Hello, I have just came to 'syslog-ng' and I am having some troubles to setting it up. I am using the "syslog-ng.conf" provided by "slackbuilds.org", and I have add just few lines. Well, those lines make the daemon not to run. the error: ++++++++++++ Starting syslog-ng daemon: /usr/sbin/syslog-ng Error parsing source, source plugin s_router not found in /etc/syslog-ng/syslog-ng.conf at line 59, column 14: log { source{s_router}; destination{d_router}; }; ^^^^^^^^ syslog-ng documentation: http://www.balabit.com/support/documentation/?product=syslog-ng mailing list: https://lists.balabit.hu/mailman/listinfo/syslog-ng ******************* the release: ++++++++++++ root@liet:/etc/syslog-ng# syslog-ng -V syslog-ng 3.5.2 Installer-Version: 3.5.2 Revision: ssh+git://algernon@git.balabit/var/scm/git/syslog-ng/syslog-ng-ose--mainline--3.5#master#a31bdb7a7f57382a90305bd033753b2762469854 Compile-Date: Feb 28 2014 19:53:40 Available-Modules: afsocket-notls,afamqp,linux-kmsg-format,basicfuncs,affile,dbparser,afsocket-tls,csvparser,afsocket,afstomp,system-source,afmongodb,cryptofuncs,afprog,syslogformat,afuser,confgen Enable-Debug: off Enable-GProf: off Enable-Memtrace: off Enable-IPv6: on Enable-Spoof-Source: off Enable-TCP-Wrapper: off Enable-Linux-Caps: on Enable-Pcre: on ******************* And the config file (my lines remarked with <<<<<<): +++++++++++++++++ @version: 3.5 # Drop-in replacement for a stock Slackware syslog.conf # For info about the format of this file, see "man syslog-ng.conf" # Written by Mario Preksavec <mario@slackware.hr> options { flush_lines(0); time_reopen(60); log_fifo_size(10240); log_msg_size(8192); chain_hostnames(no); use_dns(no); use_fqdn(no); create_dirs(yes); keep_hostname(yes); owner("root"); group("root"); perm(0640); dir_perm(0755); stats_freq(0); check_hostname(yes); dns_cache(no); }; source s_router { udp(ip(192.168.1.1) port(514)); }; <<<<<<<<<<<<< source s_system { internal(); unix-dgram("/dev/log"); file("/proc/kmsg" program_override("kernel")); }; filter f_messages { level(info,notice) and not facility(authpriv,cron,mail,news); }; filter f_syslog { level(warn..emerg) and not facility(authpriv,cron,mail,news); }; filter f_debug { level(debug); }; filter f_authpriv { facility(authpriv); }; filter f_cron { facility(cron); }; filter f_mail { facility(mail); }; filter f_emerg { level(emerg); }; filter f_uucp { facility(uucp); }; destination d_messages { file("/var/log/messages"); }; destination d_syslog { file("/var/log/syslog"); }; destination d_debug { file("/var/log/debug"); }; destination d_secure { file("/var/log/secure"); }; destination d_cron { file("/var/log/cron"); }; destination d_maillog { file("/var/log/maillog"); }; destination d_usertty { usertty("*"); }; destination d_spooler { file("/var/log/spooler"); }; destination d_router { file("/var/log/router"); }; <<<<<<<<<<<<< ############ ## Router ########################### log { source{s_router}; destination{d_router}; }; <<<<<<<<<<<<< # Log anything 'info' or higher, but lower than 'warn'. # Exclude authpriv, cron, mail, and news. These are logged elsewhere. log { source(s_system); filter(f_messages); destination(d_messages); }; # Log anything 'warn' or higher. # Exclude authpriv, cron, mail, and news. These are logged elsewhere. log { source(s_system); filter(f_syslog); destination(d_syslog); }; # Debugging information is logged here. log { source(s_system); filter(f_debug); destination(d_debug); }; # Private authentication message logging: log { source(s_system); filter(f_authpriv); destination(d_secure); }; # Cron related logs: log { source(s_system); filter(f_cron); destination(d_cron); }; # Mail related logs: log { source(s_system); filter(f_mail); destination(d_maillog); }; # Emergency level messages go to all