Nate, Thanks for the response. I'm going to combine the answer from both your emails in this one. I took out the duplicate "source src" line but that didn't help. I changed the filter f_messages line as well, also no help. **Note below for those that may find this in a search some day in the future** I had changed that from the original in the example file (from the FAQ): filter f_messages { level(info..emerg) and not facility(mail,lpr); } To: filter f_messages { level(info.emerg) and not facility(mail,lpr); } I should have known it would be a comma. syslog-ng starts just fine and shows no errors. I tried the syslog-ng -s -f command in your message but the -s parameter is not supported , I get an error. I was starting to suspect that my problem may be with stunnel. When I boot I see an OK on load but the very last thing that is loaded is stunnel and I finally was able to catch this message on the console: SSL_CTX_useRSAPRivateKey_file: error: 0906D06C: PEM routines: PEM_read_bio: no start line I took out the stunnel start line in rc.local and still no logging. I'm wondering if I should just run syslog-ng without stunnel. I'm not planning on having this server on a public IP address anyway. My plan was to run my public servers with a 2 NIC cards. On card to the public IP and one on a private network. The syslog-ng server would be on the private network behind all the other servers. I think I would have a pretty good chance of catching anything before it gets to the logging server. Any thoughts/suggestions? And not related: Nice site, I found it early on and got a lot of good information from it. Even so, you're not giving Great Lakes it's due, are you getting any grief for that :). Vilmos -----Original Message----- From: Nate Campi [mailto:nate@campin.net] Sent: Sunday, March 09, 2003 1:46 AM To: syslog-ng@lists.balabit.hu Subject: Re: [syslog-ng]Newbie question On Fri, Mar 07, 2003 at 08:31:12PM -0700, Vilmos Branyik wrote:
source src { unix-stream("/dev/log"); internal(); }; source src { unix-stream("/dev/log"); internal(); };
You have two source lines, remove one and see if that helps. Also is syslog-ng actually running or does it quit after parsing the config file? -- Nate Campi http://www.campin.net _______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
On Sun, Mar 09, 2003 at 10:02:34AM -0700, Vilmos Branyik wrote:
syslog-ng starts just fine and shows no errors. I tried the syslog-ng -s -f command in your message but the -s parameter is not supported , I get an error.
Must be a 1.5.x option. There's really no reason to be on 1.4.x anymore IMO. 1.5.x is used on debian woody (stable) and most of the people on this list in production environments (myself included). You should upgrade to the latest 1.5.x.
I was starting to suspect that my problem may be with stunnel. When I boot I see an OK on load but the very last thing that is loaded is stunnel and I finally was able to catch this message on the console:
SSL_CTX_useRSAPRivateKey_file: error: 0906D06C: PEM routines: PEM_read_bio: no start line
Well you're using stunnel just to collect from remote locations, shouldn't matter in that case.
Any thoughts/suggestions?
You're on the same track I'd take with simplifying the config. Make sure syslogd is not running and also klogd. From there run something really simple like: ################################ options { keep_hostname(yes); long_hostnames(off); sync(0); }; source src { unix-dgram("/dev/log"); internal(); }; destination everything { file("/var/log/everything.log"); }; log { source(src); destination(everything); }; ################################ Run this config and create logs manually with the "logger" command. You should see them in "/var/log/everything.log" as long as syslog isn't running. I can't really think of anything else to try right now.
Even so, you're not giving Great Lakes it's due, are you getting any grief for that :).
Great Lakes/Chicago is too cold, I'll stay in San Francisco where it's only freezing cold in the summer ;) -- Nate Campi http://www.campin.net
On Sun, Mar 09, 2003 at 09:39:33AM -0800, Nate Campi wrote:
Run this config and create logs manually with the "logger" command. You should see them in "/var/log/everything.log" as long as syslog isn't running. I can't really think of anything else to try right now.
As long as _syslogd_ isn't running. Of course _syslog-ng_ needs to be running :) -- Nate Campi http://www.campin.net
participants (2)
-
Nate Campi
-
Vilmos Branyik