Solaris Client Not sending to Central Log Host
We are running Solaris 9 on various Sun servers. I need to be able to send logs from the clients to the Central loghost using UDP. Below is a partial Client config file. Note that I don't have a Filter for this. If that is the problem, what kind of filter would I need to send all logs? Any help or suggestions would be appreciated. # GLOBAL OPTIONS ########################################################### options { keep_hostname(yes); chain_hostnames(no); create_dirs(yes); use_time_recvd(yes); use_dns(no); use_fqdn(no); }; # Source source local { sun-streams("/dev/log" door("/etc/.syslog_door")); internal(); }; destination d_centralhost { udp("10.5.2.3") port(514); }; log { source(local); destination (d_centralhost); }; ################################################################## Thanks, Zeek
Hi,
We are running Solaris 9 on various Sun servers. I need to be able to send logs from the clients to the Central loghost using UDP. Below is a partial Client config file. Note that I don't have a Filter for this. If that is the problem, what kind of filter would I need to send all logs? Any help or suggestions would be appreciated.
Filters are optional, simply omit filters when you don't need filtering. Regards, Sandor -------------------------------------------------------- NOTICE: If received in error, please destroy and notify sender. Sender does not intend to waive confidentiality or privilege. Use of this email is prohibited when received in error.
Thanks Sandor. Do you see anything that would prevent the client from sending to the log host? Zeek On Mon, Jan 5, 2009 at 5:10 AM, Geller, Sandor (IT) <Sandor.Geller@morganstanley.com> wrote:
Hi,
We are running Solaris 9 on various Sun servers. I need to be able to send logs from the clients to the Central loghost using UDP. Below is a partial Client config file. Note that I don't have a Filter for this. If that is the problem, what kind of filter would I need to send all logs? Any help or suggestions would be appreciated.
Filters are optional, simply omit filters when you don't need filtering.
Regards,
Sandor --------------------------------------------------------
NOTICE: If received in error, please destroy and notify sender. Sender does not intend to waive confidentiality or privilege. Use of this email is prohibited when received in error. ______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.campin.net/syslog-ng/faq.html
Hi,
Thanks Sandor. Do you see anything that would prevent the client from sending to the log host?
Sorry, seems like I skipped that part of your mail :( Rereading it I think that your config does contain a syntax error, so I'm surprised that syslog-ng is actually running with this destination: destination d_centralhost { udp("10.5.2.3") port(514); }; port should be enclosed within udp(), like this: udp(10.5.2.3 port(514)); Regards, Sandor -------------------------------------------------------- NOTICE: If received in error, please destroy and notify sender. Sender does not intend to waive confidentiality or privilege. Use of this email is prohibited when received in error.
Oh geez, thanks.. I ran the config through the syntax checker and it didn't catch it. I noticed you left the quotes out. All of the examples I have seen use the quotes. Do you know if they are needed? Thanks for your help. This was driving me nuts.. Zeek On Mon, Jan 5, 2009 at 9:44 AM, Geller, Sandor (IT) <Sandor.Geller@morganstanley.com> wrote:
Hi,
Thanks Sandor. Do you see anything that would prevent the client from sending to the log host?
Sorry, seems like I skipped that part of your mail :(
Rereading it I think that your config does contain a syntax error, so I'm surprised that syslog-ng is actually running with this destination:
destination d_centralhost { udp("10.5.2.3") port(514); };
port should be enclosed within udp(), like this: udp(10.5.2.3 port(514));
Regards,
Sandor --------------------------------------------------------
NOTICE: If received in error, please destroy and notify sender. Sender does not intend to waive confidentiality or privilege. Use of this email is prohibited when received in error. ______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.campin.net/syslog-ng/faq.html
participants (3)
-
Fred Connolly
-
Geller, Sandor (IT)
-
Zeek Anow