users: log { source(s_system); filter(f_emerg); destination(d_usertty); }; # This log is for news and uucp errors: log { source(s_system); filter(f_uucp); destination(d_spooler); }; # Uncomment this to see kernel messages on the console. #filter f_kern { facility(kern); }; #destination d_console { file("/dev/console"); }; #log { source(s_system); filter(f_kern); destination(d_console); }; # Uncomment these if you'd like INN to keep logs on everything. # You won't need this if you don't run INN (the InterNetNews daemon). #filter f_news_crit { facility(news) and level(crit); }; #filter f_news_err { facility(news) and level(err); }; #filter f_news_notice { facility(news) and level(notice); }; #destination d_news_crit { file("/var/log/news/news.crit"); }; #destination d_news_err { file("/var/log/news/news.err"); }; #destination d_news_notice { file("/var/log/news/news.notice"); }; #log { source(s_system); filter(f_news_crit); destination(d_news_crit); }; #log { source(s_system); filter(f_news_err); destination(d_news_err); }; #log { source(s_system); filter(f_news_notice); destination(f_news_notice); }; *************************** If I comment my "log" line, it works fine, but if I use it, it complains about the "source" entry. Surely it is a silly mistake, but I can't see it, so if any of you could help me I really would be very gratefull thanks a lot! JM Diaz
log { source{s_router}; destination{d_router}; }; this needs to be log { source(s_router); destination(d_router); }; note the different braces around s_router and d_router On 02/28/2014 11:52 AM, Jesus M Diaz wrote:
Hello,
I have just came to 'syslog-ng' and I am having some troubles to setting it up.
I am using the "syslog-ng.conf" provided by "slackbuilds.org", and I have add just few lines. Well, those lines make the daemon not to run.
the error:
++++++++++++ Starting syslog-ng daemon: /usr/sbin/syslog-ng Error parsing source, source plugin s_router not found in /etc/syslog-ng/syslog-ng.conf at line 59, column 14:
log { source{s_router}; destination{d_router}; }; ^^^^^^^^
syslog-ng documentation: http://www.balabit.com/support/documentation/?product=syslog-ng mailing list: https://lists.balabit.hu/mailman/listinfo/syslog-ng *******************
the release: ++++++++++++ root@liet:/etc/syslog-ng# syslog-ng -V syslog-ng 3.5.2 Installer-Version: 3.5.2 Revision: ssh+git://algernon@git.balabit/var/scm/git/syslog-ng/syslog-ng-ose--mainline--3.5#master#a31bdb7a7f57382a90305bd033753b2762469854 Compile-Date: Feb 28 2014 19:53:40 Available-Modules: afsocket-notls,afamqp,linux-kmsg-format,basicfuncs,affile,dbparser,afsocket-tls,csvparser,afsocket,afstomp,system-source,afmongodb,cryptofuncs,afprog,syslogformat,afuser,confgen Enable-Debug: off Enable-GProf: off Enable-Memtrace: off Enable-IPv6: on Enable-Spoof-Source: off Enable-TCP-Wrapper: off Enable-Linux-Caps: on Enable-Pcre: on *******************
And the config file (my lines remarked with <<<<<<):
+++++++++++++++++ @version: 3.5
# Drop-in replacement for a stock Slackware syslog.conf # For info about the format of this file, see "man syslog-ng.conf" # Written by Mario Preksavec <mario@slackware.hr>
options { flush_lines(0); time_reopen(60); log_fifo_size(10240); log_msg_size(8192); chain_hostnames(no); use_dns(no); use_fqdn(no); create_dirs(yes); keep_hostname(yes); owner("root"); group("root"); perm(0640); dir_perm(0755); stats_freq(0); check_hostname(yes); dns_cache(no); };
source s_router { udp(ip(192.168.1.1) port(514)); }; <<<<<<<<<<<<<
source s_system { internal(); unix-dgram("/dev/log"); file("/proc/kmsg" program_override("kernel")); };
