You keep referring to /opt/log but your configuration is for /var/log/nco.pipe destination netcool { pipe("/var/log/nco.pipe"); }; Is this a simple typo? On 4/9/19 6:38 AM, Aguilu, Miguel wrote:
We are in the middle of a project to Migrate from 3.0 to 3.16 (latest in redhat distro)
The standard 3.14 config works fine writing to some standard logs in /var/log
But we need to write special files to /opt/log/
* In this directory will be a file type pipe to be read by a syslog probe (parse messages into alerts). Using the following configuration NG returns unable to write.
source s_dgram
{ unix-dgram("/dev/log"); };
source s_kernel
{ file("/proc/kmsg" program_override("kernel: ")); };
source s_udp
{ udp(); };
destination netcool { pipe("/var/log/nco.pipe"); };
log { source(s_dgram);
source(s_kernel);
source(s_udp); filter(f_NOfwflow);
filter(f_NOdata_cent);
filter(f_NOtacacs);
filter(f_netcool); destination(netcool); };
* Even if I remove the filter I get the same error. * Also removed all of the sources with the exception of the upd and got the same error. * Changed the file type to file and getting: o OLLERR occurred while idle; fd='66' o Apr 9 13:17:45 wbucrp-isdmz1a-lb err syslog-ng[2475]: Connection broken; time_reopen='60' o Apr 9 13:17:47 wbucrp-isdmz1b-lb err syslog-ng[10934]: POLLERR occurred while idle; fd='66' o Apr 9 13:17:47 wbucrp-isdmz1b-lb err syslog-ng[10934]: Connection broken; time_reopen='60' o Apr 9 13:17:51 wapcrp-isdmz0a-lb err syslog-ng[3713]: I/O error occurred while writing; fd='38', error='Connection refused (111)' o Apr 9 13:17:51 wapcrp-isdmz0a-lb err syslog-ng[3713]: Connection broken; time_reopen='60' o Apr 9 13:17:51 wapcrp-isdmz0a-lb notice syslog-ng[3713]: Suspending write operation because of an I/O error; fd='38', time_reopen='60' * The permissions in /opt/log are 777 and owned by root which is the user syslog-ng is running under. * Also change the path to where the config was updating file (/varr/log) and attemted to create the pipe and no luck
Here are my global options:
* options { * flush_lines (0); * # time_reopen (10); * log_fifo_size (1000); * chain_hostnames (on); * use_dns (yes); ## changed test * use_fqdn (yes); * keep_hostname (yes); * owner("root"); * group("root"); * create_dirs(yes); #Test * dir_perm(0755); * perm(0644); * };
ANY Ideas?
Thanks
Miguel
-- Evan