Installing multiple instances of Syslog-NG
Hi Can someone help me figure out how to install multiple instances of syslog-ng on a single server. Copying the binary and starting it with a different configuration file did spawn another instances but it wasnt independent as i saw it behaving different than what is configured in its syslog-ng file. I need a parallel instance for development alongside production. Thanks in advance regards SK
You don't need to copy the binary, but you do need to specify a uniq set of configuration files, persistence files and control socket. You also need to ensure that the second instance does NOT read data from the local OS log sources such as /dev/log /proc/kmsg our second instance looks like syslog-ng --cfgfile=/usr/local/etc/syslog-ng/syslog-ng.files.conf --persist-file=/var/local/syslog-ng.files.persist --pidfile=/var/run/syslog-ng.files.pid --control=/var/local/syslog-ng.files.ctl Hope that helps. On 03/04/2014 07:24 AM, Shashank Rohatgi wrote:
Hi
Can someone help me figure out how to install multiple instances of syslog-ng on a single server. Copying the binary and starting it with a different configuration file did spawn another instances but it wasnt independent as i saw it behaving different than what is configured in its syslog-ng file.
I need a parallel instance for development alongside production. Thanks in advance
regards SK
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
-- Evan Rempel erempel@uvic.ca Senior Systems Administrator 250.721.7691 Data Centre Services, University Systems, University of Victoria
Evan Thank you for your reply. I am new to syslog-ng on command line. Can you also explain what are a persist and control files? On Tue, Mar 4, 2014 at 11:01 PM, Evan Rempel <erempel@uvic.ca> wrote:
You don't need to copy the binary, but you do need to specify a uniq set of configuration files, persistence files and control socket.
You also need to ensure that the second instance does NOT read data from the local OS log sources such as /dev/log /proc/kmsg
our second instance looks like
syslog-ng --cfgfile=/usr/local/etc/syslog-ng/syslog-ng.files.conf --persist-file=/var/local/syslog-ng.files.persist --pidfile=/var/run/syslog-ng.files.pid --control=/var/local/syslog-ng.files.ctl
Hope that helps.
On 03/04/2014 07:24 AM, Shashank Rohatgi wrote:
Hi
Can someone help me figure out how to install multiple instances of syslog-ng on a single server. Copying the binary and starting it with a different configuration file did spawn another instances but it wasnt independent as i saw it behaving different than what is configured in its syslog-ng file.
I need a parallel instance for development alongside production. Thanks in advance
regards SK
______________________________________________________________________________
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
-- Evan Rempel erempel@uvic.ca Senior Systems Administrator 250.721.7691 Data Centre Services, University Systems, University of Victoria
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
The persistence file is used to store the progress on the sources. If the source is from the network, then there isn't any progress, or stated differently, the concept of progress does not apply. If the source is reading from a file, then there is a "current position" in the file. If syslog-ng is stopped for a few minutes and then started again, it will resume from where it left of in the file. The control file can be used to send commands to a running instance of syslog-ng. You can get statistics and do other things. Best to read the manual on syslog-ng-ctl Evan. On 03/04/2014 01:18 PM, Shashank Rohatgi wrote:
Evan
Thank you for your reply. I am new to syslog-ng on command line. Can you also explain what are a persist and control files?
i was able to run the second instance with all three parameters but I am more confused.. The intent was to reroute messages from production instance to dev instances on the same machine and take out a selected steam of logs on a different port. rather than just the selected stream the second instance can see all the logs. Both the instances are listening on different ports. Port 514- gets logs from two products (say windows and unix) i write Windows to disk and route the unix logs on say port 517 (to second instance) Second instance is configure to write anything that it receives to a file. To my surprise the above file has logs for Windows and there is no network exchange at all. Could it be that the second instance internally confusing sources and destinations? On Wed, Mar 5, 2014 at 3:23 AM, Evan Rempel <erempel@uvic.ca> wrote:
The persistence file is used to store the progress on the sources. If the source is from the network, then there isn't any progress, or stated differently, the concept of progress does not apply.
If the source is reading from a file, then there is a "current position" in the file. If syslog-ng is stopped for a few minutes and then started again, it will resume from where it left of in the file.
