Able to connect but not logging
Hullo Users; I am using syslog-ng 3.3.4 and my client is able to connect but not logging to the central logging server. my syslog-ng.conf on server side is @version: 3.3 # Default syslog-ng configuration for Slackware # For info about the format of this file, see "man syslog-ng.conf" # Converted from sysklogd (syslog.conf) by mario@slackverse.org options { flush_lines (0); time_reopen (10); time_reap(360); # log_fifo_size (10240); # log_msg_size (8192); chain_hostnames (no); use_dns (no); use_fqdn (no); create_dirs (yes); keep_hostname (yes); owner("root"); group("root"); dir_owner(root); # dir_group(logs); dir_perm(0750); perm(0640); stats_freq (3600); check_hostname (yes); dns_cache (yes); threaded(yes); mark_freq(600); }; source system { internal(); unix-stream("/dev/log"); udp(); tcp(max_connections(100)); }; filter f_messages { level(info,notice) and not facility(authpriv,cron,mail,news); }; filter f_syslog { level(warn..emerg) and not facility(authpriv,cron,mail,news); }; filter f_debug { level(debug); }; filter f_authpriv { facility(authpriv); }; filter f_cron { facility(cron); }; filter f_mail { facility(mail); }; filter f_emerg { level(emerg); }; filter f_uucp { facility(uucp); }; destination d_messages { file("/var/log/messages"); }; destination d_syslog { file("/var/log/syslog"); }; destination d_debug { file("/var/log/debug"); }; destination d_secure { file("/var/log/secure"); }; destination d_cron { file("/var/log/cron"); }; destination d_maillog { file("/var/log/maillog"); }; destination d_usertty { usertty("*"); }; destination d_spooler { file("/var/log/spooler"); }; # Log anything 'info' or higher, but lower than 'warn'. # Exclude authpriv, cron, mail, and news. These are logged elsewhere. log { source(system); filter(f_messages); destination(d_messages); }; # Log anything 'warn' or higher. # Exclude authpriv, cron, mail, and news. These are logged elsewhere. log { source(system); filter(f_syslog); destination(d_syslog); }; # Debugging information is logged here. log { source(system); filter(f_debug); destination(d_debug); }; # Private authentication message logging: log { source(system); filter(f_authpriv); destination(d_secure); }; # Cron related logs: log { source(system); filter(f_cron); destination(d_cron); }; # Mail related logs: log { source(system); filter(f_mail); destination(d_maillog); }; # Emergency level messages go to all users: log { source(system); filter(f_emerg); destination(d_usertty); }; # This log is for news and uucp errors: log { source(system); filter(f_uucp); destination(d_spooler); }; # Uncomment this to see kernel messages on the console