RE: [syslog-ng] Destination systax fail ??
Yes, there is a problem the line should read destination remotenet { udp("10.0.0.10" port(514)); }; The port statement goes inside the parentheses since it is a function of udp for a destination. sources are a little different. Hope this helps. Drew
-----Original Message----- From: Leonardo Marques de Souza [SMTP:leo@conectiva.com.br] Sent: Wednesday, June 14, 2000 10:19 PM To: syslog-ng@lists.balabit.hu Subject: [syslog-ng] Destination systax fail ??
Helo,
I would like to know what's happen with syslog-ng.conf systax in this part of confiruration:
# --------8<-------------
# Leitura da porta UDP do syslog padrao (514) # # Por padrao, ele nao esta ligado na instalacao # Para inicia-lo, basta descomentar a linha abaixo
source net { udp(ip("10.0.2.4") port(514)); };
# --------------------------- # Destino dos dados Filtrados # ---------------------------
destination remotenet {udp(ip("10.0.0.10") port(514)); }; <-------(this part have errors ????) destination console { pipe("/dev/console"); }; destination messages { file("/var/log/messages"); }; destination secure { file("/var/log/secure"); }; destination maillog { file("/var/log/maillog"); }; destination spooler { file("/var/log/spooler"); }; destination boot { file("/var/log/boot.log"); };
# -------8<------------------
[root@patolino syslog-ng-1.4.4]# /usr/sbin/syslog-ng -d -v -f /etc/syslog-ng/syslog-ng.conf parse error at 33 Parse error reading configuration file, exiting. [root@patolino syslog-ng-1.4.4]#
(line 33 refers to destination remotenet ...)
i tryed this syntaxes: **** destination remotenet { udp(ip("10.0.0.10") port(514)); }; destination remotenet { udp(ip(10.0.0.10) port(514)); }; destination remotenet { udp(ip("10.0.0.10") port(514);); }; destination remotenet { udp(ip("10.0.0.10"); port(514)); }; destination remotenet { udp(ip("10.0.0.10"); port(514);); }; destination remotenet { udp(ip("10.0.0.10")); }; destination remotenet { tcp(ip("10.0.0.10") port(514)); }; destination remotenet { udp(ip(10.0.0.10) port(514);); }; destination rtteste { udp(ip("10.0.0.10") port(514)); }; destination remote_net { udp(ip("10.0.0.10") port(514) ); }; **
no sucess.. :(
egcs-1.1.2 glibc 2.1.3~ 2.1.2 libol-0.2.17 syslog-ng-1.4.4 kernel-2.2.16
Any one can help me?? who can i increase de Debug?? What i can do to fix that (in source font)? thanks..
PS.:
This program have any restriction?? Its realy 100% GPL?? We are thinking to put this program in our distribution here, in Brazil. I built a RPM package, but i trying to a log of tests in our servers (430 servers)... syslog fails to do that :(( lose data, do not restart veri well, use a lot os CPU... :((
i trying syslog-ng to eliminate (or decrese) this problems..
Thank's in advanced!!
Leonardo Marques de Souza +--------------------------+ | Conectiva S/A | |Curitiba - Parana - Brazil| | Suporte Interno | +--------------------------+
_______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu http://lists.balabit.hu/mailman/listinfo/syslog-ng
Its my full syslog-ng.conf # ----8<------------------------------------------------------------------ # # Syslog-ng configuração para o Conectiva Linux 5.1 # # Copyright (c) 1999 Balazs Scheidler # $Id: syslog-ng.conf,v 1.0 12/06/2000 12:30:41 bazsi Exp $ # # Arquivo de configuração syslog-ng, compatible com o syslogd do Conectiva # # Adaptado por Leo # Leonardo Marques de Souza <leo@conectiva.com.br> # # Opções Padrão #options { long_hostnames(off); sync(0); }; # ------------------------ # Fontes de Leitura do Log # ------------------------ # Leitura do /dev/log source src { unix-stream("/dev/log"); internal(); }; # Leitura da porta UDP do syslog padrão (514) # # Por padrão, ele não esta ligado na instalação # Para iniciá-lo, basta descomentar a linha abaixo source net { udp(ip("10.0.2.4") port(514)); }; # --------------------------- # Destino dos dados Filtrados # --------------------------- destination remotenet { udp(ip("10.0.0.10") port("514")); }; destination