<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><meta http-equiv=Content-Type content="text/html; charset=utf-8"><meta name=Generator content="Microsoft Word 15 (filtered medium)"><style><!--
/* Font Definitions */
@font-face
        {font-family:"Cambria Math";
        panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
        {font-family:Calibri;
        panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
        {margin:0in;
        margin-bottom:.0001pt;
        font-size:12.0pt;
        font-family:"Times New Roman",serif;}
a:link, span.MsoHyperlink
        {mso-style-priority:99;
        color:blue;
        text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
        {mso-style-priority:99;
        color:purple;
        text-decoration:underline;}
p.MsoPlainText, li.MsoPlainText, div.MsoPlainText
        {mso-style-priority:99;
        mso-style-link:"Plain Text Char";
        margin:0in;
        margin-bottom:.0001pt;
        font-size:10.0pt;
        font-family:"Arial",sans-serif;
        font-weight:bold;}
p
        {mso-style-priority:99;
        mso-margin-top-alt:auto;
        margin-right:0in;
        mso-margin-bottom-alt:auto;
        margin-left:0in;
        font-size:12.0pt;
        font-family:"Times New Roman",serif;}
span.EmailStyle18
        {mso-style-type:personal-reply;
        font-family:"Arial",sans-serif;
        color:#1F497D;
        font-weight:bold;}
span.PlainTextChar
        {mso-style-name:"Plain Text Char";
        mso-style-priority:99;
        mso-style-link:"Plain Text";
        font-family:"Arial",sans-serif;
        font-weight:bold;}
.MsoChpDefault
        {mso-style-type:export-only;
        font-family:"Calibri",sans-serif;}
@page WordSection1
        {size:8.5in 11.0in;
        margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
        {page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></head><body lang=EN-US link=blue vlink=purple><div class=WordSection1><p class=MsoNormal><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif;color:#1F497D'>One more question: I get this when trying to start syslogng-web:<o:p></o:p></span></b></p><p class=MsoNormal><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif;color:#1F497D'><o:p> </o:p></span></b></p><p class=MsoPlainText>syslog-ng@syslogng-virtual-machine:~/syslogng-web$ sudo node app.js <o:p></o:p></p><p class=MsoPlainText>Option log level is not valid. Please refer to the README.<o:p></o:p></p><p class=MsoPlainText>initializing subsystem<o:p></o:p></p><p class=MsoPlainText> ...connected to MongoDB database<o:p></o:p></p><p class=MsoPlainText>An error occured while setting up syslogng-web: collection syslog.messages not found Bail out syslog-ng@syslogng-virtual-machine:~/syslogng-web$ <o:p></o:p></p><p class=MsoNormal><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif;color:#1F497D'><o:p> </o:p></span></b></p><p class=MsoNormal><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif;color:#1F497D'><o:p> </o:p></span></b></p><p class=MsoNormal><b><span style='font-size:11.0pt;font-family:"Calibri",sans-serif'>From:</span></b><span style='font-size:11.0pt;font-family:"Calibri",sans-serif'> syslog-ng-bounces@lists.balabit.hu [mailto:syslog-ng-bounces@lists.balabit.hu] <b>On Behalf Of </b>Tibor Benke<br><b>Sent:</b> Tuesday, May 12, 2015 10:48 AM<br><b>To:</b> Syslog-ng users' and developers' mailing list<br><b>Subject:</b> Re: [syslog-ng] Error resolving reference; content='source', name='src', location='/etc/syslog-ng/syslog-ng.conf:26:7<o:p></o:p></span></p><p class=MsoNormal><o:p> </o:p></p><div><div><p class=MsoNormal>It depends on..<o:p></o:p></p></div><div><p class=MsoNormal><o:p> </o:p></p></div><p class=MsoNormal>If you want to listen to /dev/log, your kernel logs and syslog-ng's own internal logs you should uncomment the s_src definition and use source(s_src).<o:p></o:p></p><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal>If you want to listen to network logs, you should use source(s_net). It is already defined in your config you just have to use it.