Please suggest on this. *Thanks & Regards :-* *VINOD SINGH SAUD* *(M):- 09718663552* *(W):-09997645597* *(E) :- vinod.samant.123@gmail.com <vinod.samant.123@gmail.com>* On Fri, May 11, 2018 at 6:33 PM, vinod samant <vinod.samant.123@gmail.com> wrote:
Hi , When i am going to comment those lines on server side ,syslog-ng is working fine ,But all logs are coming in one file */var/log/from_net .*
*commented lines:-*
source s_net { network(flags(no-parse)); };
parser p_apache { csv-parser( columns("apache.FILE_NAME", "apache.MESSAGE") flags(greedy) ); }; destination d_apache { file("/usr/local/apache/logs/${apache.FILE_NAME}" template("${apache.MESSAGE}\n")); };
log{ source (s_net); parser (p_apache); destination(d_apache); };
*Is it necessary to define port in server side configuration file also?*
*Can you share wildcard configuration for both server side and cilent side?*
*Thanks & Regards :-*
*VINOD SINGH SAUD*
*(M):- 09718663552*
*(W):-09997645597*
*(E) :- vinod.samant.123@gmail.com <vinod.samant.123@gmail.com>*
On Fri, May 11, 2018 at 6:02 PM, Nagy, Gábor <gabor.nagy@balabit.com> wrote:
Hi!
It seems that some other process is using the default syslog port
Starting syslog-ng: [2018-05-11T16:41:55.756615] Error binding socket; addr='AF_INET(0.0.0.0:514)', error='Address already in use (98)'
I would suggest to check the port with netstat.
Regards, Gabor
On Fri, May 11, 2018 at 1:23 PM, vinod samant <vinod.samant.123@gmail.com
wrote:
Hi I am getting below error while restarting server .
[root@localhost logs]# /etc/init.d/syslog-ng restart Stopping syslog-ng: [FAILED] syslog-ng is stopped Starting syslog-ng: [2018-05-11T16:41:55.756615] Error binding socket; addr='AF_INET(0.0.0.0:514)', error='Address already in use (98)' [2018-05-11T16:41:55.756684] Error initializing message pipeline; plugin name='network', location='/etc/syslog-ng/syslog-ng.conf:24:3' [FAILED]
My requirement :-
OS:- centos 6.5
1. I want to use wildcard to send all apache custom logs from client to server .
Configuration of both client and server :-
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>client conf<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< @version:3.13 @include "scl.conf" @define allow-config-dups 1
source s_local { system(); internal();
}; destination d_network {udp("192.168.122.67" port(514));
};
destination d_local { file("/var/log/messages"); };
log{ source(s_local); destination(d_network); destination(d_local);
};
#################### source s_local{ wildcard-file( base-dir("/usr/local/apache/logs") filename-pattern("*.log") recursive(no) follow-freq(1)); };
destination d_network {tcp("192.168.122.67" port(514));
};
log{ source(s_local); destination(d_network);
};
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>server conf<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
@version:3.13 @include "scl.conf"
source s_local{system(); internal();}; source s_network{
udp(); tcp();
};
destination d_local{file("/var/log/messages");}; destination d_from_net{file("/var/log/from_net");}; log{ source(s_local); destination(d_local); }; log { source(s_network); destination(d_from_net); };
source s_net { network(flags(no-parse)); };
parser p_apache { csv-parser( columns("apache.FILE_NAME", "apache.MESSAGE") flags(greedy) ); }; destination d_apache { file("/usr/local/apache/logs/${apache.FILE_NAME}" template("${apache.MESSAGE}\n")); };
log{ source (s_net); parser (p_apache); destination(d_apache); };
What should be changed on configuration file on both side ?
*Thanks & Regards :-*
*VINOD SINGH SAUD*
*(M):- 09718663552*
*(W):-09997645597*
*(E) :- vinod.samant.123@gmail.com <vinod.samant.123@gmail.com>*
____________________________________________________________ __________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support /documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
____________________________________________________________ __________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product= syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq