Still if I wanted to configure a different source on the syslog-server as below    (I will eventually use filtering if I do not succeed in creating another source)

 

source apache_access{tcp(ip("192.168.180.179") flags(no-parse));

};

 

destination d_apachemssql {

pipe("/tmp/apachepipe.pipe"

template("INSERT INTO logapache(datetime,host,program,pid,message)VALUES('$R_DATE','$HOST','$PROGRAM','$PID','$MSGONLY');\n")template-escape(yes) flags(no-multi-line));

};

 

 

log {

     source(apache_access);

     destination(d_apachemssql);

};

 

 

I get the following error when trying to start syslog-ng

 

Error binding socket; addr='AF_INET(192.168.180.179:3331)', error='Cannot assign requested address (99)'

Error initializing source driver; source='apache_access', id='apache_access#0'

Error initializing message pipeline;

 

 

 

From: syslog-ng-bounces@lists.balabit.hu [mailto:syslog-ng-bounces@lists.balabit.hu] On Behalf Of Patrick H.
Sent: Monday, July 19, 2010 9:48 AM
To: Syslog-ng users' and develops' mailing list
Subject: Re: [syslog-ng] configuring different sources on the syslog-ng server

 

Firstly the "ip()" option of "tcp()" in a "source()" is not required, it is optional. It specifies the IP address which syslog-ng will listen on. If not provided, syslog-ng will listen on all interfaces.
Seconly, you do not need a separate source for every client. You can use filter rules to match on the client's hostname if you need to.

You might want to go through the administrator's guide, it is an extremely good documentation source with lots of examples. http://www.balabit.com/dl/guides/syslog-ng-ose-v3.1-guide-admin-en.pdf

Sent: Sunday, July 18, 2010 11:28:25 PM
From: Khaleelah Peerbocus <systems2@maccs.mu>
To: 'Syslog-ng users' and developers' mailing list' <syslog-ng@lists.balabit.hu>
Subject: [syslog-ng] configuring different sources on the syslog-ng server

Hello

 

I would like to get some clarification on the source tag in both syslog client and server.

I have different clients hosting apache / weblogic

 

My Syslog-ng Server has ip 192.x.x.x

 

Apache (client) has ip 192.x.x.1

 

Weblogic (client) has ip 192.x.x.2

 

In all the clients syslog configuration files, i have added

 

destination apacheaccesslog {

tcp("192.x.x.x " port(3331));

};

 

destination weblogiclog {

tcp("192.x.x.x " port(3332));

};

 

 

My issue is in the syslog-ng server configuration file, if i add

 

source apache_access {tcp(ip(192.x.x.x) port(3331));

};

 

Should the ip be the server ip or the client ip (in this example, i have put the syslog-ng server ip). Does the port number differentiate the different sources we are receiving the log files ???

 

 

 

 

 

 

logo-emailsignature.jpgKhaleelah Peerbocus – Systems Analyst

Mauritius Cargo Community Services

Business Registration No.: C08077158

VAT Registration No.: VAT20427044

1st Floor, Trade and Marketing Centre, Mer Rouge

Port-Louis, Mauritius

Tel: +230 206 2970 - Cell: +230 498 7897 Fax: +230 216 8858

Email: systems2@maccs.mu - Website: http://www.maccs.mu

 

 

 





 
______________________________________________________________________________
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
FAQ: http://www.campin.net/syslog-ng/faq.html