Hi,
You're right i got the syslog filter, but not destination. i changed that to
_syslog, and as i started syslog-ng again, i got syntax-errors on different
lines. i fixed the lines one after the other (see comments in config file in
original mail). the last error that i could not get past was on line 35,
which is the first filter-line in my config-file.
double quote is missing from filter:
so since syslog-ng exited with syntax-error, and it reports it being line 35,
i felt sure it had to do with that line, though ofc i can be wrong as i'm an
amateur. i am ofc aware there are/might be errors further down in the
config-file.
i'd very much like to be certain though, before i re-install version 3.0.4
again.
could you please confirm for me that you're aware of this before i try out
your suggested solution?
There is my solution, it worked for me:
cheers
andip
----- Original Message -----
From: Pallagi Zoltán <pzolee@balabit.hu>
To: Syslog-ng users' and developers' mailing list
<syslog-ng@lists.balabit.hu>, andip@syndig.com
Sent: Tue, 15 Dec 2009 10:43:10 +0100
Subject: Re: [syslog-ng] syntax error in config-file
Hi,
In syslog-ng 3.0, "syslog" became a reserved word and you have a
destination and a filter called "syslog" in your config.
Please rename them and it will work
andip írta:
Hi folks,
I just tried updating syslog-ng to version 3.0.4, from 2.1.4. i use the
gentoo linux-distro, and the new version came into "stable" gentoo a few
days
ago.
I'm no syslog-ng expert, but i use it to log quite a few things, so my
config-file it not default.
I've read a bit in the admin-guide, but did not find any reason to my
problem.
i've tried converting my 2.1.4 config-file to the new 3.0.4 version, with
no
success. this is parts of my old config-file. ### are comments made to
reflect changes i made for v2 -> v3 conversion
----------------------------------------------------------------------------
options {
chain_hostnames(off); ### changed this to "no"
sync(0); ### changed this to "flush_lines"
time_sleep(20);
log_fifo_size (2048);
create_dirs (yes);
perm (0640);
dir_perm (0750);
stats(43200); ### changed this to "stats_freq"
owner (syslogger);
group (syslogger);
perm (0664);
};
source sys {
unix-stream("/dev/log" max-connections(256));
internal();
file("/proc/kmsg");
};
source net { udp(); };
destination clients { file ("/var/log/fwlogs/netclients/$HOST"); };
destination console_all { file ("/dev/tty12"); };
destination authlog { file ("/var/log/authlog"); };
destination messages { file ("/var/log/messages"); };
destination maillog { file ("/var/log/maillog"); };
destination ipflog { file ("/var/log/ipflog"); };
destination imaplog { file ("/var/log/imaplog"); };
destination console { file ("/dev/console"); };
destination syslog { file ("/var/log/syslog"); }; ### changed
to _syslog
destination komm { file ("/var/log/fwlogs/kommunikasjon-context.log");
};
destination asa { file ("/var/log/fwlogs/asa.log"); };
destination edb { file ("/var/log/fwlogs/edb-pix.log"); };
destination gje { file ("/var/log/fwlogs/gjerdrum.log"); };
destination nes { file ("/var/log/fwlogs/nes.log"); };
destination ull { file ("/var/log/fwlogs/ullensaker.log"); };
destination hur { file ("/var/log/fwlogs/hurdal.log"); };
destination eid { file ("/var/log/fwlogs/eidsvoll.log"); };
destination nan { file ("/var/log/fwlogs/nannestad.log"); };
destination datas { file ("/var/log/fwlogs/datasenter-context.log"); };
destination mgmt { file ("/var/log/fwlogs/management-context.log"); };
destination wifi { file ("/var/log/fwlogs/wifi-context.log"); };
destination aplog { file ("/var/log/aplog/aplog.txt"); };
filter aplog { host (10.20.); }; ### this line caused
the
syntax error (line 35)
filter gje { host (10.8.30.28); };
filter nes { host (10.8.30.20); };
filter ull { host (10.8.30.36); };
filter hur { host (10.8.30.12); };
filter eid { host (10.8.30.44); };
filter nan { host (10.8.30.52); };
filter datas { host (10.8.0.1); };