The control file can be used to send commands to a running instance of syslog-ng. You can get statistics and do other things. Best to read the manual on syslog-ng-ctl
Evan.
On 03/04/2014 01:18 PM, Shashank Rohatgi wrote:
Evan
Thank you for your reply. I am new to syslog-ng on command line. Can you also explain what are a persist and control files?
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
We do exactly what you describe without any issues. Strictly a config issue, so you could attach your config file(s) so I can have a look. On 03/04/2014 10:23 PM, Shashank Rohatgi wrote:
i was able to run the second instance with all three parameters but I am more confused.. The intent was to reroute messages from production instance to dev instances on the same machine and take out a selected steam of logs on a different port. rather than just the selected stream the second instance can see all the logs. Both the instances are listening on different ports.
Port 514- gets logs from two products (say windows and unix) i write Windows to disk and route the unix logs on say port 517 (to second instance) Second instance is configure to write anything that it receives to a file. To my surprise the above file has logs for Windows and there is no network exchange at all.
Could it be that the second instance internally confusing sources and destinations?
So here was the issue. having udp(so_rcvbuf(1024000) in the syslog-ng conf was creating the issue. when i commented this it would have visibility only to the logs specificly forwarded to it.. And talking about log rotation, Any ideas other than using $YEAR/$MONTH/ basically date parameters to rotate logs on and successfully have crons to delete them? regards On Wed, Mar 5, 2014 at 11:58 PM, Evan Rempel <erempel@uvic.ca> wrote:
We do exactly what you describe without any issues.
Strictly a config issue, so you could attach your config file(s) so I can have a look.
On 03/04/2014 10:23 PM, Shashank Rohatgi wrote:
i was able to run the second instance with all three parameters but I am more confused.. The intent was to reroute messages from production instance to dev instances on the same machine and take out a selected steam of logs on a different port. rather than just the selected stream the second instance can see all the logs. Both the instances are listening on different ports.
Port 514- gets logs from two products (say windows and unix) i write Windows to disk and route the unix logs on say port 517 (to second instance) Second instance is configure to write anything that it receives to a file. To my surprise the above file has logs for Windows and there is no network exchange at all.
Could it be that the second instance internally confusing sources and destinations?
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
Any help creating init script for multiple syslog-ng instances running on same machine? On Thu, Mar 6, 2014 at 9:54 AM, Shashank Rohatgi <srck85@gmail.com> wrote:
So here was the issue. having udp(so_rcvbuf(1024000) in the syslog-ng conf was creating the issue. when i commented this it would have visibility only to the logs specificly forwarded to it..
And talking about log rotation, Any ideas other than using $YEAR/$MONTH/ basically date parameters to rotate logs on and successfully have crons to delete them?
regards
On Wed, Mar 5, 2014 at 11:58 PM, Evan Rempel <erempel@uvic.ca> wrote:
We do exactly what you describe without any issues.
Strictly a config issue, so you could attach your config file(s) so I can have a look.
On 03/04/2014 10:23 PM, Shashank Rohatgi wrote:
i was able to run the second instance with all three parameters but I am more confused.. The intent was to reroute messages from production instance to dev instances on the same machine and take out a selected steam of logs on a different port. rather than just the selected stream the second instance can see all the logs. Both the instances are listening on different ports.
Port 514- gets logs from two products (say windows and unix) i write Windows to disk and route the unix logs on say port 517 (to second instance) Second instance is configure to write anything that it receives to a file. To my surprise the above file has logs for Windows and there is no network exchange at all.
Could it be that the second instance internally confusing sources and destinations?
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
Hi, On Thu, Mar 13, 2014 at 11:34:49AM +0530, Shashank Rohatgi wrote:
Any help creating init script for multiple syslog-ng instances running on same machine?
What I usually do (EL based systems): 1) modify the init script to use $0 to identify instance 2) use $0 to load different defaults e.g. /etc/sysconfig/$0 3) create symlinks of the init script for multiple instances e.g. syslog-ng.prod -> syslog-ng syslog-ng.dev -> syslog-ng If you need more details, I can happily be of assistance but maybe privately, as this is probably out of the scope of this ML Cheers
participants (3)
-
Evan Rempel
-
Fabien Wernli
-
Shashank Rohatgi