<div dir="ltr">Hi,<div><br></div><div>The problem is with this line:</div><div><br></div><div><span style="font-size:12.8000001907349px"><i>log { source(); destination(mongodb); };</i></span><br></div><div><span style="font-size:12.8000001907349px"><br></span></div><div><span style="font-size:12.8000001907349px">There is nothing in source().</span></div><div><span style="font-size:12.8000001907349px"><br></span></div><div><span style="font-size:12.8000001907349px">This should be right:</span></div><div><span style="font-size:12.8000001907349px"><br></span></div><div><span style="font-size:12.8000001907349px"><i>log { source(s_src); destination(mongodb); };</i></span><span style="font-size:12.8000001907349px"><br></span></div><div><span style="font-size:12.8000001907349px"><br></span></div><div><span style="font-size:12.8000001907349px">Cheers,</span></div><div><span style="font-size:12.8000001907349px">Tibor</span></div></div><div class="gmail_extra"><br><div class="gmail_quote">2015-05-12 19:29 GMT+02:00 Rick Silacci <span dir="ltr"><<a href="mailto:rick@velociter.net" target="_blank">rick@velociter.net</a>></span>:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div lang="EN-US" link="#0563C1" vlink="#954F72"><div><p class="MsoNormal"><b><span style="font-size:10.0pt;font-family:"Arial",sans-serif"><u></u> <u></u></span></b></p><p class="MsoNormal"><b><span style="font-size:10.0pt;font-family:"Arial",sans-serif"><u></u> <u></u></span></b></p><p class="MsoNormal"><b><span style="font-size:10.0pt;font-family:"Arial",sans-serif">I can’t figure out why I’m getting this message. Keep in mind, I just started using syslog. Here’s the cfg:<u></u><u></u></span></b></p><p class="MsoNormal"><b><span style="font-size:10.0pt;font-family:"Arial",sans-serif"><u></u> <u></u></span></b></p><p>@version: 3.5<u></u><u></u></p><p>@include "scl.conf"<u></u><u></u></p><p>@include "`scl-root`/system/tty10.conf"<u></u><u></u></p><p><u></u> <u></u></p><p># Syslog-ng configuration file, compatible with default Debian syslogd # installation.<u></u><u></u></p><p><u></u> <u></u></p><p># First, set some global options.<u></u><u></u></p><p>options { chain_hostnames(off); flush_lines(0); use_dns(no); use_fqdn(no);<u></u><u></u></p><p> owner("root"); group("adm"); perm(0640); stats_freq(0);<u></u><u></u></p><p> bad_hostname("^gconfd$");<u></u><u></u></p><p>};<u></u><u></u></p><p><u></u> <u></u></p><p>########################<u></u><u></u></p><p># Sources<u></u><u></u></p><p>########################<u></u><u></u></p><p># This is the default behavior of sysklogd package # Logs may come from unix stream, but not from another machine.<u></u><u></u></p><p>#<u></u><u></u></p><p>#source s_src {<u></u><u></u></p><p># system();<u></u><u></u></p><p># internal();<u></u><u></u></p><p>#};<u></u><u></u></p><p><u></u> <u></u></p><p>destination mongodb { mongodb(); };<u></u><u></u></p><p>log { source(); destination(mongodb); };<u></u><u></u></p><p><u></u> <u></u></p><p><u></u> <u></u></p><p><u></u> <u></u></p><p># If you wish to get logs from remote machine you should uncomment # this and comment the above source line.<u></u><u></u></p><p>#<u></u><u></u></p><p>source s_net { tcp(ip(127.0.0.1) port(1000) keep-alive(yes)); };<u></u><u></u></p><p><u></u> <u></u></p><p>########################<u></u><u></u></p><p># Destinations<u></u><u></u></p><p>########################<u></u><u></u></p><p># First some standard logfile<u></u><u></u></p><p>#<u></u><u></u></p><p>destination d_auth { file("/var/log/auth.log"); }; destination d_cron { file("/var/log/cron.log"); }; destination d_daemon { file("/var/log/daemon.log"); }; destination d_kern { file("/var/log/kern.log"); }; destination d_lpr { file("/var/log/lpr.log"); }; destination d_mail { file("/var/log/mail.log"); }; destination d_syslog { file("/var/log/syslog"); }; destination d_user { file("/var/log/user.log"); }; destination d_uucp { file("/var/log/uucp.log"); };<u></u><u></u></p><p><u></u> <u></u></p><p>#destination mongodb { file("/var/log/mongodb.log"); };<u></u><u></u></p><p><u></u> <u></u></p><p><u></u> <u></u></p><p># This files are the log come from the mail subsystem.