I just installed syslog-ng on a Solaris 9 (SPARC) server. It will not log anything to the console nor to /var/adm/messages. Does anyone have any idea of what I am doing wrong? No existing syslog processes are running, I killed them and stopped them from start on reboot. I can not reboot this server now, it is something that has to remain up and running. The service is running: # ps -ef|grep syslog-ng root 29422 29002 0 17:33:14 pts/3 0:00 grep syslog-ng root 29364 1 0 17:27:44 ? 0:00 /usr/local/sbin/ syslog-ng -f /etc/syslog-ng/syslog-ng.conf -p /etc/syslog-ng/sy My /var/run/syslog_door file exists: # ls -la /var/run/syslog_door Drw-r--r-- 1 root other 0 Jul 25 16:49 /var/run/ syslog_door The contents of my syslog-ng.conf file: # syslog-ng configuration file. # See syslog-ng(8) and syslog-ng.conf(5) for more information. # # 20070727 rsavage@nuvox.net options { sync (1); time_reopen (10); log_msg_size(8192); log_fifo_size(2048); long_hostnames (off); use_dns (no); use_fqdn (no); create_dirs (no); keep_hostname (yes); stats(3600); mark_freq(1); }; source s_sys { internal(); sun-streams ("/dev/log" door("/var/run/ syslog_door")); }; destination d_cons { file("/dev/console"); }; destination d_mesg { file("/var/adm/messages"); }; destination d_mail { file("/var/log/syslog"); }; destination d_auth { file("/var/log/authlog"); }; destination d_mlop { usertty("operator"); }; destination d_mlrt { usertty("root"); }; destination d_mlal { usertty("*"); }; filter f_filter1 { level(err) or (level(notice) and facility (auth, kern)); }; filter f_filter2 { level(err) or (facility(kern) and level(notice)) or (facility(daemon) and level(notice)) or (facility(mail) and level(crit)); }; filter f_filter3 { level(alert) or (facility(kern) and level(err)) or (facility(daemon) and level(err)); }; filter f_filter4 { level(alert); }; filter f_filter5 { level(emerg); }; filter f_filter6 { facility(kern) and level(notice); }; filter f_filter7 { facility(mail) and level(debug); }; filter f_filter8 { facility(user) and level(err); }; filter f_filter9 { facility(user) and level(alert); }; log { source(s_sys); filter(f_filter1); destination(d_cons); }; log { source(s_sys); filter(f_filter2); destination(d_mesg); }; log { source(s_sys); filter(f_filter3); destination(d_mlop); }; log { source(s_sys); filter(f_filter4); destination(d_mlrt); }; log { source(s_sys); filter(f_filter5); destination(d_mlal); }; log { source(s_sys); filter(f_filter6); destination(d_auth); }; log { source(s_sys); filter(f_filter7); destination(d_mail); }; log { source(s_sys); filter(f_filter8); destination(d_cons); destination(d_mesg); }; log { source(s_sys); filter(f_filter9); destination(d_mlop); destination(d_mlrt); }; -- Rory Savage, Systems Administrator Nuvox Communications, Server Operations A Data, Voice, and Solutions Provider Email: rsavage@nuvox.net
On Wed, Jul 25, 2007 at 05:38:13PM -0400, Rory Savage wrote:
I just installed syslog-ng on a Solaris 9 (SPARC) server. It will not log anything to the console nor to /var/adm/messages. Does anyone have any idea of what I am doing wrong?
source s_sys { internal(); sun-streams ("/dev/log" door("/var/run/ syslog_door")); };
There's a working config posted here: http://www.campin.net/syslog-ng/solaris-conf.txt ...and the source line looks different in the copy on the FAQ site that what you posted. That's taken from a syslog-ng.conf I used on solaris at a past job. Here's what I use on Solaris currently: source local { sun-streams("/dev/log"); udp(ip(0.0.0.0) port(514)); internal(); }; ...and it's working right now on at least a couple hundred boxes. -- Nate Security-wise, NT is a server with a "Kick me" sign taped to it.
Thanks. Yesterday, I found out that it was my config. But I found out after much troubleshooting efforts. I downgraded from syslog-ng 2 to syslog-ng 1.6.11 and then noticed through 'truss' that messages where indeed being sent to syslog-ng. Then I was determined to scrub my config and force everything to log to one file, and then it started working. After that, I did more research on the config paramters, and ended up with a nice clean working config. Thanks again, -Rory Savage On Jul 27, 2007, at 2:41 AM, Nate Campi wrote:
On Wed, Jul 25, 2007 at 05:38:13PM -0400, Rory Savage wrote:
I just installed syslog-ng on a Solaris 9 (SPARC) server. It will not log anything to the console nor to /var/adm/messages. Does anyone have any idea of what I am doing wrong?
source s_sys { internal(); sun-streams ("/dev/log" door("/var/run/ syslog_door")); };
There's a working config posted here:
http://www.campin.net/syslog-ng/solaris-conf.txt
...and the source line looks different in the copy on the FAQ site that what you posted. That's taken from a syslog-ng.conf I used on solaris at a past job.
Here's what I use on Solaris currently:
source local { sun-streams("/dev/log"); udp(ip(0.0.0.0) port(514)); internal(); };
...and it's working right now on at least a couple hundred boxes. -- Nate
Security-wise, NT is a server with a "Kick me" sign taped to it.
_______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
participants (2)
-
Nate Campi
-
Rory Savage