Wow, I should have looked more closely at your config before I added my comments. You don't need a fallback because you are not filtering your s_network source. You are using a mysql database as your back end. This complicates things greatly. I recommend using a file destination to ensure you are getting everything that you expect. Only then would I (not me actually) be comfortable with storing the data into mysql. Under load I have seen mysql silently drop records. No errors of any kind in front or backend of the database services. you couldn't pay me to use mysql :-( On 08/06/2014 07:57 AM, Riyas Ahamed wrote:
Hi,
Could you please tell me how to check fallback destination?
I have attached in this mail configuration file of syslog-ng.
Please help me to come from this problem.
Thanks Riaz Ahmed
________________________________________ From: syslog-ng-bounces@lists.balabit.hu [syslog-ng-bounces@lists.balabit.hu] on behalf of Evan Rempel [erempel@uvic.ca] Sent: Wednesday, August 06, 2014 7:00 PM To: syslog-ng@lists.balabit.hu Subject: Re: [syslog-ng] FW: Syslog Problem
Do you have a fallback destination defined? (flags(fallback))
I had a case where I couldn't find my log lines and it turnted out to be that the source was sending some weird facility that never matched any of my filters.
On 08/06/2014 05:58 AM, Riyas Ahamed wrote:
Hi Team,
Iam sure packet filter accepts that kind of traffic because iptables and selinux are in disabled mode but still I cannot find the network device in syslogng front end.
Please help me.
Thanks Riaz Ahmed <mailto:7581178|manimaran.sundaresan@csscorp.com> -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- *From:* syslog-ng-bounces@lists.balabit.hu [syslog-ng-bounces@lists.balabit.hu] on behalf of Balazs Scheidler [bazsi77@gmail.com] *Sent:* Tuesday, August 05, 2014 7:29 PM *To:* Syslog-ng users' and developers' mailing list *Subject:* Re: [syslog-ng] FW: Syslog Problem
are you sure the packet filter accepts that kind of traffic? your configuration seems to treat all such hosts equivalently.
On Tue, Aug 5, 2014 at 8:21 AM, Riyas Ahamed <Riyas.Ahamed@csscorp.com <mailto:Riyas.Ahamed@csscorp.com>> wrote:
Hi,____
__ __
I have configured a syslog-ng server to capture network logs. I can able to fetch network logs of three devices. ____
__ __
But in fourth network device I can able to see packets are get polling into the syslog server in port 514 by using tcpdump command but I cannot find the network device in syslogng front end. ____
__ __
Syslog OS : CentOS release 6.5 (Final)____
__ __
Syslog Version : syslog-ng 3.2.5____
__ __
Along with this mail I have attached configuration file of syslogng server.____
__ __
Please help me to resolve this issue.____
__ __
Regards,____
*N.B.RIAZ AHMED____*
*(9047166496 <tel:%289047166496>)____*
__ __
__ __
https://www.csscorp.com/email-disclaimer
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
-- Bazsi https://www.csscorp.com/email-disclaimer
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
-- Evan Rempel erempel@uvic.ca Senior Systems Administrator 250.721.7691 Data Centre Services, University Systems, University of Victoria ______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
https://www.csscorp.com/email-disclaimer
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
-- Evan Rempel erempel@uvic.ca Senior Systems Administrator 250.721.7691 Data Centre Services, University Systems, University of Victoria