Unix/linux by default does not allow root write permissions to NFS mounted shares. I suspect this may be the problem. I would change the user:group that syslog-ng uses to write the data (if you *really* need to write to an NFS mount in the first place) -----Original Message----- From: syslog-ng-bounces@lists.balabit.hu [mailto:syslog-ng-bounces@lists.balabit.hu] On Behalf Of Rocco Scappatura Sent: Thursday, December 10, 2009 5:01 AM To: Syslog-ng users' and developers' mailing list Subject: Re: [syslog-ng] Syslogd and syslog-ng Hello,
Try it without using the filter on the logserver, and see if the mail logs are processed by syslog-ng, and what do they look like. Maybe it is a parsing issue, or something related to the missing timestamp/host you mentioned.
I have disable filter, but nothing of interesting happen. I always see the UDP packet for port 514 arriving from the mail server, but it seems that they are not threated by the loghost.
I have already turn off the firewall..
OPS.. I have found something in /var/log/messages...
Dec 10 09:42:23 syslogmi01 syslog-ng[13788]: Changing permissions on special fil e /dev/xconsole Dec 10 09:42:23 syslogmi01 syslog-ng[13788]: Changing permissions on special fil e /dev/tty10 Dec 10 09:42:23 syslogmi01 syslog-ng[13788]: Cannot open file /data/tmp-backup/e rnesto_mail for writing (Permission denied)
but:
syslogmi01:~ # ls -la /data/ total 8 drwxr-xr-x 3 root root 4096 Dec 2 17:05 . drwxr-xr-x 21 root root 4096 Dec 2 17:05 .. drwxr-xr-x 2 root root 80 Dec 10 09:46 tmp-backup
and
syslogmi01:~ # mount .. 192.168.252.180:/fs_repository_unico_logs_nfs/syslogmi01 on /data/tmp-backup type nfs (rw,addr=192.168.252.180) ..
Why it can't create log file?
I have changed the destination (sit on a local file system) and syslog-ng is able to write logs into the destination file. But when the file is located on an NFS share, syslog is unable to write into the destination. I have a similar platform using syslog-ng-1.6.8-20.4 and I have no such problem. While the syslog-ng version on which I'm encountering the problem is syslog-ng-1.6.8-20.18. It could be due to the version? I need an hint! Thanks, rocsca ____________________________________________________________________________ __ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.campin.net/syslog-ng/faq.html