Syslogs from Router
I am trying to get my router (Netgear FVS338) to send syslogs to my computer but I cant seem to get it configured correctly. Ive googled for the past three days and come up short with little to no help and what little i did find i kept getting syntax errors for. I know I'm doing something wrong but I don't know what. If I could get some help on this or be pointed in a better direction it would be most appricated. Thank you in advance. -- Sincerely, Chris KeyID: 0x348DC808 Keyserver: pool.sks-keyservers.net
Can you post the errors and your config? -Patrick Sent: Fri Jan 14 2011 00:16:25 GMT-0700 (Mountain Standard Time) From: Christopher Petsch <jedi_darklighter@hotmail.com> To: syslog-ng@lists.balabit.hu Subject: [syslog-ng] Syslogs from Router
I am trying to get my router (Netgear FVS338) to send syslogs to my computer but I cant seem to get it configured correctly. Ive googled for the past three days and come up short with little to no help and what little i did find i kept getting syntax errors for. I know I'm doing something wrong but I don't know what. If I could get some help on this or be pointed in a better direction it would be most appricated. Thank you in advance.
------------------------------------------------------------------------
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.campin.net/syslog-ng/faq.html
i was recieving a syntax error on line 58 . here is the config that i was useing . # syslog-ng configuration file. # # This should behave pretty much like the original syslog on RedHat. But # it could be configured a lot smarter. # # See syslog-ng(8) and syslog-ng.conf(5) for more information. # options { sync (0); time_reopen (10); log_fifo_size (1000); long_hostnames (off); use_dns (no); use_fqdn (no); create_dirs (no); keep_hostname (yes); }; source s_sys { file ("/proc/kmsg" log_prefix("kernel: ")); unix-stream ("/dev/log"); internal(); #udp(ip(0.0.0.0) port(514)); }; source Router { udp(ip(192.168.20.1) port(514)); }; destination d_cons { file("/dev/console"); }; destination d_mesg { file("/var/log/messages"); }; destination d_auth { file("/var/log/secure"); }; destination d_mail { file("/var/log/maillog" sync(10)); }; destination d_spol { file("/var/log/spooler"); }; destination d_boot { file("/var/log/boot.log"); }; destination d_cron { file("/var/log/cron"); }; destination d_kern { file("/var/log/kern"); }; destination d_mlal { usertty("*"); }; destination d_Router{ file("/var/log/Router"); }; filter f_kernel { facility(kern); }; filter f_default { level(info..emerg) and not (facility(mail) or facility(authpriv) or facility(cron)); }; filter f_auth { facility(authpriv); }; filter f_mail { facility(mail); }; filter f_emergency { level(emerg); }; filter f_news { facility(uucp) or (facility(news) and level(crit..emerg)); }; filter f_boot { facility(local7); }; filter f_cron { facility(cron); }; filter f_Router { level(info); } log { source(s_sys); filter(f_kernel); destination(d_cons); }; log { source(s_sys); filter(f_kernel); destination(d_kern); }; log { source(s_sys); filter(f_default); destination(d_mesg); }; log { source(s_sys); filter(f_auth); destination(d_auth); }; log { source(s_sys); filter(f_mail); destination(d_mail); }; log { source(s_sys); filter(f_emergency); destination(d_mlal); }; log { source(s_sys); filter(f_news); destination(d_spol); }; log { source(s_sys); filter(f_boot); destination(d_boot); }; log { source(s_sys); filter(f_cron); destination(d_cron); }; log { source(Router); filter(f_Router); destination(d_Router); }; vim:ft=syslog-ng:ai:si:ts=4:sw=4:et: On 01/14/2011 01:36 AM, Patrick H. wrote:
Can you post the errors and your config?
-Patrick
Sent: Fri Jan 14 2011 00:16:25 GMT-0700 (Mountain Standard Time) From: Christopher Petsch <jedi_darklighter@hotmail.com> To: syslog-ng@lists.balabit.hu Subject: [syslog-ng] Syslogs from Router
I am trying to get my router (Netgear FVS338) to send syslogs to my computer but I cant seem to get it configured correctly. Ive googled for the past three days and come up short with little to no help and what little i did find i kept getting syntax errors for. I know I'm doing something wrong but I don't know what. If I could get some help on this or be pointed in a better direction it would be most appricated. Thank you in advance.