console { pipe("/dev/console"); }; destination messages { file("/var/log/messages"); }; destination secure { file("/var/log/secure"); }; destination maillog { file("/var/log/maillog"); }; destination spooler { file("/var/log/spooler"); }; destination boot { file("/var/log/boot.log"); }; # ------------------------ # Configuração dos filtros # ------------------------ filter f_kern { facility(kern); }; filter f_mail { facility(mail); }; filter f_authpriv { facility(authpriv); }; filter f_uucp { facility(cron); }; filter f_news { facility(news); }; filter f_local7 { facility(local7); }; filter f_info { level(info); }; filter f_crit { level(crit); }; filter f_emerg { level(emerg); }; filter f_notice { level(notice); }; # ------------------------ # Arquivos de destino # ------------------------ log { source(src); filter(f_kern); destination(console); }; log { source(src); filter(f_info); destination(messages); }; log { source(src); filter(f_authpriv); destination(secure); }; log { source(src); filter(f_mail); destination(maillog); }; log { source(src); filter(f_uucp); filter(f_crit); destination(spooler); }; log { source(src); filter(f_local7); destination(boot); }; #log { source(src); filter(f_authpriv); destination(remote_net); }; # ---8<--------------------------------------------------------- [root@patolino syslog-ng-1.4.4]# syslog-ng -d -v parse error at 33 Parse error reading configuration file, exiting. [root@patolino syslog-ng-1.4.4]# [root@patolino syslog-ng-1.4.4]# strace syslog-ng -d -v [snips] brk(0x8059000) = 0x8059000 open("/etc/syslog-ng/syslog-ng.conf", O_RDONLY) = 3 brk(0x805e000) = 0x805e000 ioctl(3, TCGETS, 0xbffff834) = -1 ENOTTY (Inappropriate ioctl for device) read(3, "#\n# Syslog-ng configura\347\343o para "..., 8192) = 2121 read(3, "", 6071) = 0 write(2, "parse error at 33\n", 18parse error at 33 ) = 18 close(3) = 0 write(2, "Parse error reading configuratio"..., 49Parse error reading configuration file, exiting. ) = 49 _exit(1) = ? [root@patolino syslog-ng-1.4.4]# Sniff :( not works ... a more SIMPLE conf : ---------8<----------- options { long_hostnames(off); sync(0); }; source src { unix-stream("/dev/log"); internal(); }; source net { udp(ip(10.0.2.4) port(514)); }; destination messages { file("/var/log/messages"); }; destination remotenet { udp(ip("10.0.0.10") port("514")); }; filter f_info { level(info); }; log { source(src); filter(f_info); destination(messages); }; log { source(net); filter(f_info); destination(remotenet); }; ------------8<------------- [root@patolino syslog-ng]# syslog-ng -d -v parse error at 5 Parse error reading configuration file, exiting. [root@patolino syslog-ng]# other combinations: source net { udp(ip("10.0.2.4") port("514")); }; source net { udp(10.0.2.4 514); }; source net { udp(10.0.2.4, 514); }; source net { udp("10.0.2.4" "514"); }; source net { udp(10.0.2.4) port(514); }; source net { udp(10.0.2.4); port(514); }; source net { udp(ip("10.0.2.4") port("514");); }; source net { udp(ip("10.0.2.4") { port("514")};); }; no way... i got same errors :((( I do not undersand the lex-algoritm in source code ... i will try more... Any Help?? I would like to do this program to work in our machines (remote log) ... What i doing wrong?? I see the manuals, helps, web-list.. :(( and why "destination" and "source" have diferent sintax?? too strange... :( Its appers too simple, but i not got any coerent debug to undertand whats happen.. Thanks in advanced, Any help are wellcome. Ps.: im still tring to do this program works with remote log, but fails. Leonardo Marques de Souza +--------------------------+ | Conectiva S/A | |Curitiba - Paraná - Brazil| | Suporte Interno | +--------------------------+ On Thu, 15 Jun 2000, Hamilton, Andrew Mr. wrote:
Yes, there is a problem the line should read
destination remotenet { udp("10.0.0.10" port(514)); };
??? destination remotenet { udp("10.0.0.10"); port(514); }; destination remotenet { udp("10.0.0.10" {port("514")}; ); }; Thanks!! but i tried and nothing happens...
The port statement goes inside the parentheses since it is a function of udp for a destination. sources are a little different. hummm ok.. thanks!
On Thu, Jun 15, 2000 at 11:52:16AM -0300, Leonardo Marques de Souza wrote:
Its my full syslog-ng.conf
# ----8<------------------------------------------------------------------ # # Syslog-ng configuraç?o para o Conectiva Linux 5.1 # # Copyright (c) 1999 Balazs Scheidler # $Id: syslog-ng.conf,v 1.0 12/06/2000 12:30:41 bazsi Exp $ # # Arquivo de configuraç?o syslog-ng, compatible com o syslogd do Conectiva # # Adaptado por Leo # Leonardo Marques de Souza <leo@conectiva.com.br> #
# Opç?es Padr?o #options { long_hostnames(off); sync(0); };
# ------------------------ # Fontes de Leitura do Log # ------------------------
# Leitura do /dev/log source src { unix-stream("/dev/log"); internal(); };
# Leitura da porta UDP do syslog padr?o (514) # # Por padr?o, ele n?o esta ligado na instalaç?o # Para iniciá-lo, basta descomentar a linha abaixo
source net { udp(ip("10.0.2.4") port(514)); };
# --------------------------- # Destino dos dados Filtrados # ---------------------------
destination remotenet { udp(ip("10.0.0.10") port("514")); };
this should be: destination remotenet { udp("10.0.0.10" port(514)); };
destination console { pipe("/dev/console"); }; destination messages { file("/var/log/messages"); }; destination secure { file("/var/log/secure"); }; destination maillog { file("/var/log/maillog"); }; destination spooler { file("/var/log/spooler"); }; destination boot { file("/var/log/boot.log"); };
# ------------------------ # Configuraç?o dos filtros # ------------------------
filter f_kern { facility(kern); }; filter f_mail { facility(mail); }; filter f_authpriv { facility(authpriv); }; filter f_uucp { facility(cron); }; filter f_news { facility(news); }; filter f_local7 { facility(local7); };
filter f_info { level(info); }; filter f_crit { level(crit); }; filter f_emerg { level(emerg); }; filter f_notice { level(notice); };
# ------------------------ # Arquivos de destino # ------------------------
log { source(src); filter(f_kern); destination(console); }; log { source(src); filter(f_info); destination(messages); }; log { source(src); filter(f_authpriv); destination(secure); }; log { source(src); filter(f_mail); destination(maillog); }; log { source(src); filter(f_uucp); filter(f_crit); destination(spooler); }; log { source(src); filter(f_local7); destination(boot); };
#log { source(src); filter(f_authpriv); destination(remote_net); };
# ---8<---------------------------------------------------------
a more SIMPLE conf :
---------8<----------- options { long_hostnames(off); sync(0); }; source src { unix-stream("/dev/log"); internal(); }; source net { udp(ip(10.0.2.4) port(514)); }; destination messages { file("/var/log/messages"); }; destination remotenet { udp(ip("10.0.0.10") port("514")); };
destination remotenet { udp("10.0.0.10" port(514)); };
filter f_info { level(info); };
log { source(src); filter(f_info); destination(messages); }; log { source(net); filter(f_info); destination(remotenet); }; ------------8<-------------
[root@patolino syslog-ng]# syslog-ng -d -v parse error at 5 Parse error reading configuration file, exiting. [root@patolino syslog-ng]#
other combinations: source net { udp(ip("10.0.2.4") port("514")); }; source net { udp(10.0.2.4 514); }; source net { udp(10.0.2.4, 514); }; source net { udp("10.0.2.4" "514"); }; source net { udp(10.0.2.4) port(514); }; source net { udp(10.0.2.4); port(514); }; source net { udp(ip("10.0.2.4") port("514");); }; source net { udp(ip("10.0.2.4") { port("514")};); };
no way... i got same errors :(((
I do not undersand the lex-algoritm in source code ... i will try more...
Any Help?? I would like to do this program to work in our machines (remote log) ...
What i doing wrong?? I see the manuals, helps, web-list.. :(( and why "destination" and "source" have diferent sintax?? too strange... :(
because udp and tcp sources have default IP address (0.0.0.0), specifying an IP is optional, thus it is using the optional parameters syntax.
participants (3)
-
Balazs Scheidler
-
Hamilton, Andrew Mr.
-
Leonardo Marques de Souza