Logging network messages in Solaris
I have syslog-ng running successfully on several of our Solaris servers, but I can't get it to work with our logging server. I have the following config: source local { sun-streams("/dev/log" door("/etc/.syslog_door")); internal(); }; source s_tcp { tcp(ip(0.0.0.0)); }; source s_udp { udp(); }; <...filters removed...> log { source(local); filter (DEFAULT); destination(all); }; log { source(s_udp); filter (DEFAULT); destination(all); }; log { source(s_tcp); filter (DEFAULT); destination(all); }; I've simplified the config just to see if I can get messages to show up anywhere. It's not logging any messages from network devices, although it logs local messages just fine. I know the messages are getting there b/c syslogd is logging them and I've sniffed the network to verify UDP and port 514. I've also tried declaring the tcp and udp sources in the local definition. I know this can work. What am I missing? Scott Ripley DNS Administrator, House Information Resources 202.226.2833 - mailto:scott.ripley@mail.house.gov <mailto:scott.ripley@mail.house.gov>
On Tue, Jun 26, 2001 at 11:31:28AM -0400, Ripley, Scott wrote:
I have syslog-ng running successfully on several of our Solaris servers, but I can't get it to work with our logging server. I have the following config:
source local { sun-streams("/dev/log" door("/etc/.syslog_door")); internal(); }; source s_tcp { tcp(ip(0.0.0.0)); }; source s_udp { udp(); };
<...filters removed...>
log { source(local); filter (DEFAULT); destination(all); }; log { source(s_udp); filter (DEFAULT); destination(all); }; log { source(s_tcp); filter (DEFAULT); destination(all); };
I've simplified the config just to see if I can get messages to show up anywhere. It's not logging any messages from network devices, although it logs local messages just fine. I know the messages are getting there b/c syslogd is logging them and I've sniffed the network to verify UDP and port 514.
I've also tried declaring the tcp and udp sources in the local definition.
I know this can work. What am I missing?
truss syslog-ng whether it really receives those messages? netstat output? syslog-ng -dv output? -- Bazsi PGP info: KeyID 9AF8D0A9 Fingerprint CD27 CFB0 802C 0944 9CFD 804E C82C 8EB1
participants (2)
-
Balazs Scheidler
-
Ripley, Scott