc/kmsg");<br>
> };<br>
><br>
> destination d_file_normal {file("/var/log/messages_syslog-ng.log"); };<br>
><br>
> log { source(s_all); destination (d_file_normal); };<br>
><br>
><br>
> Any help would be greatly appreciated.<br>
><br>
> Thanks<br>
><br>
><br>
><br>
><br>
><br>
><br>
</div></div>> ______________________________________________________________________________<br>
> Member info: <a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" target="_blank">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a><br>
> Documentation:<br>
> <a href="http://www.balabit.com/support/documentation/?product=syslog-ng" target="_blank">http://www.balabit.com/support/documentation/?product=syslog-ng</a><br>
> FAQ: <a href="http://www.campin.net/syslog-ng/faq.html" target="_blank">http://www.campin.net/syslog-ng/faq.html</a><br>
><br>
><br>
><br>
______________________________________________________________________________<br>
Member info: <a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" target="_blank">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a><br>
Documentation: <a href="http://www.balabit.com/support/documentation/?product=syslog-ng" target="_blank">http://www.balabit.com/support/documentation/?product=syslog-ng</a><br>
FAQ: <a href="http://www.campin.net/syslog-ng/faq.html" target="_blank">http://www.campin.net/syslog-ng/faq.html</a><br>
<br>
</blockquote></div><br>