Re : Re : Re : Re : Syslogd + Syslog-ng

23 Jul 2008

      Is syslogd running on your central server? In this case you have to disable syslogd logging from remote (using -s option) .
personally in order to recieve logs from syslogd clients i use this config:
source s_sys {
        udp(ip(0.0.0.0) port(514));
};

filter f_sys     { level(info..emerg) and not facility(mail); };
destination d_sys {file("/foo/full$DAY.log");};

log { source(s_sys); filter(f_sys) ; destination(d_sys) ;};

----- Message d'origine ----
De : Leandro Ferreira da Silva <ferreira@iqm.unicamp.br>
À : Syslog-ng users' and developers' mailing list <syslog-ng@lists.balabit.hu>
Envoyé le : Mercredi, 23 Juillet 2008, 14h14mn 29s
Objet : Re: [syslog-ng] Re :  Re : Re :  Syslogd + Syslog-ng

The configuration is the standart, I only do the follow changes.

# sources
source src { unix-dgram("/var/run/log");
             unix-dgram("/var/run/logpriv" perm(0600));
             udp(); internal(); file("/dev/klog"); };

I add this,
source r_src { udp(ip("client.domain") port(514));  };

I add this,
destination gafanhoto_messages { file("/var/log/gafanhoto/messages"
owner("root") group("wheel") perm(0640)); };

I add this,
log { source(r_src); destination(gafanhoto_messages); };

When I start the syslog-ng..
scorpion# /usr/local/etc/rc.d/syslog-ng start
Starting syslog_ng.
Error binding socket; addr='AF_INET(client.domain:514)',
error='Can\'t assign requested address (49)'
Error initializing source driver; source='r_src'

Could you send us a partial copy of your syslog-ng configuration?

-----
Message d'origine ----
De : Leandro Ferreira da Silva <ferreira@iqm.unicamp.br>
À : syslog-ng@lists.balabit.hu
Envoyé le : Mardi, 22 Juillet 2008, 21h35mn 02s
Objet : Re: [syslog-ng] Re : Re : Syslogd + Syslog-ng

The messages is send to server, the problem is the server that can't 
take the messages.
I'm using FreeBSD 7.0 release.
...
You can try to launch syslogd in the debug mode and look if your 
messages from the client are really rend to the syslog-ng server.
What OS do you use?
----- Message d'origine ----
De : Leandro Ferreira da Silva <ferreira@iqm.unicamp.br>
À : "olivier "madmax"rolland" <madmax2010fr@yahoo.fr>
Envoyé le : Mardi, 22 Juillet 2008, 19h54mn 28s
Objet : Re: Re : [syslog-ng] Syslogd + Syslog-ng
The syslogd is correctly configured with *.* @server,
I can say this because the following command is logging at server.
tcpdump -nn -i re0 host "machine" and udp port 514
The problem is that in some machines I can't install  syslog-ng, so
these machines have to send their logs through syslogd to the
server
that is using the syslog-ng.
Any help?
...
First of all I'm not sure that with *.* your syslogd is able
to work,
you might user *.debug in order to log all messages from
debug to the
maximal level of logging. Secondly if your computer or server
is in a
domain you might test the remote logging as
*.debug @server.domain_name
----- Message d'origine ----
De : Leandro Ferreira da Silva <ferreira@iqm.unicamp.br 
<mailto:ferreira@iqm.unicamp.br>>
À : syslog-ng@lists.balabit.hu <mailto:syslog-ng@lists.balabit.hu>
Envoyé le : Mardi, 22 Juillet 2008, 0h22mn 35s
Objet : [syslog-ng] Syslogd + Syslog-ng
Dear Friends.
I have some problems.. =P
I'm building a log server, I installed the syslog-ng at the
server. The
clients has the common syslogd.
How Can I do for the syslog-ng receive the messages from
syslogd?
The configuration of syslogd.
# uncomment this to enable logging to a remote loghost named
loghost
*.*                                            @loghost
Is this possible?
I need to configure of this form, because I can't install and
configure
the syslog-ng in all my machines.
Thanks for all..
Leandro Ferreira
______________________________________________________________________________
...
...
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
Documentation:
http://www.balabit.com/support/documentation/?product=syslog-ng
FAQ: http://www.campin.net/syslog-ng/faq.html

...
...
Envoyé avec Yahoo! Mail
<http://us.rd.yahoo.com/mailuk/taglines/isp/control/*http://us.rd.yahoo.com/evt=52423/*http://fr.docs.yahoo.com/mail/overview/index.html>.
...
Une boite mail plus intelligente.
------------------------------------------------------------------------
...
Envoyé avec Yahoo! Mail 
<http://us.rd.yahoo.com/mailuk/taglines/isp/control/*http://us.rd.yahoo.com/evt=52423/*http://fr.docs.yahoo.com/mail/overview/index.html>.
Une boite mail plus intelligente.
______________________________________________________________________________
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
FAQ: http://www.campin.net/syslog-ng/faq.html

________________________________
 Envoyé avec Yahoo!
Mail.
Une boite mail plus intelligente. 

________________________________

______________________________________________________________________________
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
FAQ: http://www.campin.net/syslog-ng/faq.html

      _____________________________________________________________________________ 
Envoyez avec Yahoo! Mail. Une boite mail plus intelligente http://mail.yahoo.fr

olivier "madmax"rolland

tags

participants (1)