filter f_messages { level(info,notice) and not facility(authpriv,cron,mail,news); }; filter f_syslog { level(warn..emerg) and not facility(authpriv,cron,mail,news); }; filter f_debug { level(debug); }; filter f_authpriv { facility(authpriv); }; filter f_cron { facility(cron); }; filter f_mail { facility(mail); }; filter f_emerg { level(emerg); }; filter f_uucp { facility(uucp); };
destination d_messages { file("/var/log/messages"); }; destination d_syslog { file("/var/log/syslog"); }; destination d_debug { file("/var/log/debug"); }; destination d_secure { file("/var/log/secure"); }; destination d_cron { file("/var/log/cron"); }; destination d_maillog { file("/var/log/maillog"); }; destination d_usertty { usertty("*"); }; destination d_spooler { file("/var/log/spooler"); };
destination d_router { file("/var/log/router"); }; <<<<<<<<<<<<<
############ ## Router ########################### log { source{s_router}; destination{d_router}; }; <<<<<<<<<<<<<
# Log anything 'info' or higher, but lower than 'warn'. # Exclude authpriv, cron, mail, and news. These are logged elsewhere. log { source(s_system); filter(f_messages); destination(d_messages); };
# Log anything 'warn' or higher. # Exclude authpriv, cron, mail, and news. These are logged elsewhere. log { source(s_system); filter(f_syslog); destination(d_syslog); };
# Debugging information is logged here. log { source(s_system); filter(f_debug); destination(d_debug); };
# Private authentication message logging: log { source(s_system); filter(f_authpriv); destination(d_secure); };
# Cron related logs: log { source(s_system); filter(f_cron); destination(d_cron); };
# Mail related logs: log { source(s_system); filter(f_mail); destination(d_maillog); };
# Emergency level messages go to all users: log { source(s_system); filter(f_emerg); destination(d_usertty); };
# This log is for news and uucp errors: log { source(s_system); filter(f_uucp); destination(d_spooler); };
# Uncomment this to see kernel messages on the console. #filter f_kern { facility(kern); }; #destination d_console { file("/dev/console"); }; #log { source(s_system); filter(f_kern); destination(d_console); };
# Uncomment these if you'd like INN to keep logs on everything. # You won't need this if you don't run INN (the InterNetNews daemon). #filter f_news_crit { facility(news) and level(crit); }; #filter f_news_err { facility(news) and level(err); }; #filter f_news_notice { facility(news) and level(notice); }; #destination d_news_crit { file("/var/log/news/news.crit"); }; #destination d_news_err { file("/var/log/news/news.err"); }; #destination d_news_notice { file("/var/log/news/news.notice"); }; #log { source(s_system); filter(f_news_crit); destination(d_news_crit); }; #log { source(s_system); filter(f_news_err); destination(d_news_err); }; #log { source(s_system); filter(f_news_notice); destination(f_news_notice); }; ***************************
If I comment my "log" line, it works fine, but if I use it, it complains about the "source" entry.
Surely it is a silly mistake, but I can't see it, so if any of you could help me I really would be very gratefull
thanks a lot!
JM Diaz ______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
-- Evan Rempel erempel@uvic.ca Senior Systems Administrator 250.721.7691 Data Centre Services, University Systems, University of Victoria
yes, thanks! finally I saw it, the brackets!!! as I said ... a silly mistake! Thanks a lot!!!! 2014-02-28 21:56 GMT+01:00 Evan Rempel <erempel@uvic.ca>:
log { source{s_router}; destination{d_router}; };
this needs to be
log { source(s_router); destination(d_router); };
note the different braces around s_router and d_router
On 02/28/2014 11:52 AM, Jesus M Diaz wrote:
Hello,
I have just came to 'syslog-ng' and I am having some troubles to setting it up.
I am using the "syslog-ng.conf" provided by "slackbuilds.org", and I have add just few lines. Well, those lines make the daemon not to run.
the error:
++++++++++++ Starting syslog-ng daemon: /usr/sbin/syslog-ng Error parsing source, source plugin s_router not found in /etc/syslog-ng/syslog-ng.conf at line 59, column 14:
log { source{s_router}; destination{d_router}; }; ^^^^^^^^
syslog-ng documentation: http://www.balabit.com/support/documentation/?product=syslog-ng mailing list: https://lists.balabit.hu/mailman/listinfo/syslog-ng *******************
the release: ++++++++++++ root@liet:/etc/syslog-ng# syslog-ng -V syslog-ng 3.5.2 Installer-Version: 3.5.2 Revision: ssh+git://algernon@git.balabit/var/scm/git/syslog-ng/syslog-ng-ose--mainline--3.5#master#a31bdb7a7f57382a90305bd033753b2762469854 Compile-Date: Feb 28 2014 19:53:40 Available-Modules: afsocket-notls,afamqp,linux-kmsg-format,basicfuncs,affile,dbparser,afsocket-tls,csvparser,afsocket,afstomp,system-source,afmongodb,cryptofuncs,afprog,syslogformat,afuser,confgen Enable-Debug: off Enable-GProf: off Enable-Memtrace: off Enable-IPv6: on Enable-Spoof-Source: off Enable-TCP-Wrapper: off Enable-Linux-Caps: on Enable-Pcre: on *******************
And the config file (my lines remarked with <<<<<<):
+++++++++++++++++ @version: 3.5
# Drop-in replacement for a stock Slackware syslog.conf # For info about the format of this file, see "man syslog-ng.conf" # Written by Mario Preksavec <mario@slackware.hr>
options { flush_lines(0); time_reopen(60); log_fifo_size(10240); log_msg_size(8192); chain_hostnames(no); use_dns(no); use_fqdn(no); create_dirs(yes); keep_hostname(yes); owner("root"); group("root"); perm(0640); dir_perm(0755); stats_freq(0); check_hostname(yes); dns_cache(no); };
source s_router { udp(ip(192.168.1.1) port(514)); }; <<<<<<<<<<<<<
source s_system { internal(); unix-dgram("/dev/log"); file("/proc/kmsg" program_override("kernel")); };
filter f_messages { level(info,notice) and not facility(authpriv,cron,mail,news); }; filter f_syslog { level(warn..emerg) and not facility(authpriv,cron,mail,news); }; filter f_debug { level(debug); }; filter f_authpriv { facility(authpriv); }; filter f_cron { facility(cron); }; filter f_mail { facility(mail); }; filter f_emerg { level(emerg); }; filter f_uucp { facility(uucp); };
destination d_messages { file("/var/log/messages"); }; destination d_syslog { file("/var/log/syslog"); }; destination d_debug { file("/var/log/debug"); }; destination d_secure { file("/var/log/secure"); }; destination d_cron { file("/var/log/cron"); }; destination d_maillog { file("/var/log/maillog"); }; destination d_usertty { usertty("*"); }; destination d_spooler { file("/var/log/spooler"); };
destination d_router { file("/var/log/router"); }; <<<<<<<<<<<<<
############ ## Router ########################### log { source{s_router}; destination{d_router}; }; <<<<<<<<<<<<<
# Log anything 'info' or higher, but lower than 'warn'. # Exclude authpriv, cron, mail, and news. These are logged elsewhere. log { source(s_system); filter(f_messages); destination(d_messages); };
# Log anything 'warn' or higher. # Exclude authpriv, cron, mail, and news. These are logged elsewhere. log { source(s_system); filter(f_syslog); destination(d_syslog); };
# Debugging information is logged here. log { source(s_system); filter(f_debug); destination(d_debug); };
# Private authentication message logging: log { source(s_system); filter(f_authpriv); destination(d_secure); };
# Cron related logs: log { source(s_system); filter(f_cron); destination(d_cron); };
# Mail related logs: log { source(s_system); filter(f_mail); destination(d_maillog); };
# Emergency level messages go to all users: log { source(s_system); filter(f_emerg); destination(d_usertty); };
# This log is for news and uucp errors: log { source(s_system); filter(f_uucp); destination(d_spooler); };
# Uncomment this to see kernel messages on the console. #filter f_kern { facility(kern); }; #destination d_console { file("/dev/console"); }; #log { source(s_system); filter(f_kern); destination(d_console); };
# Uncomment these if you'd like INN to keep logs on everything. # You won't need this if you don't run INN (the InterNetNews daemon). #filter f_news_crit { facility(news) and level(crit); }; #filter f_news_err { facility(news) and level(err); }; #filter f_news_notice { facility(news) and level(notice); }; #destination d_news_crit { file("/var/log/news/news.crit"); }; #destination d_news_err { file("/var/log/news/news.err"); }; #destination d_news_notice { file("/var/log/news/news.notice"); }; #log { source(s_system); filter(f_news_crit); destination(d_news_crit); }; #log { source(s_system); filter(f_news_err); destination(d_news_err); }; #log { source(s_system); filter(f_news_notice); destination(f_news_notice); }; ***************************
If I comment my "log" line, it works fine, but if I use it, it complains about the "source" entry.
Surely it is a silly mistake, but I can't see it, so if any of you could help me I really would be very gratefull
thanks a lot!
JM Diaz ______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
-- Evan Rempel erempel@uvic.ca Senior Systems Administrator 250.721.7691 Data Centre Services, University Systems, University of Victoria ______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
participants (2)
-
Evan Rempel
-
Jesus M Diaz