Really? On Thu, 11 Oct 2018, 22:38 Rodney Bizzell, <hardworker30@gmail.com> wrote:
Should I make a change to the config
On Thu, Oct 11, 2018, 3:25 PM Szemere, László < laszlo.szemere@oneidentity.com> wrote:
Dear Rodney Bizzell, I started a freshly built syslog-ng from the latest revision from the OSE master with your config (I used dbld for this.), and it immediatelly pointed out one syntax error:
Error parsing afsocket, inner-dest plugin spoof_sources not found in /source/syslog-ng.conf: 45 46 47 destination d_graylog { 48 tcp("0.0.0.0" 49 port (12201) 50----> spoof_sources(yes) 50----> ^^^^^^^^^^^^^ 51 ); 52 }; 53 54 55 filter f_kernel { facility(kern); };
Since you did not provided any error message/output from your instance, I can not investigate it any further currently.
If you encounter any other issue, please try to provide as many information as you can. Including at least the: - platform - syslog-ng version - installation source (custom built, OBS repository, etc...) - configuration - output from syslog-ng - network setup (if the problem can not be reproduced with the loopback interface only)
Br, Laci
On Thu, Oct 11, 2018 at 6:01 PM, Rodney Bizzell <hardworker30@gmail.com> wrote:
Ok I have 3.5 syslog-ng
On Thu, Oct 11, 2018, 10:43 AM Szemere, László < laszlo.szemere@oneidentity.com> wrote:
Dear Rodney Bizzel,
if you start syslog-ng with the following options: -F (foreground) -d (debug) -e (stderr) -v (verbose) it will provide a verbosed information during the startup. It will help a lot to figure out the root cause of the problem.
Note: If you have the option to update your syslog-ng version: Since 3.15.1 (PR: https://github.com/balabit/syslog-ng/pull/1932) syslog-ng will point out the exact location of syntax errors.
Br, Laci
On Thu, Oct 11, 2018 at 3:38 PM, Rodney Bizzell <hardworker30@gmail.com
wrote:
It isn't starting up at all once I add those changes to the config it says invalid syntax
On Thu, Oct 11, 2018 at 9:22 AM Szemere, László < laszlo.szemere@oneidentity.com> wrote:
Dear Rodney Bizzell, sorry for the misunderstanding, now it is clear for us, that you anonymised your config. just a note: it is preferable to use different masking addresses for different original IP's. i.e.: I can not check this source: "udp(ip(0.0.0.0) port(514));"
Back to your problem. It is not clear for me what do you mean by "once changes are made syslog-ng is failing" It is not starting up at all? Or just not forwarding logs to your Graylog server?
Br, Laci
On Thu, Oct 11, 2018 at 2:03 PM, Rodney Bizzell < hardworker30@gmail.com> wrote:
> I just changed my information on my graylog box 0.0.0.0 isn't what I > had in there. The way the config is did that look syntax correctly > > On Thu, Oct 11, 2018, 12:26 AM Péter, Kókai < > peter.kokai@oneidentity.com> wrote: > >> Hello, >> >> If you starg syslogng with -Fe it might give you a clue. >> Also 0.0.0.0 is a no - routable address, so it is fine for source, >> not so much for destination, you should check out on which ip graylog >> listening, if it is 0.0.0.0 you could use the loopback device 120.0.0.1 (or >> other valid ip, but lo would be preferable). >> >> -- >> Kokan >> >> On Wed, 10 Oct 2018, 10:57 pm Rodney Bizzell, < >> hardworker30@gmail.com> wrote: >> >>> I have install syslog-ng 3.5 and I am configuring it to send all >>> logs to Graylog but once changes are made syslog-ng is failing. I change >>> the address of graylog server to 0.0.0.0 >>> >>> >>> @version:3.5 >>> @include "scl.conf" >>> >>> # syslog-ng configuration file. >>> # >>> # This should behave