<div dir="ltr">Please suggest on this.</div><div class="gmail_extra"><br clear="all"><div><div class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div><div><b><font color="#0000ff"><i>Thanks & Regards </i></font>:-<br></b></div><b>VINOD SINGH SAUD<br></b></div><div><b>(M):- 09718663552<br></b></div><div><b><font color="#00ff00">(W):-09997645597</font><br></b></div><div><b>(E) :- <a href="mailto:vinod.samant.123@gmail.com" target="_blank">vinod.samant.123@gmail.com</a><br></b></div></div></div></div></div></div>
<br><div class="gmail_quote">On Fri, May 11, 2018 at 6:33 PM, vinod samant <span dir="ltr"><<a href="mailto:vinod.samant.123@gmail.com" target="_blank">vinod.samant.123@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Hi ,<div>When i am going to comment those lines on server side ,syslog-ng is working fine ,But all logs are coming in one file <b>/var/log/from_net .</b></div><div><br></div><div><b>commented lines:-</b></div><div><b><br></b></div><div><span class=""><div style="font-weight:400;color:rgb(34,34,34);font-family:arial,sans-serif;font-size:12.8px;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial">source s_net {</div><div style="font-weight:400;color:rgb(34,34,34);font-family:arial,sans-serif;font-size:12.8px;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial"> network(flags(no-parse));</div><div style="font-weight:400;color:rgb(34,34,34);font-family:arial,sans-serif;font-size:12.8px;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial">};</div><div style="font-weight:400;color:rgb(34,34,34);font-family:arial,sans-serif;font-size:12.8px;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial"><br></div><div style="font-weight:400;color:rgb(34,34,34);font-family:arial,sans-serif;font-size:12.8px;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial">parser p_apache {</div><div style="font-weight:400;color:rgb(34,34,34);font-family:arial,sans-serif;font-size:12.8px;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial"> csv-parser(</div><div style="font-weight:400;color:rgb(34,34,34);font-family:arial,sans-serif;font-size:12.8px;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial"> columns("apache.FILE_NAME", "apache.MESSAGE")</div><div style="font-weight:400;color:rgb(34,34,34);font-family:arial,sans-serif;font-size:12.8px;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial"> flags(greedy)</div><div style="font-weight:400;color:rgb(34,34,34);font-family:arial,sans-serif;font-size:12.8px;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial"> );</div><div style="font-weight:400;color:rgb(34,34,34);font-family:arial,sans-serif;font-size:12.8px;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial">};</div><div style="font-weight:400;color:rgb(34,34,34);font-family:arial,sans-serif;font-size:12.8px;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial">destination d_apache {</div><div style="font-weight:400;color:rgb(34,34,34);font-family:arial,sans-serif;font-size:12.8px;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial"> file("/usr/local/apache/logs/$<wbr>{apache.FILE_NAME}"</div><div style="font-weight:400;color:rgb(34,34,34);font-family:arial,sans-serif;font-size:12.8px;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial"> template("${apache.MESSAGE}\n<wbr>"));</div><div style="font-weight:400;color:rgb(34,34,34);font-family:arial,sans-serif;font-size:12.8px;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial">};</div><div style="font-weight:400;color:rgb(34,34,34);font-family:arial,sans-serif;font-size:12.8px;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial"><br></div><div style="font-weight:400;color:rgb(34,34,34);font-family:arial,sans-serif;font-size:12.8px;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial">log{</div><div style="font-weight:400;color:rgb(34,34,34);font-family:arial,sans-serif;font-size:12.8px;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial"> source (s_net);</div><div style="font-weight:400;color:rgb(34,34,34);font-family:arial,sans-serif;font-size:12.8px;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial"> parser (p_apache);</div><div style="font-weight:400;color:rgb(34,34,34);font-family:arial,sans-serif;font-size:12.8px;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial"> destination(d_apache);</div><div style="font-weight:400;color:rgb(34,34,34);font-family:arial,sans-serif;font-size:12.8px;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial">};</div><div style="font-weight:bold"><b><br></b></div></span><div><b>Is it necessary to define port in server side configuration file also?</b></div><div><b><br></b></div><div><b>Can you share wildcard configuration for both server side and cilent side?</b></div><div><b><br></b></div><div><b><br></b></div><div><b><br></b></div><div><b> </b></div><br class="m_4807315778456829336gmail-Apple-interchange-newline"><br></div><div><b><br></b></div><div><b><br></b></div><div><br></div><div><br></div><div><br></div></div><div class="gmail_extra"><span class=""><br clear="all"><div><div class="m_4807315778456829336gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div><div><b><font color="#0000ff"><i>Thanks & Regards </i></font>:-<br></b></div><b>VINOD SINGH SAUD<br></b></div><div><b>(M):- 09718663552<br></b></div><div><b><font color="#00ff00">(W):-09997645597</font><br></b></div><div><b>(E) :- <a href="mailto:vinod.samant.123@gmail.com" target="_blank">vinod.samant.123@gmail.com</a><br></b></div></div></div></div></div></div>
<br></span><div><div class="h5"><div class="gmail_quote">On Fri, May 11, 2018 at 6:02 PM, Nagy, Gábor <span dir="ltr"><<a href="mailto:gabor.nagy@balabit.com" target="_blank">gabor.nagy@balabit.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Hi!<div><br></div><div>It seems that some other process is using the default syslog port</div><span><div>> Starting syslog-ng: [2018-05-11T16:41:55.756615] Error binding socket; addr='AF_INET(0.0.0.0:514)', error='Address already in use (98)'</div><div><br></div></span><div>I would suggest to check the port with netstat.</div><div><br></div><div>Regards,</div><div>Gabor</div></div><div class="gmail_extra"><br><div class="gmail_quote"><div><div class="m_4807315778456829336h5">On Fri, May 11, 2018 at 1:23 PM, vinod samant <span dir="ltr"><<a href="mailto:vinod.samant.123@gmail.com" target="_blank">vinod.samant.123@gmail.com</a>></span> wrote:<br></div></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div><div class="m_4807315778456829336h5"><div dir="ltr">Hi <div>I am getting below error while restarting server .</div><div><br></div><div><div>[root@localhost logs]# /etc/init.d/syslog-ng restart</div><div>Stopping syslog-ng: [FAILED]</div><div>syslog-ng is stopped</div><div>Starting syslog-ng: [2018-05-11T16:41:55.756615] Error binding socket; addr='AF_INET(0.0.0.0:514)', error='Address already in use (98)'</div><div>[2018-05-11T16:41:55.756684] Error initializing message pipeline; plugin name='network', location='/etc/syslog-ng/syslo<wbr>g-ng.conf:24:3'</div><div> [FAILED]</div></div><div><br></div><div><br></div><div>My requirement :-</div><div><br></div><div>OS:- centos 6.5</div><div><br></div><div>1. I want to use wildcard to send all apache custom logs from client to server .</div><div><br></div><div>Configuration of both client and server :-</div><div><br></div><div> >>>>>>>>>>>>>>>>>>>>>>>>>>>>><wbr>>>>>>>>>>>>>client conf<<<<<<<<<<<<<<<<<<<<<<<<<<<wbr><<<<<</div><div><div><div>@version:3.13</div><div>@include "scl.conf"</div><div>@define allow-config-dups 1</div></div><div><br></div><div>source s_local {</div><div> system();</div><div> internal();</div><div><br></div><div>};</div><div>destination d_network {udp("192.168.122.67" port(514));</div><div><br></div><div>};</div><div><br></div><div>destination d_local {</div><div> file("/var/log/messages");</div><div>};</div><div><br></div><div>log{</div><div> source(s_local);</div><div> destination(d_network);</div><div> destination(d_local);</div><div><br></div><div>};</div><div><br></div><div>####################</div><div>source s_local{</div><div> wildcard-file(</div><div> base-dir("/usr/local/apache/lo<wbr>gs")</div><div> filename-pattern("*.log")</div><div> recursive(no)</div><div> follow-freq(1));</div><div>};</div><div><br></div><div>destination d_network {tcp("192.168.122.67" port(514));</div><div><br></div><div>};</div><div><br></div><div>log{</div><div> source(s_local);</div><div> destination(d_network);</div><div><br></div><div>};</div><div> </div><div><br></div><div>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>><wbr>>>>>>>>>>>>>>server conf<<<<<<<<<<<<<<<<<<<<<<<<<<<wbr><<<<<<<<<<<<<<<</div><div><br></div><div><div>@version:3.13</div><div>@include "scl.conf"</div></div><div><br></div><div>source s_local{system(); internal();};</div><div>source s_network{</div><div><br></div><div> udp();</div><div> tcp();</div><div><br></div><div>};</div><div><br></div><div>destination d_local{file("/var/log/message<wbr>s");};</div><div>destination d_from_net{file("/var/log/from<wbr>_net");};</div><div>log{</div><div> source(s_local);</div><div> destination(d_local);</div><div>};</div><div>log { source(s_network); destination(d_from_net); };</div><div><br></div><div><br></div><div>source s_net {</div><div> network(flags(no-parse));</div><div>};</div><div><br></div><div>parser p_apache {</div><div> csv-parser(</div><div> columns("apache.FILE_NAME", "apache.MESSAGE")</div><div> flags(greedy)</div><div> );</div><div>};</div><div>destination d_apache {</div><div> file("/usr/local/apache/logs/$<wbr>{apache.FILE_NAME}"</div><div> template("${apache.MESSAGE}\n<wbr>"));</div><div>};</div><div><br></div><div>log{</div><div> source (s_net);</div><div> parser (p_apache);</div><div> destination(d_apache);</div><div>};</div><div><br></div><div><br></div><div>What should be changed on configuration file on both side ?</div><div> </div><div><br></div><div><br></div><div> </div></div><div><br clear="all"><div><div class="m_4807315778456829336m_-6890532025121053776m_8869069709131140925gmail_signature"><div dir="ltr"><div><div dir="ltr"><div><div><b><font color="#0000ff"><i>Thanks & Regards </i></font>:-<br></b></div><b>VINOD SINGH SAUD<br></b></div><div><b>(M):- 09718663552<br></b></div><div><b><font color="#00ff00">(W):-09997645597</font><br></b></div><div><b>(E) :- <a href="mailto:vinod.samant.123@gmail.com" target="_blank">vinod.samant.123@gmail.com</a><br></b></div></div></div></div></div></div>
</div></div>
<br></div></div>______________________________<wbr>______________________________<wbr>__________________<br>
Member info: <a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" rel="noreferrer" target="_blank">https://lists.balabit.hu/mailm<wbr>an/listinfo/syslog-ng</a><br>
Documentation: <a href="http://www.balabit.com/support/documentation/?product=syslog-ng" rel="noreferrer" target="_blank">http://www.balabit.com/support<wbr>/documentation/?product=syslog<wbr>-ng</a><br>
FAQ: <a href="http://www.balabit.com/wiki/syslog-ng-faq" rel="noreferrer" target="_blank">http://www.balabit.com/wiki/sy<wbr>slog-ng-faq</a><br>
<br>
<br></blockquote></div><br></div>
<br>______________________________<wbr>______________________________<wbr>__________________<br>
Member info: <a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" rel="noreferrer" target="_blank">https://lists.balabit.hu/mailm<wbr>an/listinfo/syslog-ng</a><br>
Documentation: <a href="http://www.balabit.com/support/documentation/?product=syslog-ng" rel="noreferrer" target="_blank">http://www.balabit.com/support<wbr>/documentation/?product=<wbr>syslog-ng</a><br>
FAQ: <a href="http://www.balabit.com/wiki/syslog-ng-faq" rel="noreferrer" target="_blank">http://www.balabit.com/wiki/sy<wbr>slog-ng-faq</a><br>
<br>
<br></blockquote></div><br></div></div></div>
</blockquote></div><br></div>