You have to put the log device with the pad_size into your system source. source s_sys {pipe("/dev/log" pad_size(2048)); internal(); }; It's working on my system so you can try. You can also add the klog device (/dev/klog) with same options than /dev/log. Shamim a écrit :
Hi, I've compile syslog-ng-2.0.2 on HP-UX-11.11, however messages are not going to desired destinations as defined in the syslog-ng.conf .
my syslog-ng.conf --------------------------------------------- # syslog-ng configuration file. # # This should behave pretty much like the original syslog on HP-UX. But # it could be configured a lot smarter. # # See syslog-ng(8) and syslog-ng.conf(8) for more information. # # 20000925 gb@sysfive.com <mailto:gb@sysfive.com> options { sync (0); time_reopen (10); log_fifo_size (1000); long_hostnames (off); use_dns (no); use_fqdn (no); create_dirs (no); keep_hostname (yes); }; source s_sys {internal();pipe("/dev/log"); }; destination d_cons { file("/dev/console1"); }; destination d_mesg { file("/var/adm/syslog/syslog-ng.log"); }; destination d_mail { file("/var/adm/syslog/mail-ng.log"); }; destination d_mlrt { usertty("root"); }; destination d_mlal { usertty("*"); }; filter f_filter1 { facility(mail) and level(debug); }; filter f_filter2 { (facility(mail) and level(debug)) or level(info); }; filter f_filter3 { level(alert); }; filter f_filter4 { level(emerg); }; log { source(s_sys); destination(d_mail); }; log { source(s_sys); destination(d_mesg); }; log { source(s_sys); destination(d_cons);destination(d_mlrt); }; log { source(s_sys); destination(d_mlal); }; # -------------------------------------------- Now If I generate message using "logger" utility on system, message should go to "/var/adm/syslog/syslog-ng.log", though they are not going... Is there anything wrong with .conf file?
What should be the conf file for central server and client on HP-UX?
syslog-ng daemon is running like: ------------------------------------------------------------------------------- syslog-ng service starting. # ps -eaf |grep syslog-ng root 14437 1 0 10:22:30 ? 0:00 /opt/soe/local/syslog-ng-2.0.2/sbin/syslog-ng -f /opt/soe/local # ------------------------------------------------------------------------------
Thanks Shamim
*/syslog-ng-request@lists.balabit.hu/* wrote:
Send syslog-ng mailing list submissions to syslog-ng@lists.balabit.hu
To subscribe or unsubscribe via the World Wide Web, visit https://lists.balabit.hu/mailman/listinfo/syslog-ng or, via email, send a message with subject or body 'help' to syslog-ng-request@lists.balabit.hu
You can reach the person managing the list at syslog-ng-owner@lists.balabit.hu
When replying, please edit your Subject line so it is more specific than "Re: Contents of syslog-ng digest..."
Today's Topics:
1. Re: Is this possible in syslog-ng.conf . (v2.0.2) (Balazs Scheidler) 2. Re: Setting permissions on log files (Balazs Scheidler) 3. Re: Is this possible in syslog-ng.conf . (v2.0.2) (Evan Rempel) 4. compilation errors with --enable-spoof-source (Ravi Papisetti -X (rpapiset - HCL at Cisco)) 5. Re: Is this possible in syslog-ng.conf . (v2.0.2) (Balazs Scheidler) 6. Re: compilation errors with --enable-spoof-source (Balazs Scheidler) 7. RE: compilation errors with --enable-spoof-source (Ravi Papisetti -X (rpapiset - HCL at Cisco)) 8. RE: compilation errors with --enable-spoof-source (Balazs Scheidler)
----------------------------------------------------------------------
Message: 1 Date: Mon, 19 Feb 2007 17:14:12 +0100 From: Balazs Scheidler Subject: Re: [syslog-ng] Is this possible in syslog-ng.conf . (v2.0.2) To: Syslog-ng users' and developers' mailing list
Message-ID: <1171901652.11781.7.camel@bzorp.balabit> Content-Type: text/plain
On Sun, 2007-02-18 at 16:48 -0800, Mr. James W. Laferriere wrote:
> Ok . IMO counter intuitive , Tho reasonable with your explanation . > One is very used to the 'source' in FW/router/...'s as being the source > device(s) IP from where a packet came from .
syslog-ng is not a firewall :) this is sometimes strange to me as well, being involved in firewall products as well. But putting the joke aside, syslog-ng is a "syslog message pipe" processor: sources generate messages, destinations serve as message sinks. Some filtering here and there, that's about syslog-ng's internal structure.