------------------------------------------------------------------------
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.campin.net/syslog-ng/faq.html
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.campin.net/syslog-ng/faq.html
-- Sincerely, Chris " Governments are instituted among Men, deriving their just powers from the consent of the governed,- That whenever any Form of Government becomes destructive of these ends, it is the Right of the People to alter or to abolish it, and to institute new Government, laying its foundation on such principles and organizing its powers in such form, as to them shall seem most likely to effect their Safety and Happiness. - But when a long train of abuses and usurpations, pursuing invariably the same Objective evinces a design to reduce them under absolute Despotism, it is their right, it is their duty, to throw off such Government, and to provide new Guards for their future security. " - The United States Declaration of Independence, July 4, 1776 KeyID: 0x348DC808 Keyserver: pool.sks-keyservers.net
On Fri, 2011-01-14 at 10:33 +0100, Sandor Geller wrote:
Hi,
On Fri, Jan 14, 2011 at 8:44 AM, Christopher Petsch <jedi_darklighter@hotmail.com> wrote:
i was recieving a syntax error on line 58 . here is the config that i was useing .
...
filter f_Router { level(info); }
The trailing semicolon is missing here.
On a side-note, syslog-ng 3.2 produces much more readable error messages than earlier versions, so you should have had an easier time with that. -- Bazsi
On 01/14/2011 05:33 AM, Balazs Scheidler wrote:
On Fri, 2011-01-14 at 10:33 +0100, Sandor Geller wrote:
Hi,
On Fri, Jan 14, 2011 at 8:44 AM, Christopher Petsch <jedi_darklighter@hotmail.com> wrote:
i was recieving a syntax error on line 58 . here is the config that i was useing .
...
filter f_Router { level(info); }
The trailing semicolon is missing here.
On a side-note, syslog-ng 3.2 produces much more readable error messages than earlier versions, so you should have had an easier time with that.
First, let me thank you all for the quick responces, its really appricated. Second, I added the semicolon into the config file as indicated and re-read over it to make sure that I didnt mistype anything else that I could obviously see, then saved the file. When I tried to restart the service so it would read the configs I recieved the error again, " syntax error in /etc/syslog-ng/syslog-ng.conf at line 68." new line but essentially the same error. -- Sincerely, Chris KeyID: 0x348DC808 Keyserver: pool.sks-keyservers.net
Hi! On Fri, 2011-01-14 at 10:56 -0600, Christopher Petsch wrote:
When I tried to restart the service so it would read the configs I recieved the error again, " syntax error in /etc/syslog-ng/syslog-ng.conf at line 68." new line but essentially the same error.
Isn't that line is the vim config line? Could you add a # in front of it? -- SZALAY Attila Support (L3) Team Leader e-mail: attila.szalay@balabit.com BalaBit IT Security www.balabit.com H-1115 Bártfai str. 54. Budapest This Communication is Confidential. We only send and receive email on the basis of the terms set out at http://www.balabit.com/disclaimer/.
that seemed to fix that issue now im getting an error that states can not bind to that port, firewall is off. Think im gonna parse though the routers source code and see if i can find the port it uses since the documentation doesn't mention it. Thank you all for the help so far on this issue. On 01/18/2011 02:31 AM, SZALAY Attila wrote:
Hi!
On Fri, 2011-01-14 at 10:56 -0600, Christopher Petsch wrote:
When I tried to restart the service so it would read the configs I recieved the error again, " syntax error in /etc/syslog-ng/syslog-ng.conf at line 68." new line but essentially the same error.
Isn't that line is the vim config line? Could you add a # in front of it?
