Re : Re : Re : Syslogd + Syslog-ng
Could you send us a partial copy of your syslog-ng configuration? ----- Message d'origine ---- De : Leandro Ferreira da Silva <ferreira@iqm.unicamp.br> À : syslog-ng@lists.balabit.hu Envoyé le : Mardi, 22 Juillet 2008, 21h35mn 02s Objet : Re: [syslog-ng] Re : Re : Syslogd + Syslog-ng The messages is send to server, the problem is the server that can't take the messages. I'm using FreeBSD 7.0 release.
You can try to launch syslogd in the debug mode and look if your messages from the client are really rend to the syslog-ng server. What OS do you use? ----- Message d'origine ---- De : Leandro Ferreira da Silva <ferreira@iqm.unicamp.br> À : "olivier "madmax"rolland" <madmax2010fr@yahoo.fr> Envoyé le : Mardi, 22 Juillet 2008, 19h54mn 28s Objet : Re: Re : [syslog-ng] Syslogd + Syslog-ng
The syslogd is correctly configured with *.* @server, I can say this because the following command is logging at server. tcpdump -nn -i re0 host "machine" and udp port 514
The problem is that in some machines I can't install syslog-ng, so these machines have to send their logs through syslogd to the server that is using the syslog-ng. Any help?
First of all I'm not sure that with *.* your syslogd is able to work, you might user *.debug in order to log all messages from debug to the maximal level of logging. Secondly if your computer or server is in a domain you might test the remote logging as *.debug @server.domain_name
----- Message d'origine ---- De : Leandro Ferreira da Silva <ferreira@iqm.unicamp.br <mailto:ferreira@iqm.unicamp.br>> À : syslog-ng@lists.balabit.hu <mailto:syslog-ng@lists.balabit.hu> Envoyé le : Mardi, 22 Juillet 2008, 0h22mn 35s Objet : [syslog-ng] Syslogd + Syslog-ng
Dear Friends.
I have some problems.. =P I'm building a log server, I installed the syslog-ng at the server. The clients has the common syslogd. How Can I do for the syslog-ng receive the messages from syslogd?
The configuration of syslogd. # uncomment this to enable logging to a remote loghost named loghost *.* @loghost
Is this possible? I need to configure of this form, because I can't install and configure the syslog-ng in all my machines.
Thanks for all..
Leandro Ferreira
______________________________________________________________________________
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.campin.net/syslog-ng/faq.html
------------------------------------------------------------------------ Envoyé avec Yahoo! Mail
Une boite mail plus intelligente.
------------------------------------------------------------------------ Envoyé avec Yahoo! Mail <http://us.rd.yahoo.com/mailuk/taglines/isp/control/*http://us.rd.yahoo.com/evt=52423/*http://fr.docs.yahoo.com/mail/overview/index.html>. Une boite mail plus intelligente.
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.campin.net/syslog-ng/faq.html _____________________________________________________________________________ Envoyez avec Yahoo! Mail. Une boite mail plus intelligente http://mail.yahoo.fr
The configuration is the standart, I only do the follow changes. # sources source src { unix-dgram("/var/run/log"); unix-dgram("/var/run/logpriv" perm(0600)); udp(); internal(); file("/dev/klog"); }; I add this, source r_src { udp(ip("*client.domain*") port(514)); }; I add this, destination gafanhoto_messages { file("/var/log/gafanhoto/messages" owner("root") group("wheel") perm(0640)); }; I add this, log { source(r_src); destination(gafanhoto_messages); }; When I start the syslog-ng.. scorpion# /usr/local/etc/rc.d/syslog-ng start Starting syslog_ng. Error binding socket; addr='AF_INET(*client.domain*:514)', error='Can\'t assign requested address (49)' Error initializing source driver; source='r_src'
Could you send us a partial copy of your syslog-ng configuration?
----- Message d'origine ---- De : Leandro Ferreira da Silva <ferreira@iqm.unicamp.br> À : syslog-ng@lists.balabit.hu Envoyé le : Mardi, 22 Juillet 2008, 21h35mn 02s Objet : Re: [syslog-ng] Re : Re : Syslogd + Syslog-ng
The messages is send to server, the problem is the server that can't take the messages. I'm using FreeBSD 7.0 release.
