At the very top of your config file, it will need to have: @version: 3.0 You'll just need to remove the # sign. -----Original Message----- From: syslog-ng-bounces@lists.balabit.hu [mailto:syslog-ng-bounces@lists.balabit.hu] On Behalf Of Bristol, Gary L. Sent: Friday, May 01, 2009 12:52 PM To: syslog-ng@lists.balabit.hu Subject: [syslog-ng] Error when starting syslog-ng 3.0.1 I'm getting the following error when I start the syslog-ng process. I'm running version 3.0.1 I have tried several different formats for getting it to recognize that fact that I'm running or attempting to run a version 3.0 config. The other problem I'm having is that I'm not getting any local logs. The directory creation and the forwarding of the syslog to the remote system works just fine. Starting system logger: Configuration file has no version number, assuming syslog-ng 2.1 format. Please add @version: maj.min to the beginning of the file; WARNING: global: the default value of chain_hostnames is changing to 'no' in version 3.0, please update your configuration accordingly; Error resolving group; group='log' WARNING: template: the default value for template-escape is changing to 'no' in version 3.0, please update your configuration file accordingly; WARNING: input: sources do not remove new-line characters from messages by default in version 3.0, please add 'no-multi-line' flag to your configuration if you want to retain this functionality; WARNING: file source: default value of follow_freq in file sources is changing in 3.0 to '1' for all files except /proc/kmsg; WARNING: filters do not store matches in macros by default in 3.0, please update your configuration by using an explicit 'store-matches' flag to achieve that; WARNING: template: the meaning of the $MSG/$MESSAGE macros is changing in version 3.0, please prepend a $MSGHDR when upgrading to 3.0 config format; Error resolving user; user='root' Here is the configuration file at /etc/syslog-ng/syslog0ng.conf # syslog-ng configuration file. #@version: 3.0 # # This should behave pretty much like the original syslog on RedHat. But # it could be configured a lot smarter. # # See syslog-ng(8) and syslog-ng.conf(5) for more information. # # 20000925 gb@sysfive.com # # configuration file for syslog-ng, customized for remote logging # #options { flush_lines (0); # time_reopen (10); # log_fifo_size (1000); # long_hostnames (off); # use_dns (no); # use_fqdn (no); # keep_hostname (yes); # }; options { stats_freq (0); chain_hostnames (no); flush_lines (0); time_reopen (10); log_fifo_size (1000); long_hostnames(off); use_dns (no); use_fqdn (no); create_dirs (yes); keep_hostname (yes); perm(0640); group("log"); }; source s_internal { internal(); }; destination d_syslognglog { file("/var/log/syslog-ng.log"); }; log { source(s_internal); destination(d_syslognglog); }; # Local sources, filters and destinations are commented out # If you want to replace sysklogd simply uncomment the following # parts and disable sysklogd # # Local sources # #source s_local { # unix-dgram("/dev/log"); # file("/proc/kmsg" log_prefix("kernel:")); #}; # source s_sys { file ("/proc/kmsg" program_override("kernel: ")); unix-stream ("/dev/log"); internal(); udp(ip(0.0.0.0) port(514)); }; # network logs come from the local network source src { unix-stream("/dev/log"); internal(); }; source remote { udp(ip ("0.0.0.0")); }; source remote_tcp { tcp(ip ("xxx.xx.xx.xxx")); }; source kernsrc { file("/proc/kmsg"); }; ## Local filters filter f_filter1 { facility(kern); }; filter f_filter2 { level(info) and not (facility(mail) or facility(authpriv) or facility(cron)); }; filter f_filter3 { facility(authpriv); }; filter f_filter4 { facility(mail); }; filter f_filter5 { level(emerg); }; filter f_filter6 { facility(uucp) or (facility(news) and level(crit)); }; filter f_filter7 { facility(local7); }; filter f_filter8 { facility(cron); }; # Filters for remote logs added for RSA filter f_paygate { host ("xxx.xxx.xxx.xxx");}; filter f_payweb { host ("xxx.xxx.xxx.xxx");}; filter f_paymarket1 { host ("xxx.xxx.xxx.xxx");}; filter f_paymarket2 { host ("xxx.xxx.xxx.xxx");}; filter f_roomview { host ("xxx.xxx.xxx.xxx");}; filter f_paymarket1a { host ("xxx.xxx.xxx.xxx");}; filter f_paymarket2a { host ("xxx.xxx.xxx.xxx");}; #filter f_dc { host ("xxx.xxx.xxx.xxx");}; # Local logs - order DOES matter ! #log { source(s_sys); filter(f_filter1); destination(d_cons); }; log { source(s_sys); filter(f_filter2); destination(d_mesg); }; log { source(s_sys); filter(f_filter3); destination(d_auth); }; log { source(s_sys); filter(f_filter4); destination(d_mail); }; log { source(s_sys); filter(f_filter5); destination(d_mlal); }; log { source(s_sys); filter(f_filter6); destination(d_spol); }; log { source(s_sys); filter(f_filter7); destination(d_boot); }; log { source(s_sys); filter(f_filter8); destination(d_cron); }; # Remote logs for RSA Appliance log { source(remote); filter(f_paygate); destination(d_rsa); }; log { source(remote); filter(f_payweb); destination(d_rsa); }; log { source(remote); filter(f_paymarket1); destination(d_rsa); }; log { source(remote); filter(f_paymarket2); destination(d_rsa); }; log { source(remote); filter(f_roomview); destination(d_rsa); }; log { source(remote); filter(f_paymarket1a); destination(d_rsa); }; log { source(remote); filter(f_paymarket2a); destination(d_rsa); }; #log { source(remote); filter(f_dc); destination(d_rsa); }; # log by host log { source(remote); destination(hosts); }; log { source(remote_tcp); destination(hosts); }; # Local destinations destination d_cons { file("/dev/console"); }; destination d_mesg { file("/var/log/messages"); }; destination d_auth { file("/var/log/secure"); }; destination d_mail { file("/var/log/maillog"); }; destination d_spol { file("/var/log/spooler"); }; destination d_boot { file("/var/log/boot.log"); }; destination d_cron { file("/var/log/cron"); }; destination d_mlal { usertty("*"); }; # added for re-direct to RSA Appliance destination d_rsa { udp("xxx.xxx.xxx.xxx" port (514) template("<$PRI> $DATE $HOST $MESSAGE"));}; # automatic host sorting # by current year, month, day, host # files created are also by year, month, day, host, facility # set it up destination hosts { file("/var/syslog/HOSTS/$YEAR/$MONTH/$DAY/$HOST/$YEAR-$MONTH-$DAY-$HOST-$FAC ILITY.log" owner(root) group(root) perm(0655) dir_perm(0 755) create_dirs(yes)); }; Gary L. Bristol CISSP, RHCE University of Oklahoma 200 Felgar St., Suite 226 Norman, OK 73019 405-325-2236 ******************************************** ---------------------------------------------------------------------------- + Ranked 10th in PC Magazine's 2007 Top 20 Wired Campuses Computerworld + 2006 100 Best Places to Work in IT ---------------------------------------------------------------------------- ********************************************************************** This transmission may contain information that is privileged, confidential and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. Thank you **********************************************************************