I installed syslog-ng-3.2.4 from source on Debian Lenny and when I start syslog-ng with /usr/local/syslog-ng/sbin/ syslog-ng it shows me this error: Error creating persistent state file; filename='/usr/local/syslog-ng/var/syslog-ng.persist-', error='No such file or directory (2)' Can someone help me please?
Hery Fanomezantsoa <rhfano@gmail.com> writes:
I installed syslog-ng-3.2.4 from source on Debian Lenny and when I start syslog-ng with /usr/local/syslog-ng/sbin/ syslog-ng it shows me this error: Error creating persistent state file; filename='/usr/local/syslog-ng/var/syslog-ng.persist-', error='No such file or directory (2)'
Create the /usr/local/syslog-ng/var directory, and this error should go away. -- |8]
Thank you very well. I just did that and it works. My next problem is when I set my source to tcp that is source s_tcp { tcp(ip(0.0.0.0) port(1468)); }; i'm not getting any log but it should listen to a remote host on port 1468. I tried it in another syslog-ng server running in cygwin and I get the log. Here is my config: ############################################################################# # Default syslog-ng.conf file which collects all local logs into a # single file called /var/log/messages. # @version: 3.2 @include "scl.conf" source s_local { system(); internal(); }; source s_network { udp(); }; source s_tcp { tcp(ip(0.0.0.0) port(1468)); }; filter f_mail { host("192.168.10.60") and facility(17); }; #filter f_sender { # match("SENDER"); #} destination d_local { file("/var/log/essai"); }; destination d_user { usertty("*"); }; destination d_mysql { pipe("/tmp/mysql.pipe" template("INSERT INTO logs (host, facility, priority, level, tag, date, time, program, msg) VALUES ('$HOST', '$FACILITY', '$PRIORITY', '$LEVEL', '$TAG', '$YEAR-$MONTH-$DAY', '$HOUR:$MIN:$SEC', '$PROGRAM', '$MSG');\n") template-escape(yes)); }; log { source(s_tcp); # uncomment this line to open port 514 to receive messages #source(s_network); filter(f_mail); #filter(f_sender); destination(d_local); #destination(d_mysql); };
Hery Fanomezantsoa <rhfano@gmail.com> writes:
filter f_mail { host("192.168.10.60") and facility(17); };
Are you sure this will do what you expect it to do? But, to make it clear: when you try to start up syslog-ng, does it start, or does it display an error? Or does neither? If it starts up, is it listening on port 1468? (check with netstat -tlnp | grep syslog-ng). If it is listening there, and you send messages, do they disappear? Do they still disappear if you remove the filter? If they don't, I'd suggest adding the following to your syslog-ng.conf: options { use_dns(no); }; I believe your problem is that your filter doesn't work, because syslog-ng resolves the hostname, so it never matches an IP. Disable resolving, and there you go. -- |8]
Thanks for your reply. I figured it out. My problem is that the appliance which is supposed to send the logs is not bind to the IP address of my syslog server.
participants (2)
-
Gergely Nagy
-
Hery Fanomezantsoa