I'v start manualy the syslog-ng service and i received this error; Nov 5 16:55:03 ServerNAae syslog-ng[4948]: Reaping unused destination files; template='/var/log/ServerName/$YEAR/$MONTH/$DAY/$HOST.log' Some one know what is going wrong? This message is repeating numerous time.. I look for the permission of the user that run de syslog-ng service, it have rigth to write on partition. Thanks for your support Francis Provencher Ministère de la Sécurité publique du Québec Direction des technologies de l'information Division de la sécurité informatique Tél: 1 418 646-3258 Courriel: Francis.provencher@Msp.gouv.qc.ca CEH - Certified Ethical Hackers SSCP - System Security Certified Practitionner Sec+ - Security +
"Geller, Sandor (IT)" <Sandor.Geller@morganstanley.com> 4/11/2007 10:45 >>>
Hi,
I'v put the localhost on source, but it's an error, i change it for the Ip adress of the nic that i connect to the tap.
But syslog call from remote server continu to goes in the /var/log/message instead of /var/log/SPSSOWL1/$YEAR/$MONTH/$DAY/$HOST.log"
Like it's configure in the syslog-ng.conf.
Do you want i paste here my syslog-ng.conf ? (i only change source net { udp(ip(127.0.0.1) port(514)); }; for source net { udp(ip(192.168.33.8) port(514)); };
Without looking up the source my first guess would be that the problem is caused by having udp() in your configuration twice. The 'src' and the 'net' sources both have udp(). It is possible that the second bind was unsuccessful as syslog-ng already has bound to 0.0.0.0:514 UDP port. Check your logs whether this is the case, it should be logged. Optionally remove udp() from the 'src' source if you're not logging from jails running on the local machine. Regards, Sandor -------------------------------------------------------- NOTICE: If received in error, please destroy and notify sender. Sender does not intend to waive confidentiality or privilege. Use of this email is prohibited when received in error. _______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html