New to syslog-ng, basic setup help reuqested
Afternoon, looking to do some real basic logging for our webservers. They are all running ubuntu-server 8.10, and I have a standalone box which will act as the 'log server'. They have webmin installed, so I setup using that as it seemed pretty straight forward. So the server is running and when I start one of the webservers which I configured, I recive the following error; * Starting system logging syslog-ng Error binding socket; addr='AF_UNIX(/var/log/apache2/ws8.mydomain.com-access_log)', error='Address already in use (98)' I thought it might be due to apache running, so stopped that, but still the same error. the conf file is HUGE, and 95% is a stock install, so I will just put what the client / server has that is specific to this item I wish to remote log. Client: destination WFLogger { udp(192.168.2.60); }; source domain_access { unix-stream("/var/log/apache2/ws8.domain.com-access_log"); }; log { source(domain_access); destination(WFLogger); flags(catchall); }; On the server, I don't see anything that stands out that say's "accept connections" so not sure if there is anything special that has to be done, but the error on the client is immediate so that part seems to be a local issue. Thanks
That looks like a bind() error message which suggests that another process is already listening on the socket in question. Use lsof to find out which process that is. # lsof /var/log/apache2/ws8.mydomain.com-access_log ________________________________ From: syslog-ng-bounces@lists.balabit.hu [mailto:syslog-ng-bounces@lists.balabit.hu] On Behalf Of lance raymond Sent: 04 June 2009 18:11 To: syslog-ng@lists.balabit.hu Subject: [syslog-ng] New to syslog-ng, basic setup help reuqested Afternoon, looking to do some real basic logging for our webservers. They are all running ubuntu-server 8.10, and I have a standalone box which will act as the 'log server'. They have webmin installed, so I setup using that as it seemed pretty straight forward. So the server is running and when I start one of the webservers which I configured, I recive the following error; * Starting system logging syslog-ng Error binding socket; addr='AF_UNIX(/var/log/apache2/ws8.mydomain.com-access_log)', error='Address already in use (98)' I thought it might be due to apache running, so stopped that, but still the same error. the conf file is HUGE, and 95% is a stock install, so I will just put what the client / server has that is specific to this item I wish to remote log. Client: destination WFLogger { udp(192.168.2.60); }; source domain_access { unix-stream("/var/log/apache2/ws8.domain.com-access_log"); }; log { source(domain_access); destination(WFLogger); flags(catchall); }; On the server, I don't see anything that stands out that say's "accept connections" so not sure if there is anything special that has to be done, but the error on the client is immediate so that part seems to be a local issue. Thanks
Yea, I got a bunch; COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME apache2 692 www-data 35w REG 8,1 100778670 2089232 /var/log/apache2/ws8.iwindsurf.com-access_log as just an example, and now that I am looking at it, I think I see the obvious. I haven't changed apache to stop writing local (I didn't think I had to) as I thought I could have the local and the remote (in case the remote failed). But that might not be the case. So I would assume the first step is to remove the vhost access log line. But now that I am thinking, the setup said what file was the local file in which it would be the /var/log/apache2/.... right? So if I tell apache not to write that access file how do you setup the client ? As I said, really new at this, so sorry if this seems basic, but the webmin module made it kinda easier, but still ... not easy enough! Thanks On Fri, Jun 5, 2009 at 10:53 AM, Fegan, Joe <Joe.Fegan@hp.com> wrote:
That looks like a bind() error message which suggests that another process is already listening on the socket in question. Use lsof to find out which process that is.
# lsof /var/log/apache2/ws8.mydomain.com-access_log
------------------------------ *From:* syslog-ng-bounces@lists.balabit.hu [mailto: syslog-ng-bounces@lists.balabit.hu] *On Behalf Of *lance raymond *Sent:* 04 June 2009 18:11 *To:* syslog-ng@lists.balabit.hu *Subject:* [syslog-ng] New to syslog-ng, basic setup help reuqested
Afternoon, looking to do some real basic logging for our webservers. They are all running ubuntu-server 8.10, and I have a standalone box which will act as the 'log server'. They have webmin installed, so I setup using that as it seemed pretty straight forward.
So the server is running and when I start one of the webservers which I configured, I recive the following error; * Starting system logging syslog-ng Error binding socket; addr='AF_UNIX(/var/log/apache2/ws8.mydomain.com-access_log)', error='Address already in use (98)'
I thought it might be due to apache running, so stopped that, but still the same error.
the conf file is HUGE, and 95% is a stock install, so I will just put what the client / server has that is specific to this item I wish to remote log.
Client: destination WFLogger { udp(192.168.2.60); }; source domain_access { unix-stream("/var/log/apache2/ws8.domain.com-access_log"); }; log { source(domain_access); destination(WFLogger); flags(catchall); };
On the server, I don't see anything that stands out that say's "accept connections" so not sure if there is anything special that has to be done, but the error on the client is immediate so that part seems to be a local issue.
Thanks
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.campin.net/syslog-ng/faq.html
participants (2)
-
Fegan, Joe
-
lance raymond