syslog-ng 2.0.4, Solaris 10, attempting to replace syslogd on Solaris. I stopped syslogd before starting syslog-ng on my system and I keep getting the below error messages in /var/adm/messages: (ps -ef shows syslog-ng is running) Aug 23 14:39:52 server1 syslog-ng[7764]: Connection failed; error='Connection refused (146)' Aug 23 14:39:52 server1 syslog-ng[7764]: Initiating connection failed, reconnecting; time_reopen='10' I've edited /etc/inet/services to include port 5140 and stop/start inetd via Solaris smf (svcadm). Was there something else I need to make the port open or perhaps something in syslog-ng.conf? Additionally, I used the config file from http://www.campin.net/syslog-ng/solaris-conf.txt and only make changes to the "destination loghost" is there anything specific to Solaris 10 that I need to add/remove in the configuration file? Thank you for any pointers. Regards, -- Mike ____________________________________________________________________________________ Fussy? Opinionated? Impossible to please? Perfect. Join Yahoo!'s user panel and lay it on us. http://surveylink.yahoo.com/gmrs/yahoo_panel_invite.asp?a=7
On 8/24/07, mailing list <sunlist@yahoo.com> wrote:
syslog-ng 2.0.4, Solaris 10, attempting to replace syslogd on Solaris. I stopped syslogd before starting syslog-ng on my system and I keep getting the below error messages in /var/adm/messages: (ps -ef shows syslog-ng is running)
Aug 23 14:39:52 server1 syslog-ng[7764]: Connection failed; error='Connection refused (146)' Aug 23 14:39:52 server1 syslog-ng[7764]: Initiating connection failed, reconnecting; time_reopen='10'
I got the same message when one of of my tcp-destinations was not available ... tcp("192.168.1.254" port(5140)) is a remote syslog server of yours? can you connect to this port from your server?
I've edited /etc/inet/services to include port 5140 and stop/start inetd via Solaris smf (svcadm). Was there something else I need to make the port open or perhaps something in syslog-ng.conf?
hmm .... I don't understand this question .... what has the syslog-ng server to do with the inetd???? If you have a remote syslog-ng server running on host 192.168.1.254 you have to include a line like: source loghost { tcp(192.168.1.254 port(5140)); }; .... in the syslog-ng config of host 192.168.1.254 to let syslog-ng listen on that port and receive remote syslog messages. Regards, Andreas
Additionally, I used the config file from http://www.campin.net/syslog-ng/solaris-conf.txt and only make changes to the "destination loghost" is there anything specific to Solaris 10 that I need to add/remove in the configuration file?
Thank you for any pointers.
Regards,
-- Mike
____________________________________________________________________________________ Fussy? Opinionated? Impossible to please? Perfect. Join Yahoo!'s user panel and lay it on us. http://surveylink.yahoo.com/gmrs/yahoo_panel_invite.asp?a=7
_______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
Basically, I just installed syslog-ng on my server (server1) and I want this server to be the main log server. - Do I need to replace all the "destination" portion with "source" to allow server1 to be the main log server? and other servers to forward their logs to server1 with destination loghost { tcp(server1.domain.com port(5140)); }; - Next, don't I need to open up port 5140 for syslog-ng? which I did in /etc/services (and rehup inetd) and configure it in my firewall but it seems 5140 is still not open... $ telnet 127.0.0.1 5140 Trying 127.0.0.1... telnet: Unable to connect to remote host: Connection refused My goal is to setup server1 to be the main log server, and other servers to forward their logs onto server1. Thanks. -- Mike ____________________________________________________________________________________ Need a vacation? Get great deals to amazing places on Yahoo! Travel. http://travel.yahoo.com/
On 8/24/07, mailing list <sunlist@yahoo.com> wrote:
Basically, I just installed syslog-ng on my server (server1) and I want this server to be the main log server.
- Do I need to replace all the "destination" portion with "source" to allow server1 to be the main log server? and other servers to forward their logs to
No, but you can remove the "destination loghost" entry on server1 as there should be no need to send local messages on server1 to itself again on the network.
server1 with
destination loghost { tcp(server1.domain.com port(5140)); };
You need a network source entry on server1 like: source loghost { tcp( ip(w.x.y.z) port(5140)); }; and add "source (loghost);" to your log entries on server1. ... and the remote hosts need a destination entry like: destination loghost { tcp("w.x.y.z" port(5140)); };
- Next, don't I need to open up port 5140 for syslog-ng? which I did in /etc/services (and rehup inetd) and configure it in my firewall but it seems 5140 is still not open...
$ telnet 127.0.0.1 5140 Trying 127.0.0.1... telnet: Unable to connect to remote host: Connection refused
If you inlcude the tcp source entry in your syslog-ng config, syslog-ng will open&listen to the defined port .... no need for inetd, of course firewalls have to be adopted. I recommend reading the documentation on: http://www.balabit.com/dl/html/syslog-ng-admin-guide_en.html/index.html ... it includes a lot of useful examples. Regards, Andreas
My goal is to setup server1 to be the main log server, and other servers to forward their logs onto server1.
Thanks.
-- Mike
____________________________________________________________________________________ Need a vacation? Get great deals to amazing places on Yahoo! Travel. http://travel.yahoo.com/ _______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
participants (2)
-
Andreas Kurz
-
mailing list