I use the config file in contrib directory named syslog-ng.conf.Redhat. --begin-- options { sync (0); time_reopen (10); log_fifo_size (1000); long_hostnames (off); use_dns (no); use_fqdn (no); create_dirs (no); keep_hostname (yes); }; source s_sys { pipe ("/proc/kmsg" log_prefix("kernel: ")); unix-stream ("/dev/log"); internal(); }; destination d_cons { file("/dev/console"); }; destination d_mesg { file("/var/log/messages"); }; destination d_auth { file("/var/log/secure"); }; destination d_mail { file("/var/log/maillog"); }; destination d_spol { file("/var/log/spooler"); }; destination d_boot { file("/var/log/boot.log"); }; destination d_cron { file("/var/log/cron"); }; destination d_mlal { usertty("*"); }; filter f_filter1 { facility(kern); }; filter f_filter2 { level(info) and not (facility(mail) or facility(authpriv) or facility(cron)); }; filter f_filter3 { facility(authpriv); }; filter f_filter4 { facility(mail); }; filter f_filter5 { level(emerg); }; filter f_filter6 { facility(uucp) or (facility(news) and level(crit)); }; filter f_filter7 { facility(local7); }; filter f_filter8 { facility(cron); }; #log { source(s_sys); filter(f_filter1); destination(d_cons); }; log { source(s_sys); filter(f_filter2); destination(d_mesg); }; log { source(s_sys); filter(f_filter3); destination(d_auth); }; log { source(s_sys); filter(f_filter4); destination(d_mail); }; log { source(s_sys); filter(f_filter5); destination(d_mlal); }; log { source(s_sys); filter(f_filter6); destination(d_spol); }; log { source(s_sys); filter(f_filter7); destination(d_boot); }; log { source(s_sys); filter(f_filter8); destination(d_cron); }; --end-- syslogd & klogd are stopped. But syslog-ng failed to start. #service syslog status syslogd is stopped klogd is stopped #syslog-ng Error opening file /proc/kmsg for reading (No such file or directory) Error initializing configuration, exiting. Then I try to forget about kernel logging first. I use another simple configuration for test. --begin-- # Simple syslog-ng.conf file. options { use_fqdn(no); sync(0); }; source s_sys { unix-stream("/dev/log"); internal(); }; destination d_security { file("/var/log/security"); }; destination d_messages { file("/var/log/messages"); }; destination d_console { usertty("root"); }; filter f_authpriv { facility(auth, authpriv); }; filter f_messages { level(info .. emerg) and not facility(auth, authpriv); }; filter f_emergency { level(emerg); }; log { source(s_sys); filter(f_authpriv); destination(d_security); }; log { source(s_sys); filter(f_messages); destination(d_messages); }; log { source(s_sys); filter(f_emergency); destination(d_console); }; --end-- syslog-ng seems to start this time. But I find a file named '?' in the syslog-ng starting directory,it contains the exact logging messages. #syslog-ng #ls ? bin doc etc ... #logger -p local0.info "test test" #cat ? Aug 20 09:43:20 s_sys@power syslog-ng[351]: syslog-ng version 1.6.0rc3 starting Aug 20 09:43:20 s_sys@power syslog-ng[351]: syslog-ng version 1.6.0rc3 starting Aug 20 09:44:00 s_sys@power CROND[358]: (mailman) CMD (/usr/bin/python -S /var/mailman/cron/qrunner) Aug 20 09:44:00 s_sys@power CROND[358]: (mailman) CMD (/usr/bin/python -S /var/mailman/cron/qrunner) Aug 20 09:44:38 s_sys@power root: test test Aug 20 09:44:38 s_sys@power root: test test # The result is same by replace unix-stream with unix-dgram in source directive. The debug output is like: #syslog-ng -d -F io.c: listening on fd 3 syslog-ng version 1.6.0rc3 starting io.c: Preparing fd 4 for reading Read EOF on fd 4. Marking fd 4 for closing. Closing fd 4. io.c: Preparing fd 4 for reading Read EOF on fd 4. Marking fd 4 for closing. Closing fd 4. io.c: Preparing fd 4 for reading io.c: Preparing fd 5 for writing Read EOF on fd 4. Marking fd 4 for closing. Closing fd 4. io.c: Preparing fd 4 for reading Read EOF on fd 4. Marking fd 4 for closing. Closing fd 4. ... best regards zhen -----Original Message----- From: Hamilton Andrew [mailto:Andrew.Hamilton@afccc.af.mil] Sent: Tuesday, August 19, 2003 8:20 PM To: syslog-ng@lists.balabit.hu Subject: RE: [syslog-ng]src/tests/testall failed! I have 8 Redhat 7.3 systems running syslog-ng with that very source statement, except I use unix-dgram, and it works fine. Have you stopped klogd? Are you chroot-ing? Why don't you post your entire config file? That may help us help you more. Regards, Drew -----Original Message----- From: Wang, Zhenyu Z [mailto:zhenyu.z.wang@intel.com] Sent: Tuesday, August 19, 2003 1:33 AM To: syslog-ng@lists.balabit.hu Subject: RE: [syslog-ng]src/tests/testall failed! Can you tell me why the script does not work? On my RH7.3, syslog-ng.conf.Redhat is not working fine. source s_sys { pipe ("/proc/kmsg" log_prefix("kernel: ")); unix-stream ("/dev/log"); internal(); }; $syslog-ng Error opening file /proc/kmsg for reading (No such file or directory) Error initializing configuration, exiting. Is there something in system I should tune? zhen -----Original Message----- From: Balazs Scheidler [mailto:bazsi@balabit.hu] Sent: Monday, August 18, 2003 9:21 PM To: syslog-ng@lists.balabit.hu Subject: Re: [syslog-ng]src/tests/testall failed! On Mon, Aug 18, 2003 at 05:19:20PM +0800, Wang, Zhenyu Z wrote:

After I have successfully compiled syslog-ng-1.0.6rc3, I run src/tests/testall script but it failed.

that script was written years ago and may not function correctly. -- Bazsi PGP info: KeyID 9AF8D0A9 Fingerprint CD27 CFB0 802C 0944 9CFD 804E C82C 8EB1 _______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html _______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html _______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html