Hm, maybe a permissions issue with writing? Try putting in /tmp/somefile as the destination and see if that works. Also, you should verify that messages are in fact arriving on the server using tcpdump. On Wed, Nov 17, 2010 at 3:44 PM, keshava Veerabhadraiah <mv.keshava@gmail.com> wrote:
Hi I am new to syslog-ng and I have gone through other post to see if I can get a resolution to my problem. Syslog is not writing to the destination file any messages received on udp() or tcp(). I have made sure that syslog server is receiving the syslog messages as seen from the tcpdump
15:09:55.422423 IP 10.140.141.6.syslog > aspsyslog.sungardebs.com.syslog: SYSLOG local4.warning, length: 153 15:09:55.434638 IP 10.140.141.6.syslog > aspsyslog.sungardebs.com.syslog: SYSLOG local4.info, length: 184 15:09:55.470383 IP 10.140.141.6.syslog > aspsyslog.sungardebs.com.syslog: SYSLOG local4.info, length: 176 15:09:55.473519 IP 10.140.141.6.syslog > aspsyslog.sungardebs.com.syslog: SYSLOG local4.info, length: 190 15:09:55.493361 IP 10.140.141.6.syslog > aspsyslog.sungardebs.com.syslog: SYSLOG local4.info, length: 180 15:09:55.493748 IP aspsyslog.sungardebs.com.ssh > nim.sungardebs.com.42703: P 128608:129696(1088) ack 289 win 461 <nop,nop,timestamp 88706531 1310848493> 15:09:55.495519 IP 10.140.141.9.syslog > aspsyslog.sungardebs.com.syslog: SYSLOG local4.info, length: 188 15:09:55.495548 IP 10.140.141.9.syslog > aspsyslog.sungardebs.com.syslog: SYSLOG local4.debug, length: 90 15:09:55.495556 IP 10.140.141.9.syslog > aspsyslog.sungardebs.com.syslog: SYSLOG local4.debug, length: 85 15:09:55.521115 IP 10.140.141.6.syslog > aspsyslog.sungardebs.com.syslog: SYSLOG local4.debug, length: 87 15:09:55.521188 IP 10.140.141.6.syslog > aspsyslog.sungardebs.com.syslog: SYSLOG local4.info, length: 188 15:09:55.522041 IP 10.140.141.6.syslog > aspsyslog.sungardebs.com.syslog: SYSLOG local4.info, length: 175 15:09:55.522212 IP 10.140.141.7.syslog > aspsyslog.sungardebs.com.syslog: SYSLOG local4.info, length: 164
Here is how my syslog-ng config looks.
@version: 3.0 #Default configuration file for syslog-ng. # # For a description of syslog-ng configuration file directives, please read # the syslog-ng Administrator's guide at: # # http://www.balabit.com/dl/html/syslog-ng-admin-guide_en.html/bk01-toc.html #
options { chain_hostnames(no); create_dirs (no); dir_perm(0755); dns_cache(no); keep_hostname(yes); log_fifo_size(2048); log_msg_size(1024); log_iw_size (500); long_hostnames(on); perm(0644); stats_freq(3600); flush_lines(100); time_reopen (10); use_dns(no); use_fqdn(yes); # max_connections(100);
};
source s_all { udp(so_rcvbuf(2048576)); tcp(); unix-stream("/dev/log"); internal(); file("/proc/kmsg"); };
destination d_file_normal {file("/var/log/messages_syslog-ng.log"); };
log { source(s_all); destination (d_file_normal); };
Any help would be greatly appreciated.
Thanks
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.campin.net/syslog-ng/faq.html