sun solaris syslogng error

newer
Re: [syslog-ng] sun solaris...

older
Syslog-ng 3

list＠net-secured.com

29 Sep 2009 29 Sep '09

10:12 a.m.

Attachments:

attachment.html (text/html — 4.0 KB)

Show replies by date

Jain, Vaibhav (GE Healthcare)

29 Sep 29 Sep

10:41 a.m.

New subject: syslog-ng client machine IP address in message header

Hi, I am using syslog-ng open source (syslog-ng-3.0.3-1.rhel5.amd64) for log collection. I want to pass the syslog-ng machine ip address in the message header. in the current configuration I am getting following header in the log message --> Sep 29 00:24:20 INBLRECIS2871 '' In the above message "INBLRECIS2871" is the syslog-ng machine name but I want the IP address in place of machine name. let me know how to achieve this ? Current configurastion --> 1) syslog-ng client config :-> options { mark_freq(30); log_msg_size(65530); } destination d_messages { syslog("3.2.20.26" transport("tcp") port(601) template("$HOST $MSGHDR$MSG ::::$FILE_NAME")); } 2) syslog-ng server config-> options { time_reap(30); mark_freq(10); log_msg_size(65530); } Regards, Vaibhav

Balazs Scheidler

2:34 p.m.

New subject: syslog-ng client machine IP address in message header

On Tue, 2009-09-29 at 15:11 +0530, Jain, Vaibhav (GE Healthcare) wrote:

...

Hi,

I am using syslog-ng open source (syslog-ng-3.0.3-1.rhel5.amd64) for log collection. I want to pass the syslog-ng machine ip address in the message header. in the current configuration I am getting following header in the log message -->

Sep 29 00:24:20 INBLRECIS2871 ''

In the above message "INBLRECIS2871" is the syslog-ng machine name but I want the IP address in place of machine name. let me know how to achieve this ?

Current configurastion --> 1) syslog-ng client config :->

options { mark_freq(30); log_msg_size(65530); }

destination d_messages { syslog("3.2.20.26" transport("tcp") port(601) template("$HOST $MSGHDR$MSG ::::$FILE_NAME")); }

2) syslog-ng server config->

options { time_reap(30); mark_freq(10); log_msg_size(65530); }

Well, you can control the name resolution behaviour with: keep_hostname(yes or no) and use_dns(yes or no) If you use keep_hostname(no) and use_dns(no), you'll make syslog-ng to always replace the HOST field of the message with the IP address of the sender host. If you have multiple hops (e.g. relays), you might want to use the settings above only on the first hop, and then keep_hostname(yes) on the central syslog server, because otherwise you'd always see the relay ip address. -- Bazsi

Balazs Scheidler

2:32 p.m.

On Tue, 2009-09-29 at 02:12 -0700, list@net-secured.com wrote:

...

Why does sun-streams("/dev/log" door("/var/run/syslog_door")); line give the error below on Solaris 10:

Error opening syslog device; filename='/dev/log', error='Operation not supported on transport endpoint (122)' Error initializing source driver; source='src_local', id='src_local#0' Error initializing message pipeline;

unix-stream("/dev/log"); works but no log gets generated. The syslog-ng was downloaded from sunfreeware, Any input would be appreciated.

the unix-stream() driver might have overwritten your /dev/log device with a unix domain socket, instead of being a device node. check your /dev/log file, it should look like this: # ls -l /dev/log lrwxrwxrwx 1 root other 27 Jan 13 2009 /dev/log -> ../devices/pseudo/log@0:log And the file under /devices: crw-r----- 1 root sys 21, 5 Jan 13 2009 /devices/pseudo/log@0:log

...

here is my config:

@version:3.0 ############################################################### # First, set some global options. options { chain_hostnames(0); time_reopen(10); time_reap(360); log_fifo_size(2048); create_dirs(yes); group(adm); perm(0640); dir_perm(0755); use_dns(yes); stats_freq(0); }; ############################################################### # # This is the default behavior of sysklogd package # Logs may come from unix stream, but not from another machine. # source src_local { sun-streams("/dev/log" door("/var/run/syslog_door")); internal(); }; source s_dev { udp(ip("0.0.0.0") port(514)); }; ############################################################### # Some `catch-all' logfiles. destination d_src_local { file("/appl/232/data/syslog-ng/messages" owner(root) group(root) perm(0600) dir_perm(0700) cr eate_dirs(yes) ); }; destination d_dev { file("/appl/232/data/syslog-ng/fillit" owner(root) group(root) perm(0600) dir_perm(0700) create_dirs(y es) ); }; log { source(src_local); destination(d_src_local);}; log { source(s_dev); destination(d_dev);};

______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.campin.net/syslog-ng/faq.html

-- Bazsi

5807

Age (days ago)

5807

Last active (days ago)

List overview

Download

3 comments

3 participants

participants (3)

Balazs Scheidler
Jain, Vaibhav (GE Healthcare)
list＠net-secured.com