<o:p></o:p></p></div><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal>You may find more information in syslog-ng's manual:<o:p></o:p></p></div><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal><a href="https://www.balabit.com/sites/default/files/documents/syslog-ng-ose-latest-guides/en/syslog-ng-ose-guide-admin/html-single/index.html#chapter-sources">https://www.balabit.com/sites/default/files/documents/syslog-ng-ose-latest-guides/en/syslog-ng-ose-guide-admin/html-single/index.html#chapter-sources</a><o:p></o:p></p></div><div><p class=MsoNormal><o:p> </o:p></p><div><p class=MsoNormal>2015-05-12 19:42 GMT+02:00 Rick Silacci <<a href="mailto:rick@velociter.net" target="_blank">rick@velociter.net</a>>:<o:p></o:p></p><blockquote style='border:none;border-left:solid #CCCCCC 1.0pt;padding:0in 0in 0in 6.0pt;margin-left:4.8pt;margin-right:0in'><div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif;color:#1F497D'>Hi,</span></b><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif;color:#1F497D'> </span></b><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif;color:#1F497D'>Is source going to be a file, directory or IP address?</span></b><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif;color:#1F497D'> </span></b><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif;color:#1F497D'> </span></b><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><b><span style='font-size:11.0pt;font-family:"Calibri",sans-serif'>From:</span></b><span style='font-size:11.0pt;font-family:"Calibri",sans-serif'> <a href="mailto:syslog-ng-bounces@lists.balabit.hu" target="_blank">syslog-ng-bounces@lists.balabit.hu</a> [mailto:<a href="mailto:syslog-ng-bounces@lists.balabit.hu" target="_blank">syslog-ng-bounces@lists.balabit.hu</a>] <b>On Behalf Of </b>Tibor Benke<br><b>Sent:</b> Tuesday, May 12, 2015 10:34 AM<br><b>To:</b> Syslog-ng users' and developers' mailing list<br><b>Subject:</b> Re: [syslog-ng] Error resolving reference; content='source', name='src', location='/etc/syslog-ng/syslog-ng.conf:26:7</span><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>Hi,<o:p></o:p></p><div><div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>The problem is with this line:<o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><i><span style='font-size:9.5pt'>log { source(); destination(mongodb); };</span></i><o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:9.5pt'>There is nothing in source().</span><o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:9.5pt'>This should be right:</span><o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><i><span style='font-size:9.5pt'>log { source(s_src); destination(mongodb); };</span></i><o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:9.5pt'>Cheers,</span><o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:9.5pt'>Tibor</span><o:p></o:p></p></div></div></div></div><div><div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>2015-05-12 19:29 GMT+02:00 Rick Silacci <<a href="mailto:rick@velociter.net" target="_blank">rick@velociter.net</a>>:<o:p></o:p></p><blockquote style='border:none;border-left:solid #CCCCCC 1.0pt;padding:0in 0in 0in 6.0pt;margin-left:4.8pt;margin-top:5.0pt;margin-right:0in;margin-bottom:5.0pt'><div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'> </span></b><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'> </span></b><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>I can’t figure out why I’m getting this message. Keep in mind, I just started using syslog. Here’s the cfg:</span></b><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'> </span></b><o:p></o:p></p><p>@version: 3.5<o:p></o:p></p><p>@include "scl.conf"<o:p></o:p></p><p>@include "`scl-root`/system/tty10.conf"<o:p></o:p></p><p> <o:p></o:p></p><p># Syslog-ng configuration file, compatible with default Debian syslogd # installation.<o:p></o:p></p><p> <o:p></o:p></p><p># First, set some global options.<o:p></o:p></p><p>options { chain_hostnames(off); flush_lines(0); use_dns(no); use_fqdn(no);<o:p></o:p></p><p> owner("root"); group("adm"); perm(0640); stats_freq(0);<o:p></o:p></p><p> bad_hostname("^gconfd$");<o:p></o:p></p><p>};<o:p></o:p></p><p> <o:p></o:p></p><p>########################<o:p></o:p></p><p># Sources<o:p></o:p></p><p>########################<o:p></o:p></p><p># This is the default behavior of sysklogd package # Logs may come from unix stream, but not from another machine.