Hello,

My suggestion would be to check the error message.


"Error parsing source, syntax error, unexpected KW_DESTINATION, expecting ';' in /etc/syslog-ng/syslog-ng.conf at line 83, column 1:"

p.s.:
maybe you are missing a few ';' in the configuration file

--
Kokan

On Tue, May 8, 2018 at 1:38 PM vinod samant <vinod.samant.123@gmail.com> wrote:
Please suggest..

Thanks & Regards :-
VINOD SINGH SAUD
(M):- 09718663552
(W):-09997645597

On Tue, May 8, 2018 at 3:16 PM, vinod samant <vinod.samant.123@gmail.com> wrote:
Hi ,
I have used same configuration as you have sent ,
client IP:-  192.168.122.61
central server IP:- 192.168.122.184
my Client configuration file:-

@version:3.13
@include "scl.conf"

# syslog-ng configuration file.
#
# This should behave pretty much like the original syslog on RedHat. But
# it could be configured a lot smarter.
#
# See syslog-ng(8) and syslog-ng.conf(5) for more information.
#
# Note: it also sources additional configuration files (*.conf)
#       located in /etc/syslog-ng/conf.d/

options {
    flush_lines (0);
    time_reopen (10);
    log_fifo_size (1000);
    chain_hostnames (off);
    use_dns (no);
    use_fqdn (no);
    create_dirs (no);
    keep_hostname (yes);
};

source s_sys {
    system();
    internal();
    # udp(ip(0.0.0.0) port(514));
};

destination d_cons { file("/dev/console"); };
destination d_mesg { file("/var/log/messages"); };
destination d_auth { file("/var/log/secure"); };
destination d_mail { file("/var/log/maillog" flush_lines(10)); };
destination d_spol { file("/var/log/spooler"); };
destination d_boot { file("/var/log/boot.log"); };
destination d_cron { file("/var/log/cron"); };
destination d_kern { file("/var/log/kern"); };
destination d_mlal { usertty("*"); };

filter f_kernel     { facility(kern); };
filter f_default    { level(info..emerg) and
                        not (facility(mail)
                        or facility(authpriv) 
                        or facility(cron)); };
filter f_auth       { facility(authpriv); };
filter f_mail       { facility(mail); };
filter f_emergency  { level(emerg); };
filter f_news       { facility(uucp) or
                        (facility(news) 
                        and level(crit..emerg)); };
filter f_boot   { facility(local7); };
filter f_cron   { facility(cron); };

#log { source(s_sys); filter(f_kernel); destination(d_cons); };
log { source(s_sys); filter(f_kernel); destination(d_kern); };
log { source(s_sys); filter(f_default); destination(d_mesg); };
log { source(s_sys); filter(f_auth); destination(d_auth); };
log { source(s_sys); filter(f_mail); destination(d_mail); };
log { source(s_sys); filter(f_emergency); destination(d_mlal); };
log { source(s_sys); filter(f_news); destination(d_spol); };
log { source(s_sys); filter(f_boot); destination(d_boot); };
log { source(s_sys); filter(f_cron); destination(d_cron); };


# Source additional configuration files (.conf extension only)
@include "/etc/syslog-ng/conf.d/*.conf"


# vim:ft=syslog-ng:ai:si:ts=4:sw=4:et:
#



source s_apache {
  wildcard-file(
    base-dir("/var/log/httpd/")
    filename-pattern("*access_*")
    flags(no-parse)
  )


destination d_central {
  network("192.168.122.184" port(udp))
}


log {
  source(s_apache)
  destination(d_central)
}

>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>ERROR<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
If I am starting syslog-ng then ,its showing below error


[root@master syslog-ng]# service syslog-ng start
Error parsing source, syntax error, unexpected KW_DESTINATION, expecting ';' in /etc/syslog-ng/syslog-ng.conf at line 83, column 1:

destination d_central {
^^^^^^^^^^^

[root@master syslog-ng]# 


So,Please help to configure client and central server.



Thanks & Regards :-
VINOD SINGH SAUD
(M):- 09718663552
(W):-09997645597

On Mon, May 7, 2018 at 7:30 PM, Gergely Nagy <algernon@balabit.com> wrote:
Hi!

>>>>> "vinod" == vinod samant <vinod.samant.123@gmail.com> writes:

    vinod> 1.first one is using command  yum install syslog-ng ,  and it has been
    vinod> installed ,if this way is wright then what will be the client and server
    vinod> side configuration,Suppose

The client should be configured to read the logs, the server to accept
them and put them where you want 'em. See below for two simple examples.

    vinod> apache writing custom log on
    vinod> /usr/local/apache/logs/xyz_access_2018-05-07.log  ,Client IP:- 10.10.64.1
    vinod> ,server IP:- 10.10.64.100.

It looks like you're using files with dates in them, so you'll need a
wildcard source. Something along these lines may serve as a starting
point:

------------------------- * -------------------------

# client config

@version: 3.15

source s_apache {
  wildcard-file(
    base-dir("/usr/local/apache/logs");
    filename-pattern("*_access_*.log");
    flags(no-parse);
  );
};

destination d_central {
  network("10.0.0.1" port(1234));
};

log {
  source(s_apache);
  destination(d_central);
};

------------------------- * -------------------------

# server config

@version: 3.15

source s_network {
  network(port(1234));
};

destination d_all {
  file("/var/log/all.log" template("${MSG}\n");
};

log {
  source(s_network);
  destination(d_all);
};

------------------------- * -------------------------

If you want to have the same filename on the server side, that becomes a
bit less trivial, but still doable. You'll have to transfer the filename
too, and extract it on the server side.

This should be doable, because the ${FILE_NAME} macro on the client
contains the file a log line was read from, you can put this into the
message sent to the server, where it can be extracted and used to
construct the file the message gets saved to.

The following thread might be of use if you want to go down this path:
 https://lists.balabit.hu/pipermail/syslog-ng/2015-March/021906.html

I also recommend reading - or at least browsing the relevant parts of -
the syslog-ng administrator's guide. It has a lot of helpful information
about the configuration file syntax, options, and whatnot:
 https://syslog-ng.com/documents/html/syslog-ng-ose-3.14-guides/en/syslog-ng-ose-guide-admin/html/index.html

    vinod> 2. Second i have downloaded tar.gz file form github and trying to install
    vinod> ,But i am facing lots of dependency problem.

    vinod> Can you explain difference between both way installation which i am triyng
    vinod> ?

If you install from a binary package, you won't have to compile
anything. But you are limited to the version of syslog-ng your
distribution ships with (unless you use a third-party repository, which
you don't appear to be using). When compiling from source, you'll need
plenty of development tools - I'd recommend checking out the
docker-based building solution Laszlo Budai mentioned in his reply:
 https://github.com/balabit/syslog-ng/blob/master/dbld/images/centos6.dockerfile

This should make it a *lot* easier to compile from source, as it has all
the dependencies already installed. There are some notes on how to use
the Dockerfile here:
 https://github.com/balabit/syslog-ng/tree/master/dbld

The main difference between source and binary package is like the
difference between a recipe and a finished dish: if you have the recipe
(source), the ingredients and tools (dependencies, compiler, etc), then
you can cook the dish (binary package). Or you can order (download) the
finshed food (binary package), where someone else did the cooking for
you. :)

--
|8]


______________________________________________________________________________
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
FAQ: http://www.balabit.com/wiki/syslog-ng-faq