As a test case, I'd recommend adding a file destination so you can interactively tail the file to test your delivery. Once you have that in place, force authpriv traffic generation on your source hosts and verify that it's arriving at your collector. A la: destination test { file("/tmp/foo"); }; log{ source(s_udpmessages); destination(test); }; If you don't see it arrive using a simple configuration like this, supplement your diagnosis with `tcpdump udp port 514` and repeat traffic generation. If you still don't see the packet arrive, repeat the tcpdump step on the device sending the log entry, and verify that the syslogd is sending it out. If your collector has multiple network addresses/interfaces, verify that syslog-ng is listening on the address you're expecting to see it on (`netstat -plan | grep 514`) Other things that could prevent delivery include network ACLs, iptables firewall rules, and sunspots. - billn On Thu, 12 Jan 2006, Peter Koinange wrote:
I have included my config
On Thursday 12 January 2006 20:11, Peter Koinange wrote:
I have a very basic setup at the monet for syslog-ng server, am just writing everything i get to the database regardless of the facility/severity combination since the database can get check for specific details
k source src {unix-stream("/dev/log"); pipe("/proc/kmsg"); internal();}; source s_udpmessages { udp(); };
destination d_mysql { pipe("/var/log/mysql.pipe" template("INSERT INTO logs (host, facility, priority, level, tag, datetime, program, msg) VALUES ( '$HOST', '$FACILITY', '$PRIORITY', '$LEVEL', '$TAG', '$YEAR-$MONTH-$DAY $HOUR:$MIN:$SEC','$PROGRAM', '$MSG' );\n") template-escape(yes)); }; log { source(src); destination(d_mysql); }; log { source(s_udpmessages); destination(d_mysql); };
On Thursday 12 January 2006 20:00, Bill Nash wrote:
This is kind of a silly question, but did you bounce the syslogd after you made that config change? Assuming you're sending this to a syslog-ng daemon as a central collection source, where is the syslog-ng daemon configured to place logs for that facility/severity combination?
- billn
syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
_______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html