<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="Generator" content="Microsoft Word 14 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p.MsoAcetate, li.MsoAcetate, div.MsoAcetate
{mso-style-priority:99;
mso-style-link:"Balloon Text Char";
margin:0in;
margin-bottom:.0001pt;
font-size:8.0pt;
font-family:"Tahoma","sans-serif";}
span.im
{mso-style-name:im;}
span.BalloonTextChar
{mso-style-name:"Balloon Text Char";
mso-style-priority:99;
mso-style-link:"Balloon Text";
font-family:"Tahoma","sans-serif";}
span.EmailStyle20
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri","sans-serif";}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="blue" vlink="purple">
<div class="WordSection1">
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Thanks,<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">I’ll see what I can do about upgrading the version, as I didn’t realize it was that far behind. Will follow up with the findings.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><br>
Best Regards,<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">David<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">From:</span></b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif""> syslog-ng-bounces@lists.balabit.hu [mailto:syslog-ng-bounces@lists.balabit.hu]
<b>On Behalf Of </b>Scheidler, Balázs<br>
<b>Sent:</b> Wednesday, June 29, 2016 11:01 AM<br>
<b>To:</b> Syslog-ng users' and developers' mailing list<br>
<b>Subject:</b> Re: [syslog-ng] Syslog-ng Multiple Instances<o:p></o:p></span></p>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<div>
<p class="MsoNormal" style="margin-bottom:12.0pt">Hi,<o:p></o:p></p>
</div>
<p class="MsoNormal">syslog-ng-ctl requires the same control file that you supplied to the 2nd syslog-ng instance, so this should work:<o:p></o:p></p>
<div>
<div>
<p class="MsoNormal" style="margin-bottom:12.0pt"><br>
$ syslog-ng-ctl --control=/usr/local/bin/syslog-ng-Second-Instance/syslog-ng.ctl<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal" style="margin-bottom:12.0pt">If it started up, it should work though. Can you start syslog-ng in the foreground (-F) and request debug logs using -de, so it should look like this:<br>
<br>
$ syslog-ng -Fed --cfgfile=/usr/local/bin/syslog-ng-Second-Instance/syslog-ng.conf --persist-file=/usr/local/bin/syslog-ng-Second-Instance/syslog-ng.persist --pidfile=/usr/local/bin/syslog-ng-Second-Instance/syslog-ng.pid --control=/usr/local/bin/syslog-ng-Second-Instance/syslog-ng.ctl<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">This should display a couple of debugging messages during startup and also whenever a message is received. You might find a clue there.<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">Also, this may or may not have a relation to the problem you are seeing, but 3.3.4 is pretty old, probably more than 5 years old. Our current version is 3.7.3.<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
</div>
</div>
<div>
<p class="MsoNormal"><br clear="all">
<o:p></o:p></p>
<div>
<div>
<div>
<p class="MsoNormal">-- <br>
Bazsi<o:p></o:p></p>
</div>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<p class="MsoNormal">On Wed, Jun 29, 2016 at 3:33 PM, David Campeau <<a href="mailto:David.Campeau@tn.gov" target="_blank">David.Campeau@tn.gov</a>> wrote:<o:p></o:p></p>
<p class="MsoNormal">I'm not sure of the syntax needed to connect to the socket or how to prepare the system.<br>
<br>
Below is just a blind attempt to connect to a socket. The 2nd instance of syslog-ng is running and listening on port 518.<br>
<br>
I created a directory under /run called "syslog-ng-Second-Instance" and tried to connect... However Connection is refused.<br>
<br>
Command Used:<br>
root@syslog-ng:# syslog-ng-ctl verbose --set=on --control=/run/syslog-ng-Second-Instance<br>
Error connecting control socket, socket='/run/syslog-ng-Second-Instance', error='Connection refused'<br>
<br>
<br>
Any thoughts on the correct syntax and preparation needed?<br>
<br>
<br>
<span class="im">Best Regards,</span><br>
<br>
<br>
<br>
<br>
<br>
<span class="im">-----Original Message-----</span><br>
<span class="im">From: <a href="mailto:jrhendri@roadrunner.com">jrhendri@roadrunner.com</a> [mailto:<a href="mailto:jrhendri@roadrunner.com">jrhendri@roadrunner.com</a>]</span><o:p></o:p></p>
<div>
<div>
<p class="MsoNormal" style="margin-bottom:12.0pt">Sent: Tuesday, June 28, 2016 3:00 PM<br>
