Syslog-ng central logging server
Server ----------------------------- [root@plggd020 etc]# more syslog-ng.conf #sample syslog-ng.conf for a central logging server options { sync (0); log_fifo_size (2048); create_dirs (yes); group (root); dir_group (root); perm (0640); dir_perm (0750); }; source s_local { internal(); unix-stream("/dev/log"); file("/proc/kmsg" log_prefix("kernel: ")); }; destination d_auth { file("/var/log/auth.log"); }; filter f_auth { facility(auth, authpriv); }; source s_remote { tcp(); }; destination d_clients { file("/var/log/HOSTS/$HOST"); }; log { source(s_remote); destination(d_clients); }; log { source(s_local); filter(f_auth); destination(d_auth); }; Client ----------------- -bash-3.00# more syslog-ng.conf #sample syslog-ng.conf for a remote client source s_local { internal(); unix-stream("/dev/log"); file("/proc/kmsg" log_prefix("kernel: ")); }; destination d_loghost {tcp("20.5.68.82" port(514));}; log { source(s_local); destination(d_loghost); }; destination messages { file("/var/log/messages-ng"); }; log { source(s_local); destination(messages); }; -bash-3.00# And there is no message going to Server However at Client side log files shows the message as below: -bash-3.00# logger "test " -bash-3.00# tail /var/log/messages-ng Apr 23 08:44:38 s_local@zlggd052 syslog-ng[9935]: syslog-ng starting up; version='2.0.2' Apr 23 08:44:38 s_local@zlggd052 syslog-ng[9935]: Connection failed; error='No route to host (113)', time_reopen='60' Apr 23 08:45:12 s_local@zlggd052 syslog-ng[9935]: SIGTERM received, terminating; Apr 23 08:45:12 s_local@zlggd052 syslog-ng[9935]: syslog-ng shutting down; version='2.0.2' Apr 23 08:45:13 s_local@zlggd052 syslog-ng[9945]: syslog-ng starting up; version='2.0.2' Apr 23 08:45:13 s_local@zlggd052 syslog-ng[9945]: Connection failed; error='No route to host (113)', time_reopen='60' Apr 23 08:45:18 s_local@zlggd052 soetest1: test Apr 23 08:46:13 s_local@zlggd052 syslog-ng[9945]: Connection failed; error='No route to host (113)', time_reopen='60' Apr 23 08:47:13 s_local@zlggd052 syslog-ng[9945]: Connection failed; error='No route to host (113)', time_reopen='60' Apr 23 08:47:46 s_local@zlggd052 soetest1: test -bash-3.00# Please suggest what will be the reason. Thanks & Regards Shamim --------------------------------- Yahoo! Answers - Got a question? Someone out there knows the answer. Tryit now.
Apr 23 08:47:13 s_local@zlggd052 syslog-ng[9945]: Connection failed; error='No route to host (113)', time_reopen='60' Apr 23 08:47:46 s_local@zlggd052 soetest1: test -bash-3.00#
Please suggest what will be the reason.
What does 'netstat -r -n' show? Looks like a routing problem, not a syslog-ng-related one. Regards, Sandor -------------------------------------------------------- NOTICE: If received in error, please destroy and notify sender. Sender does not intend to waive confidentiality or privilege. Use of this email is prohibited when received in error.
The server is not configured to accept any TCP incoming data. You require a source with TCP source s_tcp { tcp(ip("20.5.68.82") port(514) ); }; The option ip should really read localip but some versions of syslog-ng did not accept this option, so ip is used. An then include that in your log configuration on your server. Evan. Shamim wrote:
Server ----------------------------- [root@plggd020 etc]# more syslog-ng.conf #sample syslog-ng.conf for a central logging server options { sync (0); log_fifo_size (2048); create_dirs (yes); group (root); dir_group (root); perm (0640); dir_perm (0750); }; source s_local { internal(); unix-stream("/dev/log"); file("/proc/kmsg" log_prefix("kernel: ")); }; destination d_auth { file("/var/log/auth.log"); }; filter f_auth { facility(auth, authpriv); }; source s_remote { tcp(); }; destination d_clients { file("/var/log/HOSTS/$HOST"); }; log { source(s_remote); destination(d_clients); }; log { source(s_local); filter(f_auth); destination(d_auth); };
Client ----------------- -bash-3.00# more syslog-ng.conf #sample syslog-ng.conf for a remote client source s_local { internal(); unix-stream("/dev/log"); file("/proc/kmsg" log_prefix("kernel: ")); }; destination d_loghost {tcp("20.5.68.82" port(514));}; log { source(s_local); destination(d_loghost); }; destination messages { file("/var/log/messages-ng"); }; log { source(s_local); destination(messages); }; -bash-3.00# And there is no message going to Server However at Client side log files shows the message as below: -bash-3.00# logger "test " -bash-3.00# tail /var/log/messages-ng Apr 23 08:44:38 s_local@zlggd052 syslog-ng[9935]: syslog-ng starting up; version='2.0.2' Apr 23 08:44:38 s_local@zlggd052 syslog-ng[9935]: Connection failed; error='No route to host (113)', time_reopen='60' Apr 23 08:45:12 s_local@zlggd052 syslog-ng[9935]: SIGTERM received, terminating; Apr 23 08:45:12 s_local@zlggd052 syslog-ng[9935]: syslog-ng shutting down; version='2.0.2' Apr 23 08:45:13 s_local@zlggd052 syslog-ng[9945]: syslog-ng starting up; version='2.0.2' Apr 23 08:45:13 s_local@zlggd052 syslog-ng[9945]: Connection failed; error='No route to host (113)', time_reopen='60' Apr 23 08:45:18 s_local@zlggd052 soetest1: test Apr 23 08:46:13 s_local@zlggd052 syslog-ng[9945]: Connection failed; error='No route to host (113)', time_reopen='60' Apr 23 08:47:13 s_local@zlggd052 syslog-ng[9945]: Connection failed; error='No route to host (113)', time_reopen='60' Apr 23 08:47:46 s_local@zlggd052 soetest1: test -bash-3.00#
Please suggest what will be the reason.
