Hi all trying to log from solaris 8 to Linux (gentoo). I'm using 1.5.26 on the linux side and 1.5.25 on the solaris. I've tried several linux versions ranging from 1.4x to current with no luck. Logging from linux -> linux is no problem. I've tried googling and newsgroups etc and writing mails but nobody can help. If nobody replies to this i'll be switching to another logger ;c] here's the configuration I'm using, its very basic and according to an earlier post from the "maintainer" it should work: solaris: source s_all { sun-stream("/dev/log" door("/etc/.syslog_door")); internal(); }; destination d_tcp { tcp("1.2.3.4"); }; log { source(s_all); destination(d_tcp); }; linux: source s_all { internal(); unix-stream("/dev/log"); tcp(); }; destination d_messages { file("/var/log/HOSTS/$HOST/$FACILITY" owner(root) group(root) perm(0600) dir_perm(0700) create_dirs(yes)); }; log { source(s_all); destination(d_messages); }; ## why is nothing logged from the solaris box ? ##
On Tue, Mar 11, 2003 at 01:55:16PM +0100, garvald@bluemail.ch wrote:
trying to log from solaris 8 to Linux (gentoo). I'm using 1.5.26 on the linux side and 1.5.25 on the solaris. I've tried several linux versions ranging from 1.4x to current with no luck. Logging from linux -> linux is no problem. I've tried googling and newsgroups etc and writing mails but nobody can help. If nobody replies to this i'll be switching to another logger ;c] here's the configuration I'm using, its very basic and according to an earlier post from the "maintainer" it should work:
It seems unlikely that this is a syslog-ng problem. People aren't responding because it's not clear that you eliminated other factors. You need to test if TCP traffic can really make it between the ports and hosts involved. Eliminate the lower levels of the TCP/IP stack before working on the app layer. HINT: telnet from the solaris client to the listening syslog-ng port on the linux host. You might not be able to connect at all. Try UDP too, test sending UDP traffic with netcat. Try UDP too, test sending UDP traffic with netcat, once you set up a udp listener on the loghost. -- Nate Campi http://www.campin.net
Hallo Nate Well actually on the server side I installed syslog-ng with tcp-wrapper support, of course the correct entry is in hosts.allow, this has been successfully tested with a linux client. A netstat -a shows that the solaris box is connected. Now I have tried out your solaris syslog-ng.conf from your FAQ site, which should actually log locally AND send to the loghost, but it does neither, leading me to believe that it must be a local problem on the solaris box. A ps -ef reveals that syslog-ng has been successfully started and as mentioned a netstat -a on the loghost shows a successful connection, however nothing is logged. In the README libol support is recommended, this was successfully found upon installing syslog-ng. Upon installing syslog-ng on the sol box I used a --prefix and installed to a different path however, which the init.script points to. I used the init script from the contrib directory, perhaps this is the problem, if not then I'm back to square 1. Can anyone see a problem with this script ? looks fine to me: ################################### DAEMON=/usr/local.hg/sbin/syslog-ng case "$1" in start) if [ -f /path/to/correct/syslog-ng.conf -a -f /usr/local/sbin/syslog-ng ]; then echo 'syslog-ng service starting.' # # Before syslog-ng starts, save any messages from previous # crash dumps so that messages appear in chronological order. # /usr/bin/savecore -m if [ -r /etc/dumpadm.conf ]; then . /etc/dumpadm.conf [ "x$DUMPADM_DEVICE" != xswap ] && \ /usr/bin/savecore -m -f $DUMPADM_DEVICE fi $DAEMON -p /var/run/syslog-ng.pid fi ;; stop) if [ -f /var/run/syslog-ng.pid ]; then syspid=`/usr/bin/cat /var/run/syslog-ng.pid` [ "$syspid" -gt 0 ] && kill -15 $syspid && rm /var/run/syslog-ng.pid fi ;; *) echo "Usage: $0 { start | stop }" exit 1 ;; esac #####################################
From: Nate Campi <nate@campin.net>
On Tue, Mar 11, 2003 at 01:55:16PM +0100, garvald@bluemail.ch wrote:
trying to log from solaris 8 to Linux (gentoo). I'm using 1.5.26 on the
linux
side and 1.5.25 on the solaris. I've tried several linux versions ranging from 1.4x to current with no luck. Logging from linux -> linux is no problem. I've tried googling and newsgroups etc and writing mails but nobody can help. If nobody replies to this i'll be switching to another logger ;c] here's the configuration I'm using, its very basic and according to an earlier post from the "maintainer" it should work:
It seems unlikely that this is a syslog-ng problem. People aren't responding because it's not clear that you eliminated other factors. You need to test if TCP traffic can really make it between the ports and hosts involved. Eliminate the lower levels of the TCP/IP stack before working on the app layer.
HINT: telnet from the solaris client to the listening syslog-ng port on the linux host. You might not be able to connect at all. Try UDP too, test sending UDP traffic with netcat. Try UDP too, test sending UDP traffic with netcat, once you set up a udp listener on the loghost.
participants (2)
-
garvald@bluemail.ch
-
Nate Campi