Problems for configure syslog structured as a source
Hi all, I am trying to configure syslog-ng to receive syslog messages as syslog structured (IETF). To accomplish I have configured: source s_ietfsyslog { syslog (port(20514) transport(tcp)); }; but not messages are processed by syslog-ng (but messages arrives from third devices). Any idea??
On Fri, Jun 1, 2012 at 3:39 PM, C. L. Martinez <carlopmart@gmail.com> wrote:
Hi all,
I am trying to configure syslog-ng to receive syslog messages as syslog structured (IETF). To accomplish I have configured:
source s_ietfsyslog { syslog (port(20514) transport(tcp)); };
but not messages are processed by syslog-ng (but messages arrives from third devices).
Any idea??
Nothing??
Hi, do you use the source in a log statement? Is syslog-ng really listening on the specified port? Robert On 06/04/2012 08:08 AM, C. L. Martinez wrote:
On Fri, Jun 1, 2012 at 3:39 PM, C. L. Martinez<carlopmart@gmail.com> wrote:
Hi all,
I am trying to configure syslog-ng to receive syslog messages as syslog structured (IETF). To accomplish I have configured:
source s_ietfsyslog { syslog (port(20514) transport(tcp)); };
but not messages are processed by syslog-ng (but messages arrives from third devices).
Any idea??
Nothing?? ______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
On Mon, Jun 4, 2012 at 12:11 PM, Fekete Robert <frobert@balabit.hu> wrote:
Hi, do you use the source in a log statement? Is syslog-ng really listening on the specified port?
Robert
Yes, here it is: source s_ietfsyslog { syslog(ip(172.24.50.2) port(20514) transport(tcp)); }; log { source(s_ietfsyslog); destination(d_ietflog); flags(flow-control,final); }; Yes, it is listening: Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1166/sshd tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 1131/master tcp 0 172.24.50.2:20514 0.0.0.0:* LISTEN 1406/syslog-ng
"C. L. Martinez" <carlopmart@gmail.com> writes:
I am trying to configure syslog-ng to receive syslog messages as syslog structured (IETF). To accomplish I have configured:
source s_ietfsyslog { syslog (port(20514) transport(tcp)); };
but not messages are processed by syslog-ng (but messages arrives from third devices).
Can you post the full config? The source itself is correct, but there are many possibilities within other parts of the config where things could go wrong. -- |8]
On Mon, Jun 4, 2012 at 12:23 PM, Gergely Nagy <algernon@balabit.hu> wrote:
"C. L. Martinez" <carlopmart@gmail.com> writes:
I am trying to configure syslog-ng to receive syslog messages as syslog structured (IETF). To accomplish I have configured:
source s_ietfsyslog { syslog (port(20514) transport(tcp)); };
but not messages are processed by syslog-ng (but messages arrives from third devices).
Can you post the full config? The source itself is correct, but there are many possibilities within other parts of the config where things could go wrong.
@version:3.3 # # options # options { perm(0644); chain_hostnames(off); flush_lines(100); keep_hostname(yes); }; source s_ietfsyslog { syslog(ip(172.24.50.2) port(20514) transport(tcp)); }; destination d_ietflog { file("/tmp/test_corr.log"); }; log { source(s_ietfsyslog); destination(d_ietflog); flags(flow-control,final); }; .. and that's all ...
On Mon, Jun 4, 2012 at 12:27 PM, C. L. Martinez <carlopmart@gmail.com> wrote:
On Mon, Jun 4, 2012 at 12:23 PM, Gergely Nagy <algernon@balabit.hu> wrote:
"C. L. Martinez" <carlopmart@gmail.com> writes:
I am trying to configure syslog-ng to receive syslog messages as syslog structured (IETF). To accomplish I have configured:
source s_ietfsyslog { syslog (port(20514) transport(tcp)); };
but not messages are processed by syslog-ng (but messages arrives from third devices).
Can you post the full config? The source itself is correct, but there are many possibilities within other parts of the config where things could go wrong.
@version:3.3
# # options # options { perm(0644); chain_hostnames(off); flush_lines(100); keep_hostname(yes); };
source s_ietfsyslog { syslog(ip(172.24.50.2) port(20514) transport(tcp)); };
destination d_ietflog { file("/tmp/test_corr.log"); };
log { source(s_ietfsyslog); destination(d_ietflog); flags(flow-control,final); };
.. and that's all ...
Extrange: changin tcp transport by udp, works ... but I didn't see any difference between a normal log and using syslog driver ... Somebody knows why?
participants (3)
-
C. L. Martinez
-
Fekete Robert
-
Gergely Nagy