Thanks & Regards
Shamim
--------------------------------- Yahoo! Answers - Got a question? Someone out there knows the answer. Tryit now.
------------------------------------------------------------------------
_______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
-- Evan Rempel erempel@uvic.ca Senior Programmer Analyst 250.721.7691 Computing Services University of Victoria
Sorry, I can't read this morning :-( Please ignore this post. Evan. Evan Rempel wrote:
The server is not configured to accept any TCP incoming data. You require a source with TCP
source s_tcp { tcp(ip("20.5.68.82") port(514) ); };
The option ip should really read localip but some versions of syslog-ng did not accept this option, so ip is used.
An then include that in your log configuration on your server.
Evan.
Shamim wrote:
Server ----------------------------- [root@plggd020 etc]# more syslog-ng.conf #sample syslog-ng.conf for a central logging server options { sync (0); log_fifo_size (2048); create_dirs (yes); group (root); dir_group (root); perm (0640); dir_perm (0750); }; source s_local { internal(); unix-stream("/dev/log"); file("/proc/kmsg" log_prefix("kernel: ")); }; destination d_auth { file("/var/log/auth.log"); }; filter f_auth { facility(auth, authpriv); }; source s_remote { tcp(); }; destination d_clients { file("/var/log/HOSTS/$HOST"); }; log { source(s_remote); destination(d_clients); }; log { source(s_local); filter(f_auth); destination(d_auth); }; Client ----------------- -bash-3.00# more syslog-ng.conf #sample syslog-ng.conf for a remote client source s_local { internal(); unix-stream("/dev/log"); file("/proc/kmsg" log_prefix("kernel: ")); }; destination d_loghost {tcp("20.5.68.82" port(514));}; log { source(s_local); destination(d_loghost); }; destination messages { file("/var/log/messages-ng"); }; log { source(s_local); destination(messages); }; -bash-3.00# And there is no message going to Server However at Client side log files shows the message as below: -bash-3.00# logger "test " -bash-3.00# tail /var/log/messages-ng Apr 23 08:44:38 s_local@zlggd052 syslog-ng[9935]: syslog-ng starting up; version='2.0.2' Apr 23 08:44:38 s_local@zlggd052 syslog-ng[9935]: Connection failed; error='No route to host (113)', time_reopen='60' Apr 23 08:45:12 s_local@zlggd052 syslog-ng[9935]: SIGTERM received, terminating; Apr 23 08:45:12 s_local@zlggd052 syslog-ng[9935]: syslog-ng shutting down; version='2.0.2' Apr 23 08:45:13 s_local@zlggd052 syslog-ng[9945]: syslog-ng starting up; version='2.0.2' Apr 23 08:45:13 s_local@zlggd052 syslog-ng[9945]: Connection failed; error='No route to host (113)', time_reopen='60' Apr 23 08:45:18 s_local@zlggd052 soetest1: test Apr 23 08:46:13 s_local@zlggd052 syslog-ng[9945]: Connection failed; error='No route to host (113)', time_reopen='60' Apr 23 08:47:13 s_local@zlggd052 syslog-ng[9945]: Connection failed; error='No route to host (113)', time_reopen='60' Apr 23 08:47:46 s_local@zlggd052 soetest1: test -bash-3.00# Please suggest what will be the reason. Thanks & Regards Shamim
--------------------------------- Yahoo! Answers - Got a question? Someone out there knows the answer. Tryit now.
------------------------------------------------------------------------
_______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
-- Evan Rempel erempel@uvic.ca Senior Programmer Analyst 250.721.7691 Computing Services University of Victoria
participants (3)
-
Evan Rempel
-
Geller, Sandor (IT)
-
Shamim