Hi, after removing your filter in the syslog-ng.conf: log { source(src); filter(f_sshd); destination(mylogserver); }; => log { source(src); destination(mylogserver); }; syslog-ng is writing something, but still there are no logs on the central server (see below). Seems, that the filter function of syslog-ng under AIX is different to other OS. _poll(0x2FF22950, 2, 424000) (sleeping...) _poll(0x2FF22950, 2, 424000) = 1 kread(3, " M a r 7 1 3 : 1 0".., 2048) = 187 _poll(0x2FF22950, 2, 100) = 1 kfcntl(5, F_GETFL, 0x2FF21880) = 6 kioctl(5, -2147195266, 0x2FF21778, 0x00000000) = 0 kioctl(5, -2147195267, 0x2FF21778, 0x00000000) = 0 kfcntl(5, F_SETFL, 0x00000006) = 0 recv(5, 0x2FF21820, 1, 2) Err#11 EAGAIN kwrite(5, " < 1 3 > M a r 7 1".., 203) = 203 _poll(0x2FF22950, 2, 100) = 0 _poll(0x2FF22950, 2, 246000) (sleeping...) Greetings, Tobias --- Weitergeleitete Nachricht --- Von: Tob_Sch@gmx.de An: Syslog-ng users' and developers' mailing list <syslog-ng@lists.balabit.hu> Betreff: Re: [syslog-ng] AIX: Syslog NG 1.6.9 (tcp) send logmessages to central log server Datum: Tue, 7 Mar 2006 12:55:03 +0100 (MET) Hi, I'm able to reproduce your problem on our AIX 5.3 server. The syslog-ng is reading from the pipe, but isn't transferring the logs to the central server (see "truss" output below), although there is a constant connection between the aix server and the central log server (see "lsof" output below). No more informations are coming from debug mode. That seems to be very strange for me. root@aix1:/root : truss -p 442538 _poll(0x00000000, 0, 0) (sleeping...) _poll(0x00000000, 0, 0) = 1 kread(3, " M a r 7 1 2 : 3 4".., 2048) = 187 _poll(0x2FF22940, 2, 100) = 0 _poll(0x2FF22940, 2, 483000) = 1 kread(3, " M a r 7 1 2 : 3 4".., 2048) = 99 _poll(0x2FF22940, 2, 100) = 0 _poll(0x2FF22940, 2, 481000) = 1 kread(3, " M a r 7 1 2 : 3 4".., 2048) = 114 _poll(0x2FF22940, 2, 100) = 1 kread(3, " M a r 7 1 2 : 3 4".., 2048) = 130 _poll(0x2FF22940, 2, 100) = 1 kread(3, " M a r 7 1 2 : 3 4".., 2048) = 251 _poll(0x2FF22940, 2, 100) = 0 _poll(0x2FF22940, 2, 481000) (sleeping...) root@aix1:/root : lsof | grep 442538 syslog-ng 442538 root cwd VDIR 10,11 256 23236 /syslog-ng (/dev/sysloglv) syslog-ng 442538 root 0u VCHR 27,1 0t30393 5026 /dev/pts/1 syslog-ng 442538 root 1u VCHR 27,1 0t30393 5026 /dev/pts/1 syslog-ng 442538 root 2u VCHR 27,1 0t30393 5026 /dev/pts/1 syslog-ng 442538 root 3u FIFO 10,6 0 394 /var (/dev/hd9var) syslog-ng 442538 root 4u IPv4 0xf1000d0003ee4b90 0t0 TCP aix1:46136->central:5514 (ESTABLISHED) Greetings, Tobias
--- Ursprüngliche Nachricht --- Von: "Jochen Kirn" <jochen.kirn@gmail.com> An: syslog-ng@lists.balabit.hu Betreff: [syslog-ng] AIX: Syslog NG 1.6.9 (tcp) send logmessages to central log server Datum: Mon, 6 Mar 2006 15:24:08 +0100
Hi all,
logmessages are being written to the AIX default syslog daemon which forwards certain messages to syslog ng via a named pipe "/var/adm/syslog.pipe"
The log messages are being written to the destination "localfile" but not to the remote syslog ng logging server. Any idea what's going wrong here ? the exact same "syslog-ng.conf" works with a HP-UX or Solaris based Syslog NG Installation without any problem.
Setup:
Syslog NG: 1.6.9 with libol 0.3.17 System: AIX 5.1 ML8 and AIX 5.3 ML 3
central logging server is a linux based syslog NG 1.6.9 which can successfully receive log messages from other (non aix) hosts.
syslog-ng.conf:
############## # Log sources # source src { pipe ("/var/adm/syslog.pipe"); };
############## # filters # filter f_sshd {program("sshd"); };
############## # Log destinations destination mylogserver{ tcp("logserver" port(514)); }; destination localfile{ file("/var/tmp/messages" template("$YEAR.$MONTH.$DAY $HOUR:$MIN:$SEC $HOST $MSG\n") template-escape(yes )); };
############## # Perform the logging log { source(src); filter(f_sshd); destination(mylogserver); };
log { source(src); filter(f_sshd); destination(localfile); };
regards Jochen
-- Echte DSL-Flatrate dauerhaft für 0,- Euro*! "Feel free" mit GMX DSL! http://www.gmx.net/de/go/dsl -- "Feel free" mit GMX FreeMail! Monat für Monat 10 FreeSMS inklusive! http://www.gmx.net