I use a local source like this: source local { sun-streams("/dev/log"); udp(ip(0.0.0.0) port(514)); internal(); }; Seems that at some point I started leaving off the "door" part. My version control logs don't specify why, bummer. Give it a shot like that. I don't know if I ever got my solaris boxes onto syslog-ng version 3.x though. Give this a quick shot and see if it makes things any better with your version. On Wed, Jul 21, 2010 at 10:28 AM, Chuck <chuck.carson@gmail.com> wrote:
Thanks for pointing that out.. I did find the correct door file: Drw-r--r-- 1 root root 0 Jul 21 09:36 /var/run/syslog_door
I fixed the config and bounced syslog-ng but still not getting any log messages.. Looking at the stats I do see where there are logs coming from the internal() source: 'source(s_internal)=6', processed='center(queued)=0', processed='destination(l_internal)=6' Jul 21 09:34:56 asglogpup01 syslog-ng[8865]: Log statistics; processed='center(received)=0', processed='destination(l_messages)=0', processed='source(s_streams)=26', processed='src.internal(s_internal#0)=8', stamp='src.internal(s_internal#0)=1279729796', processed='source(s_internal)=8', processed='center(queued)=0', processed='destination(l_internal)=8'
Anyone have any ideas?
Thx, CC
On Wed, Jul 21, 2010 at 9:29 AM, Patrick H. <syslogng@feystorm.net> wrote:
I had to set up some solaris boxes several months ago with syslog and had trouble getting the exact config as well. Unfortunately those boxes are now gone so I cant pull the configuration off them, but I do know that /etc/.syslog_door was not the door file. I believe it was /var/run/syslog_door
Sent: Wednesday, July 21, 2010 10:11:41 AM From: Chuck <chuck.carson@gmail.com> To: Syslog-ng users' and developers' mailing list <syslog-ng@lists.balabit.hu> Subject: [syslog-ng] Messages Not Getting Logged
Hello,
I am using the sunfreeware build of syslog-ng 3.04 on a Solaris 10 Update 8 system: syslog-ng 3.0.4 Revision: ssh+git://bazsi@git.balabit//var/scm/git/syslog-ng/syslog-ng-ose--mainline--3.0#master#1b5d618e301ad94aa20e692ffba16469dece8d10 Compile-Date: Sep 2 2009 05:14:23 Enable-Threads: off Enable-Debug: off Enable-GProf: off Enable-Memtrace: off Enable-Sun-STREAMS: on Enable-Sun-Door: on Enable-IPv6: on Enable-Spoof-Source: on Enable-TCP-Wrapper: off Enable-SSL: on Enable-SQL: off Enable-Linux-Caps: off Enable-Pcre: on
My internal() source is working but the sun-streams source is not.
Here are my options: options { use_fqdn(no); flush_lines(0); dir_perm(0755); dir_group(sysadmin); dir_owner(root); perm(0644); stats_freq(300); use_dns(no); create_dirs(yes); time_reopen(10); };
Here are my sources:
source s_internal { internal(); }; source s_udp { udp(); }; source s_tcp { tcp(); }; source s_streams { sun-streams ("/dev/log" door("/etc/.syslog_door")); };
Here are my filters so far: # Level Filters filter f_emerg { level (emerg); }; filter f_alert { level (alert .. emerg); }; filter f_crit { level (crit .. emerg); }; filter f_err { level (err .. emerg); }; filter f_warning { level (warning .. emerg); }; filter f_notice { level (notice .. emerg); }; filter f_info { level (info .. emerg); }; filter f_debug { level (debug .. emerg); };
# Facility Filters filter f_kern { facility (kern); }; filter f_user { facility (user); }; filter f_mail { facility (mail); }; filter f_daemon { facility (daemon); }; filter f_auth { facility (auth); }; filter f_syslog { facility (syslog); }; filter f_lpr { facility (lpr); }; filter f_news { facility (news); }; filter f_uucp { facility (uucp); }; filter f_cron { facility (cron); }; filter f_local0 { facility (local0); }; filter f_local1 { facility (local1); }; filter f_local2 { facility (local2); }; filter f_local3 { facility (local3); }; filter f_local4 { facility (local4); }; filter f_local5 { facility (local5); }; filter f_local6 { facility (local6); }; filter f_local7 { facility (local7); };
Here are my destinations so far: # Destinations: local files, the console, and the client files destination l_internal { file ("/var/adm/syslog-ng"); }; destination l_authlog { file ("/var/log/authlog"); }; destination l_messages { file ("/var/log/messages"); }; destination l_maillog { file ("/var/log/maillog"); }; destination l_ipflog { file ("/var/log/ipflog"); }; destination l_imaplog { file ("/var/log/imaplog"); }; destination l_syslog { file ("/var/log/syslog"); };
destination l_console { file ("/dev/console"); };
Here are my log statements:
log { source (s_internal); destination (l_internal); }; # <==== this one is working log { source (s_streams); filter (f_kern); filter (f_debug); destination (l_messages); }; #<====== this on is not working
I have tried the following logger tests and am not getting anything logged: logger -p kern.debug "some message" logger -p kern.crit "some message" logger -p kern.info "some message"
I have restarted syslog-ng and ensured that it is using my most recent syslog-ng.conf file.
Thanks for any help, CC
________________________________
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.campin.net/syslog-ng/faq.html
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.campin.net/syslog-ng/faq.html
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.campin.net/syslog-ng/faq.html