You can try to launch syslogd in the debug mode and look if your messages from the client are really rend to the syslog-ng server. What OS do you use? ----- Message d'origine ---- De : Leandro Ferreira da Silva <ferreira@iqm.unicamp.br <mailto:ferreira@iqm.unicamp.br>> À : "olivier "madmax"rolland" <madmax2010fr@yahoo.fr <mailto:madmax2010fr@yahoo.fr>> Envoyé le : Mardi, 22 Juillet 2008, 19h54mn 28s Objet : Re: Re : [syslog-ng] Syslogd + Syslog-ng
The syslogd is correctly configured with *.* @server, I can say this because the following command is logging at server. tcpdump -nn -i re0 host "machine" and udp port 514
The problem is that in some machines I can't install syslog-ng, so these machines have to send their logs through syslogd to the server that is using the syslog-ng. Any help?
First of all I'm not sure that with *.* your syslogd is able to work, you might user *.debug in order to log all messages from debug to the maximal level of logging. Secondly if your computer or server is in a domain you might test the remote logging as *.debug @server.domain_name
----- Message d'origine ---- De : Leandro Ferreira da Silva <ferreira@iqm.unicamp.br <mailto:ferreira@iqm.unicamp.br> <mailto:ferreira@iqm.unicamp.br <mailto:ferreira@iqm.unicamp.br>>> À : syslog-ng@lists.balabit.hu <mailto:syslog-ng@lists.balabit.hu> <mailto:syslog-ng@lists.balabit.hu <mailto:syslog-ng@lists.balabit.hu>> Envoyé le : Mardi, 22 Juillet 2008, 0h22mn 35s Objet : [syslog-ng] Syslogd + Syslog-ng
Dear Friends.
I have some problems.. =P I'm building a log server, I installed the syslog-ng at the server. The clients has the common syslogd. How Can I do for the syslog-ng receive the messages from syslogd?
The configuration of syslogd. # uncomment this to enable logging to a remote loghost named loghost *.* @loghost
Is this possible? I need to configure of this form, because I can't install and configure the syslog-ng in all my machines.
Thanks for all..
Leandro Ferreira
______________________________________________________________________________
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.campin.net/syslog-ng/faq.html
Envoyé avec Yahoo! Mail
Une boite mail plus intelligente.
------------------------------------------------------------------------ Envoyé avec Yahoo! Mail
Une boite mail plus intelligente.
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.campin.net/syslog-ng/faq.html
------------------------------------------------------------------------ Envoyé avec Yahoo! Mail <http://us.rd.yahoo.com/mailuk/taglines/isp/control/*http://us.rd.yahoo.com/evt=52423/*http://fr.docs.yahoo.com/mail/overview/index.html>. Une boite mail plus intelligente. ------------------------------------------------------------------------
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.campin.net/syslog-ng/faq.html
Leandro Ferreira da Silva did thus speak on 7/23/2008 7:14 AM:
The configuration is the standart, I only do the follow changes.
# sources source src { unix-dgram("/var/run/log"); unix-dgram("/var/run/logpriv" perm(0600)); udp(); internal(); file("/dev/klog"); };
I add this, source r_src { udp(ip("*client.domain*") port(514)); };
Here's your problem. For src, you define 'udp()' as one of your log sources, without including any specific options for it. This will cause syslog-ng to go with its defaults for udp(), which is bind to *all* IP addresses assigned to the box, on port 514. Then, for r_src, you are telling syslog-ng to bind to a specific IP address on the box and port 514. When syslog-ng attempts to start, it will fail with the error message you received because that ip/port is already in use (by the source src, which is bound to all IP's). Unless you have a need to bind to a specific IP address on the box, I'd recommend removing 'udp();' from src, and replacing the current 'udp(ip("*client.domain*") port(514));' in r_src with 'udp();'. -- Christopher Cashell
Christopher Cashell wrote:
Leandro Ferreira da Silva did thus speak on 7/23/2008 7:14 AM:
The configuration is the standart, I only do the follow changes.
# sources source src { unix-dgram("/var/run/log"); unix-dgram("/var/run/logpriv" perm(0600)); udp(); internal(); file("/dev/klog"); };
I add this, source r_src { udp(ip("*client.domain*") port(514)); };
Here's your problem. For src, you define 'udp()' as one of your log sources, without including any specific options for it. This will cause syslog-ng to go with its defaults for udp(), which is bind to *all* IP addresses assigned to the box, on port 514.
Then, for r_src, you are telling syslog-ng to bind to a specific IP address on the box and port 514. When syslog-ng attempts to start, it will fail with the error message you received because that ip/port is already in use (by the source src, which is bound to all IP's).
Unless you have a need to bind to a specific IP address on the box, I'd recommend removing 'udp();' from src, and replacing the current 'udp(ip("*client.domain*") port(514));' in r_src with 'udp();'.
It worked!! The real problem was udp () at src. Thank you very much for all the help... Now I'll go complete my rules.. See you!! =P
participants (3)
-
Christopher Cashell
-
Leandro Ferreira da Silva
-
olivier "madmax"rolland