Dear All, i am still suffring form the issue in syslog-ng can anyone please review my config file. And tell me where excatly i need to make changes. Regards, Add --- On Wed, 10/11/10, Fekete Robert <frobert@balabit.hu> wrote: From: Fekete Robert <frobert@balabit.hu> Subject: Re: [syslog-ng] Not able to recive all syslog messages To: "Syslog-ng users' and developers' mailing list" <syslog-ng@lists.balabit.hu> Date: Wednesday, 10 November, 2010, 2:52 PM Hi, you might have to increase your UDP receive buffer (so_recvbuf() option in syslog-ng) and the net.core.rmem_max option on your host, see http://www.balabit.com/sites/default/files/documents/syslog-ng-ose-v3.2-guid... Others have reported similar problems recently with the default UDP settings of RHEL, you might have run into the same issue. Regards, Robert add gy wrote:
Hi, I have installed syslog-ng on RHEL server as log host server for 250 router , switches but some time i recive messages some times i dont , when i check it on other syslog server on windows i revice syslog messages with any problem. Request to please review syslog-ng config file and give some suggetion. config file ------------------------------------------------------------------------------------------------------------------------- # configuration file for syslog-ng, customized for remote logging # source s_internal { internal(); }; destination d_syslognglog { file("/var/log/syslog-ng.log"); }; log { source(s_internal); destination(d_syslognglog); }; # Local sources, filters and destinations are commented out # If you want to replace sysklogd simply uncomment the following # parts and disable sysklogd # # Local sources # #source s_local { # unix-dgram("/dev/log"); # file("/proc/kmsg" log_prefix("kernel:")); #}; # # Local filters # #filter f_messages { level(info..emerg); }; #filter f_secure { facility(authpriv); }; #filter f_mail { facility(mail); }; #filter f_cron { facility(cron); }; #filter f_emerg { level(emerg); }; #filter f_spooler { level(crit..emerg) and facility(uucp, news); }; #filter f_local7 { facility(local7); }; # # Local destinations # #destination d_messages { file("/var/log/messages"); }; #destination d_secure { file("/var/log/secure"); }; #destination d_maillog { file("/var/log/maillog"); }; #destination d_cron { file("/var/log/cron"); }; #destination d_console { usertty("root"); }; #destination d_spooler { file("/var/log/spooler"); }; #destination d_bootlog { file("/var/log/boot.log"); }; # # Local logs - order DOES matter ! # #log { source(s_local); filter(f_emerg); destination(d_console); }; #log { source(s_local); filter(f_secure); destination(d_secure); flags(final); }; #log { source(s_local); filter(f_mail); destination(d_maillog); flags(final); }; #log { source(s_local); filter(f_cron); destination(d_cron); flags(final); }; #log { source(s_local); filter(f_spooler); destination(d_spooler); }; #log { source(s_local); filter(f_local7); destination(d_bootlog); }; #log { source(s_local); filter(f_messages); destination(d_messages); };
# Remote logging source s_remote { tcp(ip(0.0.0.0) port(514)); udp(ip(0.0.0.0) port(514)); }; destination d_separatedbyhosts { file("/var/log/syslog-ng/$HOST/messages" owner("root") group("root") perm(0655) dir_perm(0744) create_dirs(yes)); }; log { source(s_remote); destination(d_separatedbyhosts); }; ------------------------------------------------------------------------------------------------------------------------ Regards, Add
------------------------------------------------------------------------
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.campin.net/syslog-ng/faq.html
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.campin.net/syslog-ng/faq.html