Hi
My name is Shetkar Ravi and AS i am new to syslog-ng I am interested to become a new syslog-ng member to learn more about syslog-ng.
I am currently working on logging server project. I searched the web and found lot of good things and recommendations about the syslog-ng and decided install and test in my solaris/HP/Aix environment.
I down loaded libol-0.3.9 and syslog-ng-1.6.0rc3 and installed and compiled on solaris 8 server.
I added /etc/syslog-ng/syslog-ng.conf file and modified the /etc/init.d/syslog file, but when try to start the syslog-ng (/etc/init.d/syslog start) it giving me following error on the console..
io.c: bind_inet_socket() bind failed 0.0.0.0:514 Address already in use
Need your help and suggestion for syslog-ng configuration...to make it work on my syslog -ng centralize logging server.
Do i need to install syslog-ng on all the clients also or the default syslog will work.?
and then what will be the syslog.conf file on clients.
Follwing are my configuration files..
/etc/syslog-ng/syslog-ng.conf file..
# more syslog-ng.conf
#
# Syslog-ng example configuration file for Solaris
#
#use_fqdn() add FQDN instead of short hostname
#use_dns() use DNS (may cause DOS)
#sync() number of lines buffered before written to file
#log_fifo_size() number of lines fitting to the output queue
#
#options { use_fqdn(no);
# keep_hostname(yes);
# use_dns(no);
# long_hostnames(off);
# sync(0);
# log_fifo_size(1000); };
options { sync(0); keep_hostname(yes); chain_hostnames(no);
log_fifo_size(30000); };
source s_local { sun-streams("/dev/log" door("/etc/.syslog_door"));
internal(); };
source s_net_udp { udp(); };
destination d_local { file("/logs/messages"); };
log { source(s_local); source(s_net_udp); destination(d_local); };
#
# local and network sources
#
# + will accept udp/tcp connections on port 514 from any host
# + keepalive option is for tcp only and will keep connection open
# when the SIGHUP signal is seen
#
#source s_stream { sun-streams("/dev/log" door("/etc/.syslog_door"); };
#source local { sun-streams("/dev/log" door("/etc/.syslog_door")); internal();};
#source network { udp(); tcp(); };
#source s_tcp { tcp(ip(127.0.0.1) port(19990) max-connections(10)); };
#Source s_udp { udp(); };
#
# standard destinations for local standard system messages
#
destination authlog { file("/var/log/auth.log"); };
destination syslog { file("/var/log/syslog"); };
destination kern { file("/var/log/kern.log"); };
destination maillog { file("/var/log/maillog"); };
#
# special log destinations for our remote hosts
# (pixlog, switchlog) and for our IP Filter firewall (ipflog)
#
#destination ipflog { file("/var/log/ipf.log"); };
#destination pixlog { file("/var/log/pix.log"); };
#destination switchlog { file("/var/log/switch.log"); };
#
# Some log files used to catch remaining messages
#
destination debug { file("/var/log/debug"); };
destination messages { file("/var/log/messages"); };
#
# console destination
#
destination console { file("/dev/sysmsg"); };
#
# filters for standard local system messages which come
# in on non-local facilities
#
filter f_authpriv { facility(auth) ; };
filter f_syslog { not facility(auth) and not facility(mail); };
filter f_kern { facility(kern); };
filter f_mail { facility(mail); };
#
# filters for IPFilter and the Cisco equipment
#
#filter f_ipf { facility(local0); };
#filter f_pix { facility(local4); };
#filter f_switch { facility(local6, local7); };
#
# catch the rest
#
filter f_debug { not facility(kern, auth, mail, local6, local7, local4, local0); };
filter f_messages { level(info .. warn) and not facility(auth, mail, local0, local4
, local6, local7); };
#
# filters for various emergency level messages
#
filter f_emergency { level(emerg); };
#
# log emergency level messages out to console
#
log { source(local); filter(f_emergency); destination(console); };
#
# log messages from local machine
#
log { source(local); filter(f_authpriv); destination(authlog); };
log { source(local); filter(f_syslog); destination(syslog); };
log { source(local); filter(f_kern); destination(kern); };
log { source(local); filter(f_mail); destination(maillog); };
#
# log IP Filter messages to the ipf.log
#
#log { source(local); filter(f_ipf); destination(ipflog); };
#
# log switch and pix messages
#
#log { source(network); filter(f_pix); destination(pixlog); };
#log { source(network); filter(f_switch); destination(switchlog); };
#
# catch the rest of the messages
#
log { source(local); source(network); filter(f_debug); destination(debug); };
log { source(local); source(network); filter(f_messages); destination(messages); };
#
# Automatic sorting of host messages by $HOST and $YEAR$MONTH$DAY
#
# + will automatically create a directory structure for all messages
# sorted first by host, then by date, then by facility.
# + with use_dns(no) we will have files based on ip address not hostname
#
destination hosts { file("/var/log/HOSTS/$HOST/$YEAR$MONTH$DAY/$FACILITY" owner(roo
t) group(root) perm(0600) dir_perm(0700) create_dirs(yes)); };
#
# logs all incoming messages from network source to the sorted
# destination
#
log { source(network); destination(hosts); };
My /etc/init.d/syslog file is
# more syslog
#!/sbin/sh
#
# script to start syslog-ng on boot up for a Solaris machine.
# This script replaces /etc/init.d/syslog on a Solaris machine.
#
case "$1" in
'start')
if [ -f /etc/syslog-ng.conf -a -f /usr/local/sbin/syslog-ng ];
then
echo 'syslog-ng service starting.'
#
# Before syslogd starts, save any messages from previous
# crash dumps so that messages appear in chronological order.
#
/usr/bin/savecore -m
if [ -r /etc/dumpadm.conf ]; then
. /etc/dumpadm.conf
[ "x$DUMPADM_DEVICE" != xswap ] && \
/usr/bin/savecore -m -f $DUMPADM_DEVICE
fi
if [ !
-f /var/adm/messages ]; then
/usr/bin/cp /dev/null /var/adm/messages
/usr/bin/chmod 0644 /var/adm/messages
fi
/usr/local/sbin/syslog-ng >/dev/msglog 2>&1 &
fi
;;
'stop')
echo 'syslog-ng service stopping.'
if [ -f /var/run/syslog-ng.pid ]; then
syspid=`/usr/bin/cat /var/run/syslog-ng.pid`
[ "$syspid" -gt 0 ] && kill -15 $syspid
fi
;;
*)
echo "Usage: $0 { start | stop }"
exit 1
;;
esac
my daemon is in /usr/loca/sbin/syslog-ng
thanks for your help.
Shetkar Ravi
Unix systel Administrator.
WebMD
Do you Yahoo!?
Yahoo! SiteBuilder - Free, easy-to-use web site design software