Error message: No source refers to internal messages,
Hi again! Thank you Nate and Bob for responding. I made changes which both of you pointed out. However, my error message persists. That is I am still getting " No source refers to internal messages, they will go to /dev/null unresolved reference:src Error initializing configuration, exiting." error message Now, after the recommended changes, my syslog-ng.conf file looks like this:
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> options {sync(0); }; source src { udp(10.101.54.2) port(514); internal(); };
destination telnet_d {file ("/var/log/telnetlog"); } ; log {source (src); destination (telnet_d); };
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
Specifically, - "internal();" was referenced in the syslog-ng.conf file - telnet_d was properly referenced in both destination and log... - just in case I changed source src_udp to source src...and change log to look like "log {source (src); destination (telnet_d); };"....this is because I am getting " unresolved reference:src" in the error message.. After, I made changes in the syslog-ng.conf AND rebooted the box (blame my Windows mentality) I ran syslog-ng manually from /etc and AGAIN the same error message popped up. Since, I have followed the editing recommendations from Nate Campi and Bob Lister and I am still getting the same error message I am forced to think out of the box now. Here are possible problem areas 1. SYSLOG-NG.CONF SYNTAX 2. SOMETHING WITH MY FREE BSD SET UP 3. Here is another problem area...the way I created telnetlog file in my /var/log folder is by way of running "vi telnetlog" and then exiting vi by way of "ESC...:wq!...." . This created the telnetlog file in /var/log which I CAN observe by way of l"s". The doubts I have is whether syslog-ng is able to write into thus created telnetlog file...does syslog-ng like the format of thus created telnetlog? Because, I am very new to FreeBSD I cannot be more specific in hypothesizing what is wrong with my FreeBSD...however... I managed at a certain point to pick up logs from my NT box...some entries related to the Telnet service start and stop showed up in one of my log files. At that point I had an assistance....from another person....not any more. Since then we terminated SYSLOG service entirely....and also made some changes to the ORIGINAL syslog-ng-conf file that came with the syslog-ng installation. Do you have any pointers...clues? Which other factors may be causing this error message? Here is round up of my setup: SYSLOG-NG release 1.6.0 r3 FreeBSD 4.8 box telnetlog created using vi syslog-ng is in /etc syslog-ng.conf is in /etc My original posting is below. I would greatly appreciate your suggestions. Regards, Ruben Saroukhanian MY ORIGINAL POSTING IN SYSLOG-NG MAILING LIST....
Hello folks, =20 Could somebody help me with this error message I am getting when = trying to run SYSLOG-NG? =20 Error message: No source refers to internal messages, they will go to /dev/null unresolved reference:src Error initializing configuration, exiting. =20 Here is my setup. =20 I installed syslog-ng version 1.6.0 r3 on my FreeBSD 4.8 box. =20 The overall plan is to collect log messages sent to by NTSyslog from a = Windows 2000 box to SYSLOG-NG on the FreeBSD 4.8 box. For a test I have been starting and stopping a telnet service on my = Windows 2000 box to pick up these events in the telnetlog file which I = created on my FreeBSD computer. =20 Both syslog-ng and syslog-ng.conf file are located in /etc of the = FreeBSD box. =20 I am logged in as root. =20 syslog.conf file looks like this: =20
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> options {sync(0); }; =20 source src_udp {udp(10.101.54.2) port(514); }; =20 destination telnet_d {file ("/var/log/telnetlog"); } ; =20 log {source (src_udp); destination (telnet_t); }; =20 >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> =20 =20 I run syslog-ng manually from inside /etc and get the error message = listed above. =20 Does the error message I am getting relate to syntax of the = syslog-ng.conf or something else? =20 Should I add a filter entry ...inside log statement argument? for it = to lool like >>>>>> log {source (src_udp); filter (DEFAUILT); = destination (telnet_t); }; ??? =20 I am looking forward to hearing from you. =20 Please send a copy of your response to rex@piva.net. =20 Thank you, =20 Ruben Saroukhanian
--__--__-- Message: 8 Date: Thu, 19 Jun 2003 22:34:13 +0100 From: Robert Lister <robl@linx.net> To: syslog-ng@lists.balabit.hu Subject: Re: [syslog-ng]Need help...with SYSLOG-NG Reply-To: syslog-ng@lists.balabit.hu
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> options {sync(0); };
source src_udp {udp(10.101.54.2) port(514); };
destination telnet_d {file ("/var/log/telnetlog"); } ;
----------------^^^^^^^^
log {source (src_udp); destination (telnet_t); }; -----------------------------------------^^^^^^^^
... maybe it relates to that? Fix that and see what it does. Rob -- Robert Lister - London Internet Exchange - http://www.linx.net/ - tel: +44 (0)20 7645 3510 - RL786-RIPE --__--__-- Message: 9 Date: Thu, 19 Jun 2003 16:54:32 -0700 From: Nate Campi <nate@campin.net> To: syslog-ng@lists.balabit.hu Subject: Re: [syslog-ng]Need help...with SYSLOG-NG Reply-To: syslog-ng@lists.balabit.hu On Thu, Jun 19, 2003 at 05:14:55PM -0400, R Saroukhanian wrote:
Error message: No source refers to internal messages, they will go to /dev/null unresolved reference:src Error initializing configuration, exiting.
