To get the "statistics" messages or the "mark" messages you need to include a source of internal() The "Duplicate stats counter; counter=..." WARNING is just reporting that you have multiple destinations to the same IP Address, in your case to the IP address of 27.0.0.1:61514 which is fine, since syslog-ng will report TOTAL statistics to this destination. Evan. Alberto Avi wrote:
Hi everyone,
I'm trying to configure a few templated logs on Linux boxes to a remote syslog-ng server (available through stunnel connection). All is working fine in the remote syslog-ng server: I can see all the data I expected and I can manage them happly. There is only a small issue on the client side: the syslog-ng don't send "stats" and "mark" messages. When I start the deamon I have this error:
[root@usftpl201 sbin]# ./syslog-ng -d -v -F Duplicate stats counter; counter='tcp(AF_INET(127.0.0.1:61514))'
This is my syslog-ng configuration on client side:
# general options options { mark_freq(1); stats_freq(2); time_reopen(5); time_reap(300); flush_lines(1); flush_timeout(5000); log_fifo_size(3); normalize_hostnames(yes); keep_hostname(yes); use_fqdn(no); owner(root); group(root); perm(0600); dir_owner(root); dir_group(root); dir_perm(0600); log_msg_size(8192); };
# define sources source s_system { file("/var/log/messages" follow_freq(1)); file("/var/log/secure" follow_freq(1)); file("/var/log/cron" follow_freq(1)); file("/var/log/up2date" follow_freq(1)); file("/var/log/osad" follow_freq(1)); };
source s_proftpd { file("/var/log/proftpd/auth.log" follow_freq(1) flags(no-parse)); file("/var/log/proftpd/access.log" follow_freq(1) flags(no-parse)); };
# define filters filter f_system { not match("logger"); }; filter f_proftpd { not match("FTP Time"); };
# define templates template t_system { template("$DATE $HOST TYPE: MSG-SYSTEM MSG: $MSG\n"); }; template t_proftpd { template("$DATE $HOST TYPE: MSG-PROFTPD MSG: $MSG\n"); };
# define destinatios destination d_system { tcp("127.0.0.1" port(61514) template(t_system)); }; destination d_proftpd { tcp("127.0.0.1" port(61514) template(t_proftpd)); };
# define logs log { source(s_system); filter(f_system); destination(d_system); }; log { source(s_proftpd); filter(f_proftpd); destination(d_proftpd); };
This is my configuration on central syslog-ng server:
options { time_reopen(15); time_reap(600); flush_lines(4); flush_timeout(6000); log_fifo_size(1); chain_hostnames(yes); normalize_hostnames(on); create_dirs(yes); chain_hostnames(yes); long_hostnames(no); keep_hostname(yes); use_fqdn(no); use_dns(no); owner(root); group(root); dir_owner(root); dir_group(root); dir_perm(0600); log_msg_size(8192); };
# define sources source s_tcp { tcp(ip(127.0.0.1) port(60514) max-connections(512) tcp-keep-alive(yes)); };
# define filters filter f_system { match("MSG-SYSTEM"); }; filter f_proftpd { match("MSG-PROFTPD"); };
# define templates template t_system { template("RECDATE: $R_YEAR/$R_MONTH/$R_DAY $R_HOUR:$R_MIN:$R_SEC SYSLOG: ussysl310 RHOST: $HOST RDATE: $S_YEAR/$S_MONTH/$S_DAY $S_HOUR:$S_MIN:$S_SEC $MS G\n"); template_escape(no); }; template t_proftpd { template("RECDATE: $R_YEAR/$R_MONTH/$R_DAY $R_HOUR:$R_MIN:$R_SEC SYSLOG: ussysl310 RHOST: $HOST RDATE: $S_YEAR/$S_MONTH/$S_DAY $S_HOUR:$S_MIN:$S_SEC $MS G\n"); template_escape(no); };
# define destinations destination d_system { file("/var/data/syslog-ng/linux-hosts/$YEAR/$MONTH/$DAY/$HOST/$HOST-$DAY$MONTH$YEAR-system.log" template(t_system)); }; destination d_proftpd { file("/var/data/syslog-ng/linux-hosts/$YEAR/$MONTH/$DAY/$HOST/$HOST-$DAY$MONTH$YEAR-proftpd.log" template(t_proftpd)); };
# define logs log { source(s_tcp); filter(f_system); destination(d_system);}; log { source(s_tcp); filter(f_proftpd); destination(d_proftpd); }
Any suggestions are appreciated.
Alberto. _______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
-- Evan Rempel erempel@uvic.ca Senior Programmer Analyst 250.721.7691 Computing Services University of Victoria