<o:p></o:p></p><p>#<o:p></o:p></p><p>#source s_src {<o:p></o:p></p><p># system();<o:p></o:p></p><p># internal();<o:p></o:p></p><p>#};<o:p></o:p></p><p> <o:p></o:p></p><p>destination mongodb { mongodb(); };<o:p></o:p></p><p>log { source(); destination(mongodb); };<o:p></o:p></p><p> <o:p></o:p></p><p> <o:p></o:p></p><p> <o:p></o:p></p><p># If you wish to get logs from remote machine you should uncomment # this and comment the above source line.<o:p></o:p></p><p>#<o:p></o:p></p><p>source s_net { tcp(ip(127.0.0.1) port(1000) keep-alive(yes)); };<o:p></o:p></p><p> <o:p></o:p></p><p>########################<o:p></o:p></p><p># Destinations<o:p></o:p></p><p>########################<o:p></o:p></p><p># First some standard logfile<o:p></o:p></p><p>#<o:p></o:p></p><p>destination d_auth { file("/var/log/auth.log"); }; destination d_cron { file("/var/log/cron.log"); }; destination d_daemon { file("/var/log/daemon.log"); }; destination d_kern { file("/var/log/kern.log"); }; destination d_lpr { file("/var/log/lpr.log"); }; destination d_mail { file("/var/log/mail.log"); }; destination d_syslog { file("/var/log/syslog"); }; destination d_user { file("/var/log/user.log"); }; destination d_uucp { file("/var/log/uucp.log"); };<o:p></o:p></p><p> <o:p></o:p></p><p>#destination mongodb { file("/var/log/mongodb.log"); };<o:p></o:p></p><p> <o:p></o:p></p><p> <o:p></o:p></p><p># This files are the log come from the mail subsystem.<o:p></o:p></p><p>#<o:p></o:p></p><p>destination d_mailinfo { file("/var/log/<a href="http://mail.info" target="_blank">mail.info</a>"); }; destination d_mailwarn { file("/var/log/mail.warn"); }; destination d_mailerr { file("/var/log/mail.err"); };<o:p></o:p></p><p> <o:p></o:p></p><p># Logging for INN news system<o:p></o:p></p><p>#<o:p></o:p></p><p>destination d_newscrit { file("/var/log/news/news.crit"); }; destination d_newserr { file("/var/log/news/news.err"); }; destination d_newsnotice { file("/var/log/news/news.notice"); };<o:p></o:p></p><p> <o:p></o:p></p><p># Some `catch-all' logfiles.<o:p></o:p></p><p>#<o:p></o:p></p><p>destination d_debug { file("/var/log/debug"); }; destination d_error { file("/var/log/error"); }; destination d_messages { file("/var/log/messages"); };<o:p></o:p></p><p> <o:p></o:p></p><p># The root's console.<o:p></o:p></p><p>#<o:p></o:p></p><p>destination d_console { usertty("root"); };<o:p></o:p></p><p> <o:p></o:p></p><p># Virtual console.<o:p></o:p></p><p>#<o:p></o:p></p><p>destination d_console_all { file(`tty10`); };<o:p></o:p></p><p> <o:p></o:p></p><p># The named pipe /dev/xconsole is for the nsole' utility. To use it, # you must invoke nsole' with the -file' option:<o:p></o:p></p><p>#<o:p></o:p></p><p># $ xconsole -file /dev/xconsole [...]<o:p></o:p></p><p>#<o:p></o:p></p><p>destination d_xconsole { pipe("/dev/xconsole"); };<o:p></o:p></p><p> <o:p></o:p></p><p># Send the messages to an other host<o:p></o:p></p><p>#<o:p></o:p></p><p>#destination d_net { tcp("127.0.0.1" port(1000) log_fifo_size(1000)); };<o:p></o:p></p><p> <o:p></o:p></p><p># Debian only<o:p></o:p></p><p>destination d_ppp { file("/var/log/ppp.log"); };<o:p></o:p></p><p> <o:p></o:p></p><p>########################<o:p></o:p></p><p># Filters<o:p></o:p></p><p>########################<o:p></o:p></p><p># Here's come the filter options. With this rules, we can set which # message go where.<o:p></o:p></p><p> <o:p></o:p></p><p>filter f_dbg { level(debug); };<o:p></o:p></p><p>filter f_info { level(info); };<o:p></o:p></p><p>filter f_notice { level(notice); };<o:p></o:p></p><p>filter f_warn { level(warn); };<o:p></o:p></p><p>filter f_err { level(err); };<o:p></o:p></p><p>filter f_crit { level(crit .. emerg); };<o:p></o:p></p><p> <o:p></o:p></p><p>filter f_debug { level(debug) and not facility(auth, authpriv, news, mail); }; filter f_error { level(err .. emerg) ; }; filter f_messages { level(info,notice,warn) and <o:p></o:p></p><p> not facility(auth,authpriv,cron,daemon,mail,news); };<o:p></o:p></p><p> <o:p></o:p></p><p>filter f_auth { facility(auth, authpriv) and not filter(f_debug); }; filter f_cron { facility(cron) and not filter(f_debug); }; filter f_daemon { facility(daemon) and not filter(f_debug); }; filter f_kern { facility(kern) and not filter(f_debug); }; filter f_lpr { facility(lpr) and not filter(f_debug); }; filter f_local { facility(local0, local1, local3, local4, local5,<o:p></o:p></p><p> local6, local7) and not filter(f_debug); }; filter f_mail { facility(mail) and not filter(f_debug); }; filter f_news { facility(news) and not filter(f_debug); }; filter f_syslog3 { not facility(auth, authpriv, mail) and not filter(f_debug); }; filter f_user { facility(user) and not filter(f_debug); }; filter f_uucp { facility(uucp) and not filter(f_debug); };<o:p></o:p></p><p> <o:p></o:p></p><p>filter f_cnews { level(notice, err, crit) and facility(news); }; filter f_cother { level(debug, info, notice, warn) or facility(daemon, mail); };<o:p></o:p></p><p> <o:p></o:p></p><p>filter f_ppp { facility(local2) and not filter(f_debug); }; filter f_console { level(warn .. emerg); };<o:p></o:p></p><p> <o:p></o:p></p><p>########################<o:p></o:p></p><p># Log paths<o:p></o:p></p><p>########################<o:p></o:p></p><p>log { source(s_src); filter(f_auth); destination(d_auth); }; log { source(s_src); filter(f_cron); destination(d_cron); }; log { source(s_src); filter(f_daemon); destination(d_daemon); }; log { source(s_src); filter(f_kern); destination(d_kern); }; log { source(s_src); filter(f_lpr); destination(d_lpr); }; log { source(s_src); filter(f_syslog3); destination(d_syslog); }; log { source(s_src); filter(f_user); destination(d_user); }; log { source(s_src); filter(f_uucp); destination(d_uucp); };<o:p></o:p></p><p> <o:p></o:p></p><p>log { source(s_src); filter(f_mail); destination(d_mail); }; #log { source(s_src); filter(f_mail); filter(f_info); destination(d_mailinfo); }; #log { source(s_src); filter(f_mail); filter(f_warn); destination(d_mailwarn); }; #log { source(s_src); filter(f_mail); filter(f_err); destination(d_mailerr); };<o:p></o:p></p><p> <o:p></o:p></p><p>log { source(s_src); filter(f_news); filter(f_crit); destination(d_newscrit); }; log { source(s_src); filter(f_news); filter(f_err); destination(d_newserr); }; log { source(s_src); filter(f_news); filter(f_notice); destination(d_newsnotice); }; #log { source(s_src); filter(f_cnews); destination(d_console_all); }; #log { source(s_src); filter(f_cother); destination(d_console_all); };<o:p></o:p></p><p> <o:p></o:p></p><p>#log { source(s_src); filter(f_ppp); destination(d_ppp); };<o:p></o:p></p><p> <o:p></o:p></p><p>log { source(s_src); filter(f_debug); destination(d_debug); }; log { source(s_src); filter(f_error); destination(d_error); }; log { source(s_src); filter(f_messages); destination(d_messages); };<o:p></o:p></p><p> <o:p></o:p></p><p>log { source(s_src); filter(f_console); destination(d_console_all);<o:p></o:p></p><p> destination(d_xconsole); };<o:p></o:p></p><p>log { source(s_src); filter(f_crit); destination(d_console); };<o:p></o:p></p><p> <o:p></o:p></p><p># All messages send to a remote site<o:p></o:p></p><p>#<o:p></o:p></p><p>#log { source(s_src); destination(d_net); };<o:p></o:p></p><p> <o:p></o:p></p><p>###<o:p></o:p></p><p># Include all config files in /etc/syslog-ng/conf.d/ ### @include "/etc/syslog-ng/conf.d/*.conf"<o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'> </span></b><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'> </span></b><o:p></o:p></p></div></div><p class=MsoNormal style='mso-margin-top-alt:auto;margin-bottom:12.0pt'><br>______________________________________________________________________________<br>Member info: <a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" target="_blank">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a><br>Documentation: <a href="http://www.balabit.com/support/documentation/?product=syslog-ng" target="_blank">http://www.balabit.com/support/documentation/?product=syslog-ng</a><br>FAQ: <a href="http://www.balabit.com/wiki/syslog-ng-faq" target="_blank">http://www.balabit.com/wiki/syslog-ng-faq</a><o:p></o:p></p></blockquote></div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p></div></div></div></div></div><p class=MsoNormal style='margin-bottom:12.0pt'><br>______________________________________________________________________________<br>Member info: <a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" target="_blank">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a><br>Documentation: <a href="http://www.balabit.com/support/documentation/?product=syslog-ng" target="_blank">http://www.balabit.com/support/documentation/?product=syslog-ng</a><br>FAQ: <a href="http://www.balabit.com/wiki/syslog-ng-faq" target="_blank">http://www.balabit.com/wiki/syslog-ng-faq</a><br><br><o:p></o:p></p></blockquote></div><p class=MsoNormal><o:p> </o:p></p></div></div></div></body></html>