To: Syslog-ng users' and developers' mailing list; David Campeau<br>
Subject: RE: [syslog-ng] Syslog-ng Multiple Instances<br>
<br>
Maybe this?<br>
<br>
If you need to use a non-standard control socket to access syslog-ng,<br>
use the syslog-ng-ctl <command> --set=on --control=<socket> command to<br>
specify the socket to use.<br>
<br>
<br>
<br>
---- David Campeau <<a href="mailto:David.Campeau@tn.gov">David.Campeau@tn.gov</a>> wrote:<br>
> Jim,<br>
><br>
> No errors as the instance starts normally and listens on port 518. However, no logs are received or forwarded.<br>
><br>
> root@syslog-ng1:/usr/local/bin/syslog-ng-Second-Instance# netstat -an |grep 518<br>
> udp 0 0 <a href="http://0.0.0.0:518" target="_blank">0.0.0.0:518</a> 0.0.0.0:*<br>
><br>
> The test device is on the same subnet as syslog-ng listening on port 518, so there aren't any firewall issues. I've verified the test device is configured for port 518.<br>
><br>
> However, when I check ctl stats, it's seeing the stats of the production syslog-ng instance. So, it appears this is improperly configured, but it's unknown what needs to be changed.<br>
><br>
> Best Regards,<br>
><br>
><br>
> -----Original Message-----<br>
> From: <a href="mailto:jrhendri@roadrunner.com">jrhendri@roadrunner.com</a> [mailto:<a href="mailto:jrhendri@roadrunner.com">jrhendri@roadrunner.com</a>]<br>
> Sent: Tuesday, June 28, 2016 12:53 PM<br>
> To: Syslog-ng users' and developers' mailing list<br>
> Cc: David Campeau<br>
> Subject: Re: [syslog-ng] Syslog-ng Multiple Instances<br>
><br>
> The only thing that would limit the number of instances that I am aware of are conflicts for opening things like network ports, connections to databases, maybe FIFOs, etc.<br>
><br>
> I would look at that as a place to start.<br>
><br>
> What kind of errors are you getting when you try to start the second instance?<br>
><br>
> Jim<br>
><br>
> ---- David Campeau <<a href="mailto:David.Campeau@tn.gov">David.Campeau@tn.gov</a>> wrote:<br>
> > Hello,<br>
> ><br>
> > I've been using syslog-ng to filter syslog before forwarding on to a log collector. However, I need to spin up a second instance for testing purposes. I've found a little bit of information on-line, but it hasn't completed the entire picture.<br>
> ><br>
> > This is the command used to start up the 2nd instance. I'm pointing to separate .conf .persist .pid and .ctl files -- However, it's still not working. I suspect the issue is due to OS log sources. How do a change log sources?<br>
> ><br>
> > syslog-ng --cfgfile=/usr/local/bin/syslog-ng-Second-Instance/syslog-ng.conf --persist-file=/usr/local/bin/syslog-ng-Second-Instance/syslog-ng.persist --pidfile=/usr/local/bin/syslog-ng-Second-Instance/syslog-ng.pid --control=/usr/local/bin/syslog-ng-Second-Instance/syslog-ng.ctl
&<br>
> ><br>
> > This is the upper part of the syslog-ng.conf file for the 2nd instance I wish to run.<br>
> ><br>
> > @version: 3.3.4<br>
> > @include "scl.conf"<br>
> > options {<br>
> > time-reap(30);<br>
> > mark-freq(10);<br>
> > keep-hostname(yes);<br>
> > chain-hostnames(no);<br>
> > use-dns(no);<br>
> > ## log-fifo-size(500000); ## Tuning Options<br>
> > ## flush_lines(10000); ## Tuning Options<br>
> > ## flush_timeout(10000); ## Tuning Options<br>
> > };<br>
> ><br>
> > source s_second_instance {<br>
> > syslog(transport("udp") port("518")); #### Will receive test syslog on port 518<br>
> > };<br>
> ><br>
> > destination d_syslog_udp {<br>
> > syslog("10.X.X.X"<br>
> > transport("udp")<br>
> > port("514")<br>
> > throttle(4000)<br>
> > );<br>
> > };<br>
> ><br>
> ><br>
> ><br>
> > I'm hoping someone has experience or has seen information on how to run a 2nd instance on the same box.<br>
> ><br>
> > Best Regards,<br>
> ><br>
> > David<br>
><br>
<br>
______________________________________________________________________________<br>
Member info: <a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" target="_blank">
https://lists.balabit.hu/mailman/listinfo/syslog-ng</a><br>
Documentation: <a href="http://www.balabit.com/support/documentation/?product=syslog-ng" target="_blank">
http://www.balabit.com/support/documentation/?product=syslog-ng</a><br>
FAQ: <a href="http://www.balabit.com/wiki/syslog-ng-faq" target="_blank">http://www.balabit.com/wiki/syslog-ng-faq</a><o:p></o:p></p>
</div>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
</div>
</body>
</html>