source s_tcp {

#       syslog(transport(tcp));

        udp(ip(10.13.6.83) port(514));

        tcp(ip(10.13.6.83) port(5149) max-connections(333));

};

destination d_tcp {

        file("/var/log/messages_tcp" owner("root") group("adm") perm(0640));

I got that part fixed thanks Zoltan. My next question is I set up this box (AIX 5.3) to be the central server and configure a client to forward syslog and it looks like the client is doing it:

 

# /usr/sbin/syslogd -d

0821-600 /usr/sbin/syslogd: continuing without SRC support

syslogd: bind: errno = 67

logmsg: pri 53, flags 8, from t01labax08, msg syslogd: bind: errno = 67

off & running....

init

cfline(*.debug  @10.13.6.83)

cfline(*.debug;mail.none        @10.13.6.83)

cfline(*.crit   @10.13.6.83)

cfline(mail.debug       @10.13.6.83     )

7 7 7 7 7 7 7 7 7 7 7 7 7 7 7 7 7 7 7 7 7 7 7 7 X FORW: 10.13.6.83

7 7 X 7 7 7 7 7 7 7 7 7 7 7 7 7 7 7 7 7 7 7 7 7 X FORW: 10.13.6.83

2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 X FORW: 10.13.6.83

X X 7 X X X X X X X X X X X X X X X X X X X X X X FORW: 10.13.6.83

logmsg: pri 56, flags 8, from t01labax08, msg syslogd: restart

Logging to FORW 10.13.6.83

Logging to FORW 10.13.6.83

syslogd: restarted

readfds = 0x10

got a message (-1, 0x10)

readfds = 0x10

got a message (-1, 0x10)

 

10.13.6.83 is my designated server and its seems it is not getting the forwarded log messages, here is how my syslog.conf for remote logging:

 

source s_tcp {

#       syslog(transport(tcp));

        udp(ip(10.13.6.83) port(514));

        tcp(ip(10.13.6.83) port(5149) max-connections(333));

};

 

destination d_tcp {

        file("/var/log/messages_tcp" owner("root") group("adm") perm(0640));

};

 

I do not see any traffic coming to my client t01labax08 going to my syslog server and /var/log/messages_tcp not even been created. Again what am I missing here? Sorry I’m syslog-ng newbie here….

 

 

Thanks and regards,

 

Agustin Lozada

UNIX System Admin

713-207-2474

 

From: Zoltán Pallagi [mailto:pzolee@balabit.hu]
Sent: Thursday, March 18, 2010 1:42 PM
To: Syslog-ng users' and developers' mailing list; Lozada, Agustin T
Subject: Re: [syslog-ng] Server conf for syslog-ng.conf

 

Hi,
replace this line:
source s_network { syslog(transport(tcp))};
with this one(missing semicolon at the end of last bracket):
source s_network { syslog(transport(tcp));};
2010.03.18. 19:29 keltezéssel, Lozada, Agustin T írta:

@version:3.0

options {

time_reap(30);

mark_freq(10);

keep_hostname(yes);

};

source s_local { unix-stream("/dev/log"); internal();};

source s_network { syslog(transport(tcp))};

destination d_logs {

file(

"/var/log/syslog-ng/logs.txt"

owner("root")

group("root")

perm(0777)

); };

log { source(s_local); source(s_network); destination(d_logs); };

 

 

--
pzolee

______________________________________________________________________________
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
FAQ: http://www.campin.net/syslog-ng/faq.html

  

-- 
pzolee