<DEFANGED_snip>
syslog.conf file looks like this:
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> options {sync(0); };
source src_udp {udp(10.101.54.2) port(514); };
You'll need to declare the "internal" source too. See the FAQ and the links to example syslog-ng.conf files. -- Nate Campi http://www.campin.net --__--__-- Message: 10 Date: Thu, 19 Jun 2003 16:58:15 -0700 From: Nate Campi <nate@campin.net> To: syslog-ng@lists.balabit.hu Subject: Re: [syslog-ng]Need help...with SYSLOG-NG Reply-To: syslog-ng@lists.balabit.hu On Thu, Jun 19, 2003 at 05:14:55PM -0400, R Saroukhanian wrote:
Hello folks,
Could somebody help me with this error message I am getting when trying to run SYSLOG-NG?
Error message: No source refers to internal messages, they will go to /dev/null unresolved reference:src Error initializing configuration, exiting.
Here is my setup.
I installed syslog-ng version 1.6.0 r3 on my FreeBSD 4.8 box.
The overall plan is to collect log messages sent to by NTSyslog from a Windows 2000 box to SYSLOG-NG on the FreeBSD 4.8 box. For a test I have been starting and stopping a telnet service on my Windows 2000 box to pick up these events in the telnetlog file which I created on my FreeBSD computer.
Both syslog-ng and syslog-ng.conf file are located in /etc of the FreeBSD box.
I am logged in as root.
syslog.conf file looks like this:
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> options {sync(0); };
source src_udp {udp(10.101.54.2) port(514); };
destination telnet_d {file ("/var/log/telnetlog"); } ;
log {source (src_udp); destination (telnet_t); };
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
I didn't address the error that makes syslog-ng exit, how lame of me :( Here's what I think you want out of syslog-ng: #################################################### options { sync(0); }; source src_udp { udp(10.101.54.2) port(514); internal; }; destination telnet_d { file ("/var/log/telnetlog"); } ; log { source (src); destination (telnet_d); }; #################################################### I fixed the differing destination name, and make your source name consistent, and added the internal source. This should at least get your basic setup working. Sorry I didn't pay more attention the first time. -- Nate Campi http://www.campin.net --__--__-- Message: 11 Date: Thu, 19 Jun 2003 17:00:56 -0700 From: Nate Campi <nate@campin.net> To: syslog-ng@lists.balabit.hu Subject: Re: [syslog-ng]Need help...with SYSLOG-NG Reply-To: syslog-ng@lists.balabit.hu On Thu, Jun 19, 2003 at 04:58:15PM -0700, Nate Campi wrote:
source src_udp { udp(10.101.54.2) port(514); internal; };
Arg, make that "internal();" I promise not to reply to myself again on this thread, no matter how bad my next mistake is ;) -- Nate Campi http://www.campin.net --__--__-- _______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng End of syslog-ng Digest
On Fri, Jun 27, 2003 at 12:36:31PM -0400, R Saroukhanian wrote:
I made changes which both of you pointed out. However, my error message persists.
That is I am still getting " No source refers to internal messages, they will go to /dev/null unresolved reference:src Error initializing configuration, exiting." error message
Now, after the recommended changes, my syslog-ng.conf file looks like this:
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> options {sync(0); }; source src { udp(10.101.54.2) port(514); internal(); };
destination telnet_d {file ("/var/log/telnetlog"); } ; log {source (src); destination (telnet_d); };
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
I think it's the bad udp source, you're missing parentheses: udp(10.101.54.2) port(514); It needs to be: udp(ip("10.0.5.8") port(514)); -- Nate Campi http://www.campin.net
participants (2)
-
Nate Campi
-
R Saroukhanian