I had to set
up some solaris boxes several months ago with syslog and had trouble
getting the exact config as well. Unfortunately those boxes are now
gone so I cant pull the configuration off them, but I do know that
/etc/.syslog_door was not the door file. I believe it was
/var/run/syslog_door
Sent: Wednesday, July 21, 2010 10:11:41 AM
From: Chuck
<chuck.carson@gmail.com>
To: Syslog-ng users' and developers' mailing list
<syslog-ng@lists.balabit.hu>
Subject: [syslog-ng] Messages Not Getting Logged
Hello,
I am using the
sunfreeware build of syslog-ng 3.04 on a Solaris 10 Update 8 system:
syslog-ng 3.0.4
Revision:
ssh+git://bazsi@git.balabit//var/scm/git/syslog-ng/syslog-ng-ose--mainline--3.0#master#1b5d618e301ad94aa20e692ffba16469dece8d10
Compile-Date: Sep
2 2009 05:14:23
Enable-Threads: off
Enable-Debug: off
Enable-GProf: off
Enable-Memtrace: off
Enable-Sun-STREAMS:
on
Enable-Sun-Door: on
Enable-IPv6: on
Enable-Spoof-Source:
on
Enable-TCP-Wrapper:
off
Enable-SSL: on
Enable-SQL: off
Enable-Linux-Caps:
off
Enable-Pcre: on
My internal() source is working but the sun-streams source is not.
Here are my options:
options {
use_fqdn(no);
flush_lines(0);
dir_perm(0755);
dir_group(sysadmin);
dir_owner(root);
perm(0644);
stats_freq(300);
use_dns(no);
create_dirs(yes);
time_reopen(10);
};
Here are my sources:
source
s_internal { internal(); };
source
s_udp { udp(); };
source
s_tcp { tcp(); };
source
s_streams { sun-streams ("/dev/log" door("/etc/.syslog_door"));
};
Here are my filters
so far:
# Level Filters
filter f_emerg {
level (emerg); };
filter f_alert {
level (alert .. emerg); };
filter f_crit {
level (crit .. emerg); };
filter f_err {
level (err .. emerg); };
filter f_warning {
level (warning .. emerg); };
filter f_notice {
level (notice .. emerg); };
filter f_info {
level (info .. emerg); };
filter f_debug {
level (debug .. emerg); };
# Facility Filters
filter f_kern {
facility (kern); };
filter f_user {
facility (user); };
filter f_mail {
facility (mail); };
filter f_daemon {
facility (daemon); };
filter f_auth {
facility (auth); };
filter f_syslog {
facility (syslog); };
filter f_lpr {
facility (lpr); };
filter f_news {
facility (news); };
filter f_uucp {
facility (uucp); };
filter f_cron {
facility (cron); };
filter f_local0 {
facility (local0); };
filter f_local1 {
facility (local1); };
filter f_local2 {
facility (local2); };
filter f_local3 {
facility (local3); };
filter f_local4 {
facility (local4); };
filter f_local5 {
facility (local5); };
filter f_local6 {
facility (local6); };
filter f_local7 {
facility (local7); };
Here are my
destinations so far:
# Destinations:
local files, the console, and the client files
destination
l_internal { file ("/var/adm/syslog-ng"); };
destination
l_authlog { file ("/var/log/authlog"); };
destination
l_messages { file ("/var/log/messages"); };
destination
l_maillog { file ("/var/log/maillog"); };
destination
l_ipflog { file ("/var/log/ipflog"); };
destination
l_imaplog { file ("/var/log/imaplog"); };
destination
l_syslog { file ("/var/log/syslog"); };
destination
l_console { file ("/dev/console"); };
Here are my log
statements:
log { source
(s_internal); destination (l_internal); }; # <==== this
one is working
log { source
(s_streams); filter (f_kern); filter (f_debug); destination
(l_messages); }; #<====== this on is not working
I have tried the
following logger tests and am not getting anything logged:
logger -p
kern.debug "some message"
logger -p kern.crit
"some message"
logger -p kern.info "some
message"
I have restarted
syslog-ng and ensured that it is using my most recent syslog-ng.conf
file.
Thanks for any help,
CC
______________________________________________________________________________
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
FAQ: http://www.campin.net/syslog-ng/faq.html