<u></u><u></u></p><p>#<u></u><u></u></p><p>destination d_mailinfo { file("/var/log/<a href="http://mail.info" target="_blank">mail.info</a>"); }; destination d_mailwarn { file("/var/log/mail.warn"); }; destination d_mailerr { file("/var/log/mail.err"); };<u></u><u></u></p><p><u></u> <u></u></p><p># Logging for INN news system<u></u><u></u></p><p>#<u></u><u></u></p><p>destination d_newscrit { file("/var/log/news/news.crit"); }; destination d_newserr { file("/var/log/news/news.err"); }; destination d_newsnotice { file("/var/log/news/news.notice"); };<u></u><u></u></p><p><u></u> <u></u></p><p># Some `catch-all' logfiles.<u></u><u></u></p><p>#<u></u><u></u></p><p>destination d_debug { file("/var/log/debug"); }; destination d_error { file("/var/log/error"); }; destination d_messages { file("/var/log/messages"); };<u></u><u></u></p><p><u></u> <u></u></p><p># The root's console.<u></u><u></u></p><p>#<u></u><u></u></p><p>destination d_console { usertty("root"); };<u></u><u></u></p><p><u></u> <u></u></p><p># Virtual console.<u></u><u></u></p><p>#<u></u><u></u></p><p>destination d_console_all { file(`tty10`); };<u></u><u></u></p><p><u></u> <u></u></p><p># The named pipe /dev/xconsole is for the nsole' utility. To use it, # you must invoke nsole' with the -file' option:<u></u><u></u></p><p>#<u></u><u></u></p><p># $ xconsole -file /dev/xconsole [...]<u></u><u></u></p><p>#<u></u><u></u></p><p>destination d_xconsole { pipe("/dev/xconsole"); };<u></u><u></u></p><p><u></u> <u></u></p><p># Send the messages to an other host<u></u><u></u></p><p>#<u></u><u></u></p><p>#destination d_net { tcp("127.0.0.1" port(1000) log_fifo_size(1000)); };<u></u><u></u></p><p><u></u> <u></u></p><p># Debian only<u></u><u></u></p><p>destination d_ppp { file("/var/log/ppp.log"); };<u></u><u></u></p><p><u></u> <u></u></p><p>########################<u></u><u></u></p><p># Filters<u></u><u></u></p><p>########################<u></u><u></u></p><p># Here's come the filter options. With this rules, we can set which # message go where.<u></u><u></u></p><p><u></u> <u></u></p><p>filter f_dbg { level(debug); };<u></u><u></u></p><p>filter f_info { level(info); };<u></u><u></u></p><p>filter f_notice { level(notice); };<u></u><u></u></p><p>filter f_warn { level(warn); };<u></u><u></u></p><p>filter f_err { level(err); };<u></u><u></u></p><p>filter f_crit { level(crit .. emerg); };<u></u><u></u></p><p><u></u> <u></u></p><p>filter f_debug { level(debug) and not facility(auth, authpriv, news, mail); }; filter f_error { level(err .. emerg) ; }; filter f_messages { level(info,notice,warn) and <u></u><u></u></p><p> not facility(auth,authpriv,cron,daemon,mail,news); };<u></u><u></u></p><p><u></u> <u></u></p><p>filter f_auth { facility(auth, authpriv) and not filter(f_debug); }; filter f_cron { facility(cron) and not filter(f_debug); }; filter f_daemon { facility(daemon) and not filter(f_debug); }; filter f_kern { facility(kern) and not filter(f_debug); }; filter f_lpr { facility(lpr) and not filter(f_debug); }; filter f_local { facility(local0, local1, local3, local4, local5,<u></u><u></u></p><p> local6, local7) and not filter(f_debug); }; filter f_mail { facility(mail) and not filter(f_debug); }; filter f_news { facility(news) and not filter(f_debug); }; filter f_syslog3 { not facility(auth, authpriv, mail) and not filter(f_debug); }; filter f_user { facility(user) and not filter(f_debug); }; filter f_uucp { facility(uucp) and not filter(f_debug); };<u></u><u></u></p><p><u></u> <u></u></p><p>filter f_cnews { level(notice, err, crit) and facility(news); }; filter f_cother { level(debug, info, notice, warn) or facility(daemon, mail); };<u></u><u></u></p><p><u></u> <u></u></p><p>filter f_ppp { facility(local2) and not filter(f_debug); }; filter f_console { level(warn .. emerg); };<u></u><u></u></p><p><u></u> <u></u></p><p>########################<u></u><u></u></p><p># Log paths<u></u><u></u></p><p>########################<u></u><u></u></p><p>log { source(s_src); filter(f_auth); destination(d_auth); }; log { source(s_src); filter(f_cron); destination(d_cron); }; log { source(s_src); filter(f_daemon); destination(d_daemon); }; log { source(s_src); filter(f_kern); destination(d_kern); }; log { source(s_src); filter(f_lpr); destination(d_lpr); }; log { source(s_src); filter(f_syslog3); destination(d_syslog); }; log { source(s_src); filter(f_user); destination(d_user); }; log { source(s_src); filter(f_uucp); destination(d_uucp); };<u></u><u></u></p><p><u></u> <u></u></p><p>log { source(s_src); filter(f_mail); destination(d_mail); }; #log { source(s_src); filter(f_mail); filter(f_info); destination(d_mailinfo); }; #log { source(s_src); filter(f_mail); filter(f_warn); destination(d_mailwarn); }; #log { source(s_src); filter(f_mail); filter(f_err); destination(d_mailerr); };<u></u><u></u></p><p><u></u> <u></u></p><p>log { source(s_src); filter(f_news); filter(f_crit); destination(d_newscrit); }; log { source(s_src); filter(f_news); filter(f_err); destination(d_newserr); }; log { source(s_src); filter(f_news); filter(f_notice); destination(d_newsnotice); }; #log { source(s_src); filter(f_cnews); destination(d_console_all); }; #log { source(s_src); filter(f_cother); destination(d_console_all); };<u></u><u></u></p><p><u></u> <u></u></p><p>#log { source(s_src); filter(f_ppp); destination(d_ppp); };<u></u><u></u></p><p><u></u> <u></u></p><p>log { source(s_src); filter(f_debug); destination(d_debug); }; log { source(s_src); filter(f_error); destination(d_error); }; log { source(s_src); filter(f_messages); destination(d_messages); };<u></u><u></u></p><p><u></u> <u></u></p><p>log { source(s_src); filter(f_console); destination(d_console_all);<u></u><u></u></p><p> destination(d_xconsole); };<u></u><u></u></p><p>log { source(s_src); filter(f_crit); destination(d_console); };<u></u><u></u></p><p><u></u> <u></u></p><p># All messages send to a remote site<u></u><u></u></p><p>#<u></u><u></u></p><p>#log { source(s_src); destination(d_net); };<u></u><u></u></p><p><u></u> <u></u></p><p>###<u></u><u></u></p><p># Include all config files in /etc/syslog-ng/conf.d/ ### @include "/etc/syslog-ng/conf.d/*.conf"<u></u><u></u></p><p class="MsoNormal"><b><span style="font-size:10.0pt;font-family:"Arial",sans-serif"><u></u> <u></u></span></b></p><p class="MsoNormal"><b><span style="font-size:10.0pt;font-family:"Arial",sans-serif"><u></u> <u></u></span></b></p></div></div><br>______________________________________________________________________________<br>
Member info: <a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" target="_blank">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a><br>
Documentation: <a href="http://www.balabit.com/support/documentation/?product=syslog-ng" target="_blank">http://www.balabit.com/support/documentation/?product=syslog-ng</a><br>
FAQ: <a href="http://www.balabit.com/wiki/syslog-ng-faq" target="_blank">http://www.balabit.com/wiki/syslog-ng-faq</a><br>
<br>
<br></blockquote></div><br></div>