I am trying to send logs over our network but am having trouble with the rules. I have set up a host to accept the logs and I am trying to set up the sender. This is the destination rule so far. destination d_bg { tcp(ip(192.168.1.19) port(514)); }; When I try to start syslog-ng it gives me this error. parse error at 31 Parse error reading configuration file, exiting. Line 31 is the above rule. This is the complete config of syslog-ng so far. options { sync (0); time_reopen (10); log_fifo_size (1000); long_hostnames (on); use_dns (no); use_fqdn (no); create_dirs (yes); keep_hostname (yes); }; source s_sys { unix-stream ("/dev/log"); internal(); }; destination d_cons { file("/var/log/ng/kern.log"); }; destination d_mesg { file("/var/log/ng/messages"); }; destination d_auth { file("/var/log/ng/secure"); }; destination d_mail { file("/var/log/ng/maillog"); }; destination d_spol { file("/var/log/ng/spooler"); }; destination d_boot { file("/var/log/ng/boot.log"); }; destination d_mlal { file("/var/log/ng/emerg.log"); }; destination d_dhcp { file("/var/log/ng/dhcpd.log"); }; destination d_ipchains { file("/var/log/ng/ipchains.log"); }; destination d_bg { tcp(ip(192.168.1.19) port(514)); }; filter f_filter1 { facility(kern); }; filter f_filter2 { level(info); }; filter f_filter3 { facility(authpriv); }; filter f_filter4 { facility(mail); }; filter f_filter5 { level(emerg); }; filter f_filter6 { facility(uucp) or (facility(news) and level(crit)); }; filter f_dhcp { match("dhcpd"); }; filter f_ipchains { match("ipchains"); }; filter f_tcplog { level(debug); }; log { source(s_sys); filter(f_filter1); destination(d_cons); }; log { source(s_sys); filter(f_filter2); destination(d_mesg); }; log { source(s_sys); filter(f_filter3); destination(d_auth); }; log { source(s_sys); filter(f_filter4); destination(d_mail); }; log { source(s_sys); filter(f_filter5); destination(d_mlal); }; log { source(s_sys); filter(f_filter6); destination(d_spol); }; log { source(s_sys); filter(f_dhcp); destination(d_dhcp); }; log { source(s_sys); filter(f_ipchains); destination(d_ipchains); }; log { source(s_sys); filter(f_tcplog); destination(d_bg); }; Any help would be appreciated. sim
Simeon Johnston wrote:
I am trying to send logs over our network but am having trouble with the rules. I have set up a host to accept the logs and I am trying to set up the sender. This is the destination rule so far.
destination d_bg { tcp(ip(192.168.1.19) port(514)); };
When I try to start syslog-ng it gives me this error.
I came across this also, this statement works (maybe someone should finally update the docs?): destination loggingserver { tcp("1.2.3.4" port(514)); }; Off Topic: No responses to my problem described last week? I still experience this and other faulty logfiles (like "?Generic5.8" when our sun reboots..) At least two other persons suffer also from this problem, as they told me via e-mail. -- Regards, Wiktor Wodecki, Unix Administration | Wapme-Systems AG Tel.: +49-211-748450 | Muensterstrasse 248 Fax: +49-211-74845176 | 40470 Duesseldorf E-Mail: wodecki@wapme-systems.de | http://www.wapme-systems.de 1024/E22253B9 084C 7950 4D65 0E92 46D1 48AF F3F7 3201 E222 53B9
I am trying to send logs over our network but am having trouble with the rules. I have set up a host to accept the logs and I am trying to set up the sender. This is the destination rule so far.
destination d_bg { tcp(ip(192.168.1.19) port(514)); };
When I try to start syslog-ng it gives me this error.
I came across this also, this statement works (maybe someone should finally update the docs?):
destination loggingserver { tcp("1.2.3.4" port(514)); };
Destination and sources differ in their syntax. A destination TCP driver uses a positional 'destination host' argument, a source doesn't. -- Bazsi PGP info: KeyID 9AF8D0A9 Fingerprint CD27 CFB0 802C 0944 9CFD 804E C82C 8EB1
I put the new rule in and it didn't give any errors when I started it. But there seems to be another problem. I don't know why but it looks like the daemon doesn't even start. I restart it with the bootup script and everything appears to run OK but then I do a "ps ax" and the process isn't there. I then start it manually and it gives me this error. Error creating AF_INET socket (Success) Error initializing configuration, exiting. What is this? sim Balazs Scheidler wrote:
I am trying to send logs over our network but am having trouble with the rules. I have set up a host to accept the logs and I am trying to set up the sender. This is the destination rule so far.
destination d_bg { tcp(ip(192.168.1.19) port(514)); };
When I try to start syslog-ng it gives me this error.
I came across this also, this statement works (maybe someone should finally update the docs?):
destination loggingserver { tcp("1.2.3.4" port(514)); };
Destination and sources differ in their syntax. A destination TCP driver uses a positional 'destination host' argument, a source doesn't.
On Wed, Feb 14, 2001 at 10:07:51AM -0600, Simeon Johnston wrote:
I put the new rule in and it didn't give any errors when I started it. But there seems to be another problem. I don't know why but it looks like the daemon doesn't even start. I restart it with the bootup script and everything appears to run OK but then I do a "ps ax" and the process isn't there. I then start it manually and it gives me this error.
Error creating AF_INET socket (Success) Error initializing configuration, exiting.
What is this?
a truss or strace output should help you out here. -- Bazsi PGP info: KeyID 9AF8D0A9 Fingerprint CD27 CFB0 802C 0944 9CFD 804E C82C 8EB1
I used strace although I didn't get much out of it. I have never used it before. I think that it is not being allowed to initiate a connection or it is trying but is not allowed to connect to the logserver so it stops. I have a few more questions. 1. Does syslog-ng need an entry in the inetd/xinetd configuration? I didn't see anything about it in the manual. 2. Would this disallow any information from getting through if there wasn't an entry? 3. Any other thoughts? Any help would be appreciated. sim Balazs Scheidler wrote:
On Wed, Feb 14, 2001 at 10:07:51AM -0600, Simeon Johnston wrote:
I put the new rule in and it didn't give any errors when I started it. But there seems to be another problem. I don't know why but it looks like the daemon doesn't even start. I restart it with the bootup script and everything appears to run OK but then I do a "ps ax" and the process isn't there. I then start it manually and it gives me this error.
Error creating AF_INET socket (Success) Error initializing configuration, exiting.
What is this?
a truss or strace output should help you out here.
-- Bazsi PGP info: KeyID 9AF8D0A9 Fingerprint CD27 CFB0 802C 0944 9CFD 804E C82C 8EB1
_______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng
participants (3)
-
Balazs Scheidler
-
Simeon Johnston
-
Wiktor Wodecki