So, naming source as a source is consistent with syslog-ng itself.
> An aside , Can one do the 'Formatting' like my example above , again > no examples show up like that , but I am hopeful . > > > > To do that you need the netmask() filter. > > Next time I'll go looking at the Blog at Gmane first before shooting my > mouth off . netmask was just the hint I needed . > Tho it sure would be nice for netmask() to support the /xx bits netmask > format .
It does support this format.
-- Bazsi
------------------------------
Message: 2 Date: Mon, 19 Feb 2007 17:15:57 +0100 From: Balazs Scheidler Subject: Re: [syslog-ng] Setting permissions on log files To: Syslog-ng users' and developers' mailing list
Message-ID: <1171901757.11781.10.camel@bzorp.balabit> Content-Type: text/plain
On Mon, 2007-02-19 at 01:45 +0000, Bryan Henderson wrote: > With the 'file' destination, Syslog-ng modifies the ownership and > permissions of the file when it opens it. There are configuration > file options to choose what it sets them to, but AFAICT, no way to > have Syslog-ng just leave the files as it finds them. > > I prefer to maintain permissions and ownership separately; I set them > when I create the file and expect them to stick. Could there be a > configuration file option for that? >
IIRC, you can use -1 for various options, which means "do not touch". But I would need to test it. The code in the C part is there, the only question that remains whether the parser accepts "-1" in the place of owner/group/permissions.
-- Bazsi
------------------------------
Message: 3 Date: Mon, 19 Feb 2007 09:02:15 -0800 From: Evan Rempel Subject: Re: [syslog-ng] Is this possible in syslog-ng.conf . (v2.0.2) To: "Syslog-ng users' and developers' mailing list"
Message-ID: <45D9D817.7050309@uvic.ca> Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Balazs Scheidler wrote: > On Sun, 2007-02-18 at 16:48 -0800, Mr. James W. Laferriere wrote: > >> Ok . IMO counter intuitive , Tho reasonable with your explanation . >> One is very used to the 'source' in FW/router/...'s as being the source >> device(s) IP from where a packet came from . > > syslog-ng is not a firewall :) this is sometimes strange to me as well, > being involved in firewall products as well. But putting the joke aside, > syslog-ng is a "syslog message pipe" processor: sources generate > messages, destinations serve as message sinks. Some filtering here and > there, that's about syslog-ng's internal structure. > > So, naming source as a source is consistent with syslog-ng itself.
I think that the author of the original comment was refereing to the IP address binding in the source definition
source network { tcp( ip(xxxx) ); };
where the IP address is NOT the source at all, it is a local IP address to bind the listener to. Perhaps the syntax should be
source network { tcp( bind(xxxx) ); };
since the bind address MUST be ip since the definition is already defined to be tcp.
I think it is a little counter intuitive even within the scope of syslog-ng.
Evan.
> >> An aside , Can one do the 'Formatting' like my example above , again >> no examples show up like that , but I am hopeful . >> >> >>> To do that you need the netmask() filter. >> Next time I'll go looking at the Blog at Gmane first before shooting my >> mouth off . netmask was just the hint I needed . >> Tho it sure would be nice for netmask() to support the /xx bits netmask >> format . > > It does support this format. >
-- Evan Rempel erempel@uvic.ca Senior Programmer Analyst 250.721.7691 Computing Services University of Victoria
------------------------------
Message: 4 Date: Mon, 19 Feb 2007 13:09:41 -0600 From: "Ravi Papisetti -X (rpapiset - HCL at Cisco)"
Subject: [syslog-ng] compilation errors with --enable-spoof-source To: "syslog-ng@lists.balabit.hu" Message-ID: <5A8F8213-CAC5-4190-A902-FE91C0DC844D@mimectl> Content-Type: text/plain; charset="iso-8859-1"
Hi,
I am using syslog-ng 1.6.11 and trying to compile this package with ./configure --enable-spoof-source, it throws errors as below
checking whether to enable Sun STREAMS support... yes checking whether to enable Sun door support... yes checking whether to enable TCP wrapper support... no checking whether to enable spoof_source support... ./configure: test: too many arguments configure: error: libnet-config not found
It compiles fine without --enable-spoof-source this option. Could you do the needful.
Thanks, Ravi Kumar P.