https://bugzilla.balabit.com/show_bug.cgi?id=221 Summary: syslog-ng 2.1.4 on rhel 5.8 Product: syslog-ng Version: 2.1.x Platform: PC OS/Version: Linux Status: NEW Severity: normal Priority: unspecified Component: syslog-ng AssignedTo: bazsi@balabit.hu ReportedBy: jk_kathi1@yahoo.com Type of the Report: --- Estimated Hours: 0.0 Red Hat Enterprise Linux Server release 5.8 (Tikanga) Syslog-ng version : syslog-ng-2.1.4-9.el5 Library installed : libnet-1.1.5-1.el5 /etc/syslog-ng/syslog-ng.conf file settings options { sync (0); time_reopen (10); log_fifo_size (1000); long_hostnames (off); use_dns (no); use_fqdn (no); create_dirs (no); keep_hostname (yes); }; source s_sys { file ("/proc/kmsg" log_prefix("kernel: ")); unix-stream ("/dev/log"); internal(); # udp(ip(0.0.0.0) port(514)); }; source s_file { file("/opt/CA/siteminder/log/smps.log"); }; destination d_file { file("/var/log/messages"); }; destination d_remote_q1 { udp("x.x.x.x" port(514)); }; log { source(s_sys); destination(d_file); }; log { source(s_file); destination(d_file); destination(d_remote_q1); }; Syslog-ng executes fine , able to record all the OS logs . When i start syslog-ng the first time it polls the smps.log and forwards all the entries from that file to remote server , but after that any new events getting logged does not get processed even when syslog-ng is running in the background. The issue is syslog-ng is not able to monitor the App log smps.log in real time . This happens only for the app log , normal OS events gets processes immediately Tried logging a simple mesage using logger I did try running syslog-ng in debug mode , these are the results /sbin/syslog-ng -Fedv Syslog connection established; from='AF_INET(0.0.0.0:0)', to='AF_INET(x.x.x.x:514)' Running application hooks; hook='1' syslog-ng starting up; version='2.1.4' EOF occurred while reading; fd='3' Syslog connection accepted; from='AF_UNIX(anonymous)', to='AF_UNIX(/dev/log)' Syslog connection accepted; from='AF_UNIX(anonymous)', to='AF_UNIX(/dev/log)' Incoming log entry; line='<85>Feb 14 15:04:03 sshd[797]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=10.58.99.83 user=admin' Initializing destination file writer; template='/var/log/messages', filename='/var/log/messages' Incoming log entry; line='<86>Feb 14 15:04:06 sshd[797]: Failed password for admin from 10.58.99.83 port 64622 ssh2' EOF occurred while reading; fd='8' Closing log reader fd; fd='8' Syslog connection accepted; from='AF_UNIX(anonymous)', to='AF_UNIX(/dev/log)' Incoming log entry; line='<86>Feb 14 15:04:16 sshd[797]: Accepted password for admin from 10.58.99.83 port 64622 ssh2' EOF occurred while reading; fd='8' Closing log reader fd; fd='8' EOF occurred while reading; fd='7' Closing log reader fd; fd='7' Syslog connection accepted; from='AF_UNIX(anonymous)', to='AF_UNIX(/dev/log)' Incoming log entry; line='<86>Feb 14 15:04:16 sshd[797]: pam_unix(sshd:session): session opened for user admin by (uid=0)' Syslog connection accepted; from='AF_UNIX(anonymous)', to='AF_UNIX(/dev/log)' Incoming log entry; line='<13>Feb 14 15:04:22 admin: Test message' EOF occurred while reading; fd='8' Closing log reader fd; fd='8' Syslog connection accepted; from='AF_UNIX(anonymous)', to='AF_UNIX(/dev/log)' Incoming log entry; line='<86>Feb 14 15:04:48 su: pam_unix(su-l:session): session opened for user root by admin(uid=500)' Syslog connection accepted; from='AF_UNIX(anonymous)', to='AF_UNIX(/dev/log)' Incoming log entry; line='<86>Feb 14 15:05:00 su: pam_unix(su-l:session): session opened for user smuser by admin(uid=0)' But i do not see any debugs messages for smps.log getting processed ( even though the file is getting updated ) Any ideas Is this is a shortcoming in syslog-ng 2.1.4 . I cannot compile the latest version of syslog-ng since there is a limitation on my production system ( cannot compile anything due to security concerns ) so i am need of a syslog-ng rpm package other than 2.1.4 that works on RHEL 5 or if i can fix the issue in the existing version Appreciate any help Thanks Kathi -- Configure bugmail: https://bugzilla.balabit.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching all bug changes.