pretty much like the original syslog on >>> RedHat. But >>> # it could be configured a lot smarter. >>> # >>> # See syslog-ng(8) and syslog-ng.conf(5) for more information. >>> # >>> # Note: it also sources additional configuration files (*.conf) >>> # located in /etc/syslog-ng/conf.d/ >>> >>> options { >>> flush_lines (0); >>> time_reopen (10); >>> log_fifo_size (1000); >>> chain_hostnames (off); >>> use_dns (no); >>> use_fqdn (no); >>> create_dirs (no); >>> keep_hostname (yes); >>> }; >>> >>> source s_sys { >>> system(); >>> internal(); >>> udp(ip(0.0.0.0) port(514)); >>> }; >>> >>> source s_net { >>> udp(ip(0.0.0.0) port(514)); >>> tcp(ip(0.0.0.0) port(514) max-connections(256)); >>> }; >>> >>> destination d_cons { file("/dev/console"); }; >>> destination d_mesg { file("/var/log/messages"); }; >>> destination d_auth { file("/var/log/secure"); }; >>> destination d_mail { file("/var/log/maillog" flush_lines(10)); }; >>> destination d_spol { file("/var/log/spooler"); }; >>> destination d_boot { file("/var/log/boot.log"); }; >>> destination d_cron { file("/var/log/cron"); }; >>> destination d_kern { file("/var/log/kern"); }; >>> destination d_mlal { usertty("*"); }; >>> >>> >>> destination d_graylog { >>> tcp("0.0.0.0" >>> port (12201) >>> spoof_sources(yes) >>> ); >>> }; >>> >>> >>> filter f_kernel { facility(kern); }; >>> filter f_default { level(info..emerg) and >>> not (facility(mail) >>> or facility(authpriv) >>> or facility(cron)); }; >>> filter f_auth { facility(authpriv); }; >>> filter f_mail { facility(mail); }; >>> filter f_emergency { level(emerg); }; >>> filter f_news { facility(uucp) or >>> (facility(news) >>> and level(crit..emerg)); }; >>> filter f_boot { facility(local7); }; >>> filter f_cron { facility(cron); }; >>> >>> #log { source(s_sys); filter(f_kernel); destination(d_cons); }; >>> log { source(s_sys); filter(f_kernel); destination(d_kern); }; >>> log { source(s_sys); filter(f_default); destination(d_mesg); }; >>> log { source(s_sys); filter(f_auth); destination(d_auth); }; >>> log { source(s_sys); filter(f_mail); destination(d_mail); }; >>> log { source(s_sys); filter(f_emergency); destination(d_mlal); }; >>> log { source(s_sys); filter(f_news); destination(d_spol); }; >>> log { source(s_sys); filter(f_boot); destination(d_boot); }; >>> log { source(s_sys); filter(f_cron); destination(d_cron); }; >>> >>> >>> >>> log { source(s_net); destination(d_graylog); }; >>> log { source(s_sys); filter(f_default); destination(d_graylog);}; >>> >>> # Source additional configuration files (.conf extension only) >>> @include "/etc/syslog-ng/conf.d/*.conf" >>> >>> >>> # vim:ft=syslog-ng:ai:si:ts=4:sw=4:et: >>> >>> >>> ______________________________________________________________________________ >>> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng >>> Documentation: >>> http://www.balabit.com/support/documentation/?product=syslog-ng >>> FAQ: http://www.balabit.com/wiki/syslog-ng-faq >>> >>> >> ______________________________________________________________________________ >> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng >> Documentation: >> http://www.balabit.com/support/documentation/?product=syslog-ng >> FAQ: http://www.balabit.com/wiki/syslog-ng-faq >> >> > > ______________________________________________________________________________ > Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng > Documentation: > http://www.balabit.com/support/documentation/?product=syslog-ng > FAQ: http://www.balabit.com/wiki/syslog-ng-faq > > >
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq