I'm using syslog-ng over stunnel to log to a remote mysql database. I have it working perfectly on all my linux machines, but when I attempt to go over to Solaris, I run into problems. I have recompiled with the "--enable-sun-streams" and "--enable-sun-door" and edited my conf file, and this is the error I get when I try to run syslog-ng: root@diamond: syslog-ng -Fv do_init_afstreams_source: Cannot enable console logging on sun-stream /var/log (Inappropriate ioctl for device) Error initializing configuration, exiting. This is my syslog-ng.conf file: # # Syslog-ng example configuration for for Debian GNU/Linux # # Copyright (c) 1999 anonymous # Copyright (c) 1999 Balazs Scheidler # $Id: syslog-ng.conf.sample,v 1.2 1999/11/15 12:30:41 bazsi Exp $ # # Syslog-ng configuration file, compatible with default Debian syslogd # installation. # options { sync(2); time_reopen (10); long_hostnames (off); use_fqdn (no); keep_hostname (yes); #use_dns(yes); }; ###source lets your receive messages source src { sun-streams("/var/log"); }; destination cron { file("/var/log/cron.log"); }; destination mail { file("/var/log/mail.log"); }; destination messages { file("/var/adm/messages"); }; destination sysmsg { file("/var/log/messages"); }; destination authlog { file("/var/log/authlog"); }; destination syslog { file("/var/log/syslog-ng"); }; destination local0 { file("/var/log/local0"); }; destination local1 { file("/var/log/local1"); }; destination local2 { file("/var/log/local2"); }; destination local3 { file("/var/log/local3"); }; destination local4 { file("/var/log/local4"); }; destination local5 { file("/var/log/local5"); }; destination local6 { file("/var/log/local6"); }; destination local7 { file("/var/log/local7"); }; destination staley { tcp("127.0.0.1" port(2220)); }; filter f_auth { facility(auth); }; filter f_kern { facility(kern); }; filter f_cron { facility(cron); }; filter f_mail { facility(mail); }; filter f_daemon { facility(daemon); }; filter f_local0 { facility(local0); }; filter f_local1 { facility(local1); }; filter f_local2 { facility(local2); }; filter f_local3 { facility(local3); }; filter f_local4 { facility(local4); }; filter f_local5 { facility(local5); }; filter f_local6 { facility(local6); }; filter f_local7 { facility(local7); }; filter f_emergency { level(emerg); }; filter f_info { level(info); }; filter f_alert { level(alert); }; filter f_notice { level(notice); }; filter f_warn { level(warn); }; filter f_crit { level(crit); }; filter f_err { level(err); }; filter f_debug { level(debug); }; filter f_syslog { level(info) and not facility(mail); }; ################################################################################# set up logging to a loghost (staley) forwarded from localhost via stunnel # as defined at top of file: # destination staley { tcp("127.0.0.1" port(2221)); }; ################################################################################ #Logging to Paskow for testing purposes log { source(src); filter(f_err); destination(staley); }; log { source(src); filter(f_notice); destination(staley); }; log { source(src); filter(f_alert); destination(staley); }; log { source(src); filter(f_mail); filter(f_info); destination(staley); }; log { source(src); filter(f_info); destination(staley); }; #Logging all local.debug to Paskow for testing purposes log { source(src); filter(f_local0); filter(f_debug); destination(staley); }; log { source(src); filter(f_local1); filter(f_debug); destination(staley); }; log { source(src); filter(f_local2); filter(f_debug); destination(staley); }; log { source(src); filter(f_local3); filter(f_debug); destination(staley); }; log { source(src); filter(f_local4); filter(f_debug); destination(staley); }; log { source(src); filter(f_local5); filter(f_debug); destination(staley); }; log { source(src); filter(f_local6); filter(f_debug); destination(staley); }; I had the doors option in the destination src, but there's no doors file on my machine. I'd appreciate any help that anybody can provide. I will be extremely grateful if this works. ~Matt Valites Unix Admin Banta-IM
On Fri, Jun 14, 2002 at 11:51:16AM -0400, Matthew C Valites wrote:
I'm using syslog-ng over stunnel to log to a remote mysql database. I have it working perfectly on all my linux machines, but when I attempt to go over to Solaris, I run into problems. I have recompiled with the "--enable-sun-streams" and "--enable-sun-door" and edited my conf file, and this is the error I get when I try to run syslog-ng:
<snip>
###source lets your receive messages source src { sun-streams("/var/log"); };
Use a source like this: source src { sun-stream("/dev/log" door("/etc/.syslog_door")); internal(); }; -- "Whom computers would destroy, they must first drive mad." -Anon.
Use a source like this:
source src { sun-stream("/dev/log" door("/etc/.syslog_door")); internal(); };
When I do that, I get this error; root@diamond: syslog-ng -Fv connecting fd 5 to inetaddr 127.0.0.1, port 2220 syslog-ng version 1.5.13 starting io.c: do_write: write() failed (errno 32), Broken pipe pkt_buffer::do_flush(): Error flushing data Connection broken to AF_INET(127.0.0.1:2220), reopening in 10 seconds Garbage collecting while idle... Objects alive: 151, garbage collected: 2 It just sits there and continues to spew out the "Garnage collecting....." error and the following line. It runs, but doesn't log anything. Any ideas? ~Matt
On Fri, Jun 14, 2002 at 12:04:01PM -0400, Matthew C Valites wrote:
Use a source like this:
source src { sun-stream("/dev/log" door("/etc/.syslog_door")); internal(); };
When I do that, I get this error;
root@diamond: syslog-ng -Fv connecting fd 5 to inetaddr 127.0.0.1, port 2220 syslog-ng version 1.5.13 starting io.c: do_write: write() failed (errno 32), Broken pipe pkt_buffer::do_flush(): Error flushing data Connection broken to AF_INET(127.0.0.1:2220), reopening in 10 seconds Garbage collecting while idle... Objects alive: 151, garbage collected: 2
It just sits there and continues to spew out the "Garnage collecting....." error and the following line. It runs, but doesn't log anything. Any ideas?
Looks like a destination you're trying to send to isn't working. Are you trying to forward over stunnel or something? It seems it must be that, or something like it since it's trying to write on an AF_INET socket on the localhost. Make sure it's not collecting logs generated locally, your file destinations should still be fine. $ logger -p local2.info FOO BAR BAZ ...and see if it gets into your logs. OBTW, upgrade your syslog-ng, the newer versions have lots of bugfixes and feature additions. -- It is better to live rich than to die rich. -- Samuel Johnson
I'm trying to forward to 127.0.0.1, which is picked up by stunnel and sends it out on a secure port. This was the way I was doing it in linux, so I thought I could try and do it on Solaris. I'm not sure why the AF_INET sockets would break though. ~Matt Nate Campi wrote:
On Fri, Jun 14, 2002 at 12:04:01PM -0400, Matthew C Valites wrote:
Use a source like this:
source src { sun-stream("/dev/log" door("/etc/.syslog_door")); internal(); };
When I do that, I get this error;
root@diamond: syslog-ng -Fv connecting fd 5 to inetaddr 127.0.0.1, port 2220 syslog-ng version 1.5.13 starting io.c: do_write: write() failed (errno 32), Broken pipe pkt_buffer::do_flush(): Error flushing data Connection broken to AF_INET(127.0.0.1:2220), reopening in 10 seconds Garbage collecting while idle... Objects alive: 151, garbage collected: 2
It just sits there and continues to spew out the "Garnage collecting....." error and the following line. It runs, but doesn't log anything. Any ideas?
Looks like a destination you're trying to send to isn't working. Are you trying to forward over stunnel or something? It seems it must be that, or something like it since it's trying to write on an AF_INET socket on the localhost.
Make sure it's not collecting logs generated locally, your file destinations should still be fine.
$ logger -p local2.info FOO BAR BAZ
...and see if it gets into your logs.
OBTW, upgrade your syslog-ng, the newer versions have lots of bugfixes and feature additions.
On Fri, Jun 14, 2002 at 12:24:32PM -0400, Matthew C Valites wrote:
I'm trying to forward to 127.0.0.1, which is picked up by stunnel and sends it out on a secure port. This was the way I was doing it in linux, so I thought I could try and do it on Solaris. I'm not sure why the AF_INET sockets would break though.
Go ahead and send your whole config file, there's too much guessing involved. -- "Accurate measurement is the begining of all wisdom." - Imhotep c.a. 2650 B.C.
participants (2)
-
Matthew C Valites
-
Nate Campi