filter mgmt { host (10.8.30.60); };
filter wifi { host (10.8.30.92); };
filter asa { host (ASA-R111); };
filter komm { host (10.8.30.76); };
filter edb { host (edb-pix); };
filter emerg { level (emerg); };
filter alert { level (alert .. emerg); };
filter crit { level (crit .. emerg); };
filter err { level (err .. emerg); };
filter warning { level (warning .. emerg); };
filter notice { level (notice .. emerg); };
filter info { level (info .. emerg); };
filter debug { level (debug .. emerg); };
filter kern { facility (kern); };
filter user { facility (user); };
filter mail { facility (mail); };
filter daemon { facility (daemon); };
filter auth { facility (auth); };
filter syslog { facility (syslog); };
filter lpr { facility (lpr); };
filter news { facility (news); };
filter uucp { facility (uucp); };
filter cron { facility (cron); };
#filter local0 { facility (local0); };
#filter local1 { facility (local1); };
#filter local2 { facility (local2); };
#filter local3 { facility (local3); };
#filter local4 { facility (local4); };
#filter local5 { facility (local5); };
#filter local6 { facility (local6); };
#filter local7 { facility (local7); };
filter user_none { not facility (user); };
filter kern_debug { filter (kern) and filter (debug); };
filter daemon_notice { filter (daemon) and filter (notice); };
filter mail_crit { filter (mail) and filter (crit); };
filter mesg { filter (kern_debug) or
filter (daemon_notice) or
filter (mail_crit); };
filter authinfo { filter (auth) or program (sudo); };
log { source (sys); destination(messages); };
log { source (sys); destination(console_all); };
log { source (sys); filter (authinfo); destination (authlog); };
log { source (sys); filter (mail); destination (maillog); };
#log { source (sys); filter (local0); destination (ipflog); };
#log { source (sys); filter (local1); destination (imaplog); };
log { source (sys); filter (syslog); destination (syslog); };
log { source (sys); filter (emerg); filter (user_none);
destination (console); };
log { source (sys); filter (mesg); filter (user_none);
destination (messages); };
log { source (net); destination (clients); };
log { source (net); filter (komm); destination (komm); };
log { source (net); filter (asa); destination (asa); };
log { source (net); filter (mgmt); destination (mgmt); };
log { source (net); filter (wifi); destination (wifi); };
log { source (net); filter (datas); destination (datas); };
log { source (net); filter (wifi); destination (wifi); };
log { source (net); filter (gje); destination (gje); };
log { source (net); filter (nan); destination (nan); };
log { source (net); filter (ull); destination (ull); };
log { source (net); filter (hur); destination (hur); };
log { source (net); filter (eid); destination (eid); };
log { source (net); filter (nes); destination (nes); };
log { source (net); filter (edb); destination (edb); };
log { source (net); filter (aplog); destination (aplog); };
#log { source (net); filter (komm); destination (komm); };
----------------------------------------------------------------------
This is the error i got :
syntax error in /etc/syslog-ng/syslog-ng.conf at line 35.
syslog-ng documentation:
http://www.balabit.com/support/documentation/?product=syslog-ng
mailing list: https://lists.balabit.hu/mailman/listinfo/syslog-ng
* Configuration error. Please fix your configfile
(/etc/syslog-ng/syslog-ng.conf)
It is not a very big deal at the moment, as i've reverted back to version
2.1.4, but i'd like to keep my system current, and somewhat up to date.
this
server's main function is as a syslogger for a few firewalls though, so i
cannot leave it unable to log for long.
hope someone can help.
cheers
andip
_____________________________________________________________________________
_
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
Documentation:
http://www.balabit.com/support/documentation/?product=syslog-ng
FAQ: http://www.campin.net/syslog-ng/faq.html