Here is the syslog-stat if it helps in any way to debug this further. Nov 17 13:20:23 s_all@aspsyslog syslog-ng[4460]: Log statistics; processed='global(payload_reallocs)=0', processed='src.internal(s_all#3)=91', stamp='src.internal(s_all#3)=1290021623', processed='global(msg_clones)=0', processed='source(s_all)=92', processed='global(sdata_updates)=0', processed='destination(d_file_normal)=97', processed='center(received)=0', processed='center(queued)=0' On Wed, Nov 17, 2010 at 4:59 PM, keshava V <mv.keshava@gmail.com> wrote:
Messages from kernel, syslog-ng are being written but not the ones coming on udp 514 to the destination file as seen below.
[root@aspsyslog ~]# ls -ltr /var/log/messages_syslog-ng.log -rw-r--r-- 1 root root 24645 2010-11-17 15:32 /var/log/messages_syslog-ng.log
Nov 17 14:28:55 s_all@aspsyslog syslog-ng[4460]: Configuration reload request received, reloading configuration; Nov 17 14:29:40 s_all@aspsyslog syslog-ng[4460]: Configuration reload request received, reloading configuration; Nov 17 14:30:09 s_all@aspsyslog syslog-ng[4460]: Configuration reload request received, reloading configuration; Nov 17 14:36:33 s_all@aspsyslog syslog-ng[4460]: Termination requested via signal, terminating; Nov 17 14:36:33 s_all@aspsyslog syslog-ng[4460]: syslog-ng shutting down; version='3.1.2' Nov 17 14:36:40 s_all@aspsyslog syslog-ng[8051]: syslog-ng starting up; version='3.1.2' Nov 17 14:40:49 s_all@aspsyslog syslog-ng[8051]: Configuration reload request received, reloading configuration; Nov 17 14:47:07 s_all@aspsyslog syslog-ng[8051]: Termination requested via signal, terminating; Nov 17 14:47:07 s_all@aspsyslog syslog-ng[8051]: syslog-ng shutting down; version='3.1.2' Nov 17 14:55:43 s_all@aspsyslog kernel: device eth0 entered promiscuous mode Nov 17 14:56:09 s_all@aspsyslog kernel: device eth0 left promiscuous mode Nov 17 14:58:04 s_all@aspsyslog kernel: device eth0 entered promiscuous mode Nov 17 14:58:11 s_all@aspsyslog kernel: device eth0 left promiscuous mode
On Wed, Nov 17, 2010 at 4:29 PM, Martin Holste <mcholste@gmail.com> wrote:
Hm, maybe a permissions issue with writing? Try putting in /tmp/somefile as the destination and see if that works. Also, you should verify that messages are in fact arriving on the server using tcpdump.
On Wed, Nov 17, 2010 at 3:44 PM, keshava Veerabhadraiah <mv.keshava@gmail.com> wrote:
Hi I am new to syslog-ng and I have gone through other post to see if I can get a resolution to my problem. Syslog is not writing to the destination file any messages received on udp() or tcp(). I have made sure that syslog server is receiving the syslog messages as seen from the tcpdump
15:09:55.422423 IP 10.140.141.6.syslog > aspsyslog.sungardebs.com.syslog: SYSLOG local4.warning, length: 153 15:09:55.434638 IP 10.140.141.6.syslog > aspsyslog.sungardebs.com.syslog: SYSLOG local4.info, length: 184 15:09:55.470383 IP 10.140.141.6.syslog > aspsyslog.sungardebs.com.syslog: SYSLOG local4.info, length: 176 15:09:55.473519 IP 10.140.141.6.syslog > aspsyslog.sungardebs.com.syslog: SYSLOG local4.info, length: 190 15:09:55.493361 IP 10.140.141.6.syslog > aspsyslog.sungardebs.com.syslog: SYSLOG local4.info, length: 180 15:09:55.493748 IP aspsyslog.sungardebs.com.ssh > nim.sungardebs.com.42703: P 128608:129696(1088) ack 289 win 461 <nop,nop,timestamp 88706531 1310848493> 15:09:55.495519 IP 10.140.141.9.syslog > aspsyslog.sungardebs.com.syslog: SYSLOG local4.info, length: 188 15:09:55.495548 IP 10.140.141.9.syslog > aspsyslog.sungardebs.com.syslog: SYSLOG local4.debug, length: 90 15:09:55.495556 IP 10.140.141.9.syslog > aspsyslog.sungardebs.com.syslog: SYSLOG local4.debug, length: 85 15:09:55.521115 IP 10.140.141.6.syslog > aspsyslog.sungardebs.com.syslog: SYSLOG local4.debug, length: 87 15:09:55.521188 IP 10.140.141.6.syslog > aspsyslog.sungardebs.com.syslog: SYSLOG local4.info, length: 188 15:09:55.522041 IP 10.140.141.6.syslog > aspsyslog.sungardebs.com.syslog: SYSLOG local4.info, length: 175 15:09:55.522212 IP 10.140.141.7.syslog > aspsyslog.sungardebs.com.syslog: SYSLOG local4.info, length: 164
Here is how my syslog-ng config looks.
@version: 3.0 #Default configuration file for syslog-ng. # # For a description of syslog-ng configuration file directives, please read # the syslog-ng Administrator's guide at: # # http://www.balabit.com/dl/html/syslog-ng-admin-guide_en.html/bk01-toc.html #
options { chain_hostnames(no); create_dirs (no); dir_perm(0755); dns_cache(no); keep_hostname(yes); log_fifo_size(2048); log_msg_size(1024); log_iw_size (500); long_hostnames(on); perm(0644); stats_freq(3600); flush_lines(100); time_reopen (10); use_dns(no); use_fqdn(yes); # max_connections(100);
};
source s_all { udp(so_rcvbuf(2048576)); tcp(); unix-stream("/dev/log"); internal(); file("/proc/kmsg"); };
destination d_file_normal {file("/var/log/messages_syslog-ng.log"); };
log { source(s_all); destination (d_file_normal); };
Any help would be greatly appreciated.
Thanks
______________________________________________________________________________
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.campin.net/syslog-ng/faq.html
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.campin.net/syslog-ng/faq.html