-- Sincerely, Chris " Governments are instituted among Men, deriving their just powers from the consent of the governed,- That whenever any Form of Government becomes destructive of these ends, it is the Right of the People to alter or to abolish it, and to institute new Government, laying its foundation on such principles and organizing its powers in such form, as to them shall seem most likely to effect their Safety and Happiness. - But when a long train of abuses and usurpations, pursuing invariably the same Objective evinces a design to reduce them under absolute Despotism, it is their right, it is their duty, to throw off such Government, and to provide new Guards for their future security. " - The United States Declaration of Independence, July 4, 1776 KeyID: 0x348DC808 Keyserver: pool.sks-keyservers.net
I think you may have your source driver misconfigured as well. "udp(ip(192.168.20.1) port(514));" is 192.168.20.1 your router? If so the IP needs to be of the machine accepting the connection, not of the router. So if 192.168.20.2 were the syslog server, put that as the IP instead. -Patrick Sent: Tue Jan 18 2011 10:48:28 GMT-0700 (Mountain Standard Time) From: Christopher Petsch <jedi_darklighter@hotmail.com> To: SZALAY Attila <sasa@balabit.hu> Syslog-ng users' and developers' mailing list <syslog-ng@lists.balabit.hu> Subject: Re: [syslog-ng] Syslogs from Router
that seemed to fix that issue now im getting an error that states can not bind to that port, firewall is off. Think im gonna parse though the routers source code and see if i can find the port it uses since the documentation doesn't mention it. Thank you all for the help so far on this issue.
On 01/18/2011 02:31 AM, SZALAY Attila wrote:
Hi!
On Fri, 2011-01-14 at 10:56 -0600, Christopher Petsch wrote:
When I tried to restart the service so it would read the configs I recieved the error again, " syntax error in /etc/syslog-ng/syslog-ng.conf at line 68." new line but essentially the same error.
Isn't that line is the vim config line? Could you add a # in front of it?
------------------------------------------------------------------------
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.campin.net/syslog-ng/faq.html
Oh, that worked. Now to see if i start getting info from the router. Thank you for the help. On 01/18/2011 11:58 AM, Patrick H. wrote:
I think you may have your source driver misconfigured as well. "udp(ip(192.168.20.1) port(514));"
is 192.168.20.1 your router? If so the IP needs to be of the machine accepting the connection, not of the router. So if 192.168.20.2 were the syslog server, put that as the IP instead.
-Patrick
Sent: Tue Jan 18 2011 10:48:28 GMT-0700 (Mountain Standard Time) From: Christopher Petsch <jedi_darklighter@hotmail.com> To: SZALAY Attila <sasa@balabit.hu> Syslog-ng users' and developers' mailing list <syslog-ng@lists.balabit.hu> Subject: Re: [syslog-ng] Syslogs from Router
that seemed to fix that issue now im getting an error that states can not bind to that port, firewall is off. Think im gonna parse though the routers source code and see if i can find the port it uses since the documentation doesn't mention it. Thank you all for the help so far on this issue.
On 01/18/2011 02:31 AM, SZALAY Attila wrote:
Hi!
On Fri, 2011-01-14 at 10:56 -0600, Christopher Petsch wrote:
When I tried to restart the service so it would read the configs I recieved the error again, " syntax error in /etc/syslog-ng/syslog-ng.conf at line 68." new line but essentially the same error.
Isn't that line is the vim config line? Could you add a # in front of it?
------------------------------------------------------------------------
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.campin.net/syslog-ng/faq.html
-- Sincerely, Chris " Governments are instituted among Men, deriving their just powers from the consent of the governed,- That whenever any Form of Government becomes destructive of these ends, it is the Right of the People to alter or to abolish it, and to institute new Government, laying its foundation on such principles and organizing its powers in such form, as to them shall seem most likely to effect their Safety and Happiness. - But when a long train of abuses and usurpations, pursuing invariably the same Objective evinces a design to reduce them under absolute Despotism, it is their right, it is their duty, to throw off such Government, and to provide new Guards for their future security. " - The United States Declaration of Independence, July 4, 1776 KeyID: 0x348DC808 Keyserver: pool.sks-keyservers.net
participants (5)
-
Balazs Scheidler
-
Christopher Petsch
-
Patrick H.
-
Sandor Geller
-
SZALAY Attila