Hi folks, I'm new to syslog-ng. I'm trying to get it running on a bunch of Ubuntu 8.04 LTS and OEL 5.3 systems. For a start, I'm trying to get it working on 2 Ubuntu 8.04 LTS boxes. What I want is that all logging of all systems is sent to a central loghost. Systems do not need to keep a local logfile. So, I've shamelesly copied over a (as said working) config from another thread a few days ago on this list. The client part works, at least, the reload goed ok. However, on the server, the reload fails, giving no kind of warning or message whatsoever to hint where the problem lies. The configuration is as follows (With thanks to Siem Korteweg, from whom I copied the config over). Client & server: source s_internal { internal(); }; destination d_syslogng_log { file("/var/log/syslog-ng.log"); }; source s_local { unix-dgram("/dev/log"); file("/proc/kmsg" program_override("kernel:")); }; destination d_remote { tcp("10.0.13.152" port(514) ) ; }; destination d_local { file("/var/log/messages"); }; log { source( s_internal ); destination( d_remote ); }; log { source( s_internal ); destination( d_syslogng_log ); }; log { source( s_local ); destination( d_remote ); }; log { source( s_local ); destination( d_local ); }; On the central loghost, adittional lines are added: source s_network { tcp (ip("10.0.13.152") port(514)); }; destination d_network { file("/var/log/syslog-ng/hosts/$HOST_FROM/$R_YEAR/$R_MONTH/$R_YEAR-$R_MONTH-$R_DAY" create_dirs(yes)); }; log { source( s_network ); destination( d_network ); }; But, as said, a reload fails. Can someone help me out a little ? Oh, I am running syslog-ng 3.03, installed from the .deb package available on the website of Balabit. cheers and thanks in advance. Andy
Andy, which line of your server config is reported when the reload fails? regards, Siem Korteweg -----Oorspronkelijk bericht----- Van: syslog-ng-bounces@lists.balabit.hu namens Andy Kannberg Verzonden: wo 15-7-2009 16:45 Aan: syslog-ng@lists.balabit.hu Onderwerp: [syslog-ng] Another beginners problem Hi folks, I'm new to syslog-ng. I'm trying to get it running on a bunch of Ubuntu 8.04 LTS and OEL 5.3 systems. For a start, I'm trying to get it working on 2 Ubuntu 8.04 LTS boxes. What I want is that all logging of all systems is sent to a central loghost. Systems do not need to keep a local logfile. So, I've shamelesly copied over a (as said working) config from another thread a few days ago on this list. The client part works, at least, the reload goed ok. However, on the server, the reload fails, giving no kind of warning or message whatsoever to hint where the problem lies. The configuration is as follows (With thanks to Siem Korteweg, from whom I copied the config over). Client & server: source s_internal { internal(); }; destination d_syslogng_log { file("/var/log/syslog-ng.log"); }; source s_local { unix-dgram("/dev/log"); file("/proc/kmsg" program_override("kernel:")); }; destination d_remote { tcp("10.0.13.152" port(514) ) ; }; destination d_local { file("/var/log/messages"); }; log { source( s_internal ); destination( d_remote ); }; log { source( s_internal ); destination( d_syslogng_log ); }; log { source( s_local ); destination( d_remote ); }; log { source( s_local ); destination( d_local ); }; On the central loghost, adittional lines are added: source s_network { tcp (ip("10.0.13.152") port(514)); }; destination d_network { file("/var/log/syslog-ng/hosts/$HOST_FROM/$R_YEAR/$R_MONTH/$R_YEAR-$R_MONTH-$ R_DAY" create_dirs(yes)); }; log { source( s_network ); destination( d_network ); }; But, as said, a reload fails. Can someone help me out a little ? Oh, I am running syslog-ng 3.03, installed from the .deb package available on the website of Balabit. cheers and thanks in advance. Andy
Hello Siem, Woah, that is a quick response...! Anyway, it didn't give any line when it reported the fail. cheers, Andy 2009/7/15 Siem Korteweg <Siem.Korteweg@qnh.nl>
Andy,
which line of your server config is reported when the reload fails?
regards,
Siem Korteweg
-----Oorspronkelijk bericht----- Van: syslog-ng-bounces@lists.balabit.hu namens Andy Kannberg Verzonden: wo 15-7-2009 16:45 Aan: syslog-ng@lists.balabit.hu Onderwerp: [syslog-ng] Another beginners problem
Hi folks,
I'm new to syslog-ng. I'm trying to get it running on a bunch of Ubuntu 8.04 LTS and OEL 5.3 systems. For a start, I'm trying to get it working on 2 Ubuntu 8.04 LTS boxes. What I want is that all logging of all systems is sent to a central loghost. Systems do not need to keep a local logfile.
So, I've shamelesly copied over a (as said working) config from another thread a few days ago on this list. The client part works, at least, the reload goed ok. However, on the server, the reload fails, giving no kind of warning or message whatsoever to hint where the problem lies.
The configuration is as follows (With thanks to Siem Korteweg, from whom I copied the config over).
Client & server:
source s_internal { internal(); };
destination d_syslogng_log { file("/var/log/syslog-ng.log"); };
source s_local { unix-dgram("/dev/log"); file("/proc/kmsg" program_override("kernel:")); };
destination d_remote { tcp("10.0.13.152" port(514) ) ; };
destination d_local { file("/var/log/messages"); };
log { source( s_internal ); destination( d_remote ); }; log { source( s_internal ); destination( d_syslogng_log ); }; log { source( s_local ); destination( d_remote ); }; log { source( s_local ); destination( d_local ); };
On the central loghost, adittional lines are added:
source s_network { tcp (ip("10.0.13.152") port(514)); };
destination d_network {
file("/var/log/syslog-ng/hosts/$HOST_FROM/$R_YEAR/$R_MONTH/$R_YEAR-$R_MONTH-$ R_DAY" create_dirs(yes)); }; log { source( s_network ); destination( d_network ); };
But, as said, a reload fails. Can someone help me out a little ? Oh, I am running syslog-ng 3.03, installed from the .deb package available on the website of Balabit.
cheers and thanks in advance.
Andy
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.campin.net/syslog-ng/faq.html
Try syslog-ng -f <configfile> -s , if there's an obvious error it will show. On Wed, Jul 15, 2009 at 4:59 PM, Andy Kannberg<andy.kannberg@gmail.com> wrote:
Hello Siem,
Woah, that is a quick response...! Anyway, it didn't give any line when it reported the fail.
cheers, Andy
2009/7/15 Siem Korteweg <Siem.Korteweg@qnh.nl>
Andy,
which line of your server config is reported when the reload fails?
regards,
Siem Korteweg
-----Oorspronkelijk bericht----- Van: syslog-ng-bounces@lists.balabit.hu namens Andy Kannberg Verzonden: wo 15-7-2009 16:45 Aan: syslog-ng@lists.balabit.hu Onderwerp: [syslog-ng] Another beginners problem
Hi folks,
I'm new to syslog-ng. I'm trying to get it running on a bunch of Ubuntu 8.04 LTS and OEL 5.3 systems. For a start, I'm trying to get it working on 2 Ubuntu 8.04 LTS boxes. What I want is that all logging of all systems is sent to a central loghost. Systems do not need to keep a local logfile.
So, I've shamelesly copied over a (as said working) config from another thread a few days ago on this list. The client part works, at least, the reload goed ok. However, on the server, the reload fails, giving no kind of warning or message whatsoever to hint where the problem lies.
The configuration is as follows (With thanks to Siem Korteweg, from whom I copied the config over).
Client & server:
source s_internal { internal(); };
destination d_syslogng_log { file("/var/log/syslog-ng.log"); };
source s_local { unix-dgram("/dev/log"); file("/proc/kmsg" program_override("kernel:")); };
destination d_remote { tcp("10.0.13.152" port(514) ) ; };
destination d_local { file("/var/log/messages"); };
log { source( s_internal ); destination( d_remote ); }; log { source( s_internal ); destination( d_syslogng_log ); }; log { source( s_local ); destination( d_remote ); }; log { source( s_local ); destination( d_local ); };
On the central loghost, adittional lines are added:
source s_network { tcp (ip("10.0.13.152") port(514)); };
destination d_network {
file("/var/log/syslog-ng/hosts/$HOST_FROM/$R_YEAR/$R_MONTH/$R_YEAR-$R_MONTH-$ R_DAY" create_dirs(yes)); }; log { source( s_network ); destination( d_network ); };
But, as said, a reload fails. Can someone help me out a little ? Oh, I am running syslog-ng 3.03, installed from the .deb package available on the website of Balabit.
cheers and thanks in advance.
Andy
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.campin.net/syslog-ng/faq.html
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.campin.net/syslog-ng/faq.html
the reload fails, giving no kind of warning or message whatsoever
So in what sense does it fail? ________________________________ From: syslog-ng-bounces@lists.balabit.hu [mailto:syslog-ng-bounces@lists.balabit.hu] On Behalf Of Andy Kannberg Sent: 15 July 2009 15:45 To: syslog-ng@lists.balabit.hu Subject: [syslog-ng] Another beginners problem Hi folks, I'm new to syslog-ng. I'm trying to get it running on a bunch of Ubuntu 8.04 LTS and OEL 5.3 systems. For a start, I'm trying to get it working on 2 Ubuntu 8.04 LTS boxes. What I want is that all logging of all systems is sent to a central loghost. Systems do not need to keep a local logfile. So, I've shamelesly copied over a (as said working) config from another thread a few days ago on this list. The client part works, at least, the reload goed ok. However, on the server, the reload fails, giving no kind of warning or message whatsoever to hint where the problem lies. The configuration is as follows (With thanks to Siem Korteweg, from whom I copied the config over). Client & server: source s_internal { internal(); }; destination d_syslogng_log { file("/var/log/syslog-ng.log"); }; source s_local { unix-dgram("/dev/log"); file("/proc/kmsg" program_override("kernel:")); }; destination d_remote { tcp("10.0.13.152" port(514) ) ; }; destination d_local { file("/var/log/messages"); }; log { source( s_internal ); destination( d_remote ); }; log { source( s_internal ); destination( d_syslogng_log ); }; log { source( s_local ); destination( d_remote ); }; log { source( s_local ); destination( d_local ); }; On the central loghost, adittional lines are added: source s_network { tcp (ip("10.0.13.152") port(514)); }; destination d_network { file("/var/log/syslog-ng/hosts/$HOST_FROM/$R_YEAR/$R_MONTH/$R_YEAR-$R_MONTH-$R_DAY" create_dirs(yes)); }; log { source( s_network ); destination( d_network ); }; But, as said, a reload fails. Can someone help me out a little ? Oh, I am running syslog-ng 3.03, installed from the .deb package available on the website of Balabit. cheers and thanks in advance. Andy
It said FAIL in capital red lettlers. However, restarting the syslog-ng daemon went ok. Reloading again also went ok. So, I guess that problem is solved. However, I have no clue why it failed. I've checked overnight, and the logging works like a charm now. cheers & thanks for the fast response ! Andy 2009/7/15 Fegan, Joe <Joe.Fegan@hp.com>
the reload fails, giving no kind of warning or message whatsoever
So in what sense does it fail? ------------------------------ *From:* syslog-ng-bounces@lists.balabit.hu [mailto: syslog-ng-bounces@lists.balabit.hu] *On Behalf Of *Andy Kannberg *Sent:* 15 July 2009 15:45 *To:* syslog-ng@lists.balabit.hu *Subject:* [syslog-ng] Another beginners problem
Hi folks,
I'm new to syslog-ng. I'm trying to get it running on a bunch of Ubuntu 8.04 LTS and OEL 5.3 systems. For a start, I'm trying to get it working on 2 Ubuntu 8.04 LTS boxes. What I want is that all logging of all systems is sent to a central loghost. Systems do not need to keep a local logfile.
So, I've shamelesly copied over a (as said working) config from another thread a few days ago on this list. The client part works, at least, the reload goed ok. However, on the server, the reload fails, giving no kind of warning or message whatsoever to hint where the problem lies.
The configuration is as follows (With thanks to Siem Korteweg, from whom I copied the config over).
Client & server:
source s_internal { internal(); };
destination d_syslogng_log { file("/var/log/syslog-ng.log"); };
source s_local { unix-dgram("/dev/log"); file("/proc/kmsg" program_override("kernel:")); };
destination d_remote { tcp("10.0.13.152" port(514) ) ; };
destination d_local { file("/var/log/messages"); };
log { source( s_internal ); destination( d_remote ); }; log { source( s_internal ); destination( d_syslogng_log ); }; log { source( s_local ); destination( d_remote ); }; log { source( s_local ); destination( d_local ); };
On the central loghost, adittional lines are added:
source s_network { tcp (ip("10.0.13.152") port(514)); };
destination d_network { file("/var/log/syslog-ng/hosts/$HOST_FROM/$R_YEAR/$R_MONTH/$R_YEAR-$R_MONTH-$R_DAY" create_dirs(yes)); }; log { source( s_network ); destination( d_network ); };
But, as said, a reload fails. Can someone help me out a little ? Oh, I am running syslog-ng 3.03, installed from the .deb package available on the website of Balabit.
cheers and thanks in advance.
Andy
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.campin.net/syslog-ng/faq.html
participants (4)
-
Andy Kannberg
-
Fegan, Joe
-
Sandor Geller
-
Siem Korteweg