Re: [syslog-ng] Syslog-ng Multiple Instances

28 Jun 2016

      Jim,

No errors as the instance starts normally and listens on port 518. However, no logs are received or forwarded. 

root@syslog-ng1:/usr/local/bin/syslog-ng-Second-Instance# netstat -an |grep 518
udp        0      0 0.0.0.0:518             0.0.0.0:*

The test device is on the same subnet as syslog-ng listening on port 518, so there aren't any firewall issues. I've verified the test device is configured for port 518.

However, when I check ctl stats, it's seeing the stats of the production syslog-ng instance.  So, it appears this is improperly configured, but it's unknown what needs to be changed.

Best Regards,

-----Original Message-----
From: jrhendri@roadrunner.com [mailto:jrhendri@roadrunner.com] 
Sent: Tuesday, June 28, 2016 12:53 PM
To: Syslog-ng users' and developers' mailing list
Cc: David Campeau
Subject: Re: [syslog-ng] Syslog-ng Multiple Instances

The only thing that would limit the number of instances that I am aware of are conflicts for opening things like network ports, connections to databases, maybe FIFOs, etc.

I would look at that as a place to start.

What kind of errors are you getting when you try to start the second instance?

Jim

---- David Campeau <David.Campeau@tn.gov> wrote:
...
Hello,
I've been using syslog-ng to filter syslog before forwarding on to a log collector. However, I need to spin up a second instance for testing purposes. I've found a little bit of information on-line, but it hasn't completed the entire picture.
This is the command used to start up the 2nd instance. I'm pointing to separate .conf .persist .pid and .ctl files -- However, it's still not working. I suspect the issue is due to OS log sources. How do a change log sources?
syslog-ng --cfgfile=/usr/local/bin/syslog-ng-Second-Instance/syslog-ng.conf --persist-file=/usr/local/bin/syslog-ng-Second-Instance/syslog-ng.persist --pidfile=/usr/local/bin/syslog-ng-Second-Instance/syslog-ng.pid --control=/usr/local/bin/syslog-ng-Second-Instance/syslog-ng.ctl &
This is the upper part of the syslog-ng.conf file for the 2nd instance I wish to run.
@version: 3.3.4
@include "scl.conf"
    options {
        time-reap(30);
        mark-freq(10);
        keep-hostname(yes);
        chain-hostnames(no);
        use-dns(no);
##       log-fifo-size(500000);                ## Tuning Options
##      flush_lines(10000);                   ## Tuning Options
##       flush_timeout(10000);                ## Tuning Options
    };
source s_second_instance {
        syslog(transport("udp") port("518"));       #### Will receive test syslog on port 518
        };
destination d_syslog_udp {
        syslog("10.X.X.X"
            transport("udp")
            port("514")
            throttle(4000)
        );
    };
I'm hoping someone has experience or has seen information on how to run a 2nd instance on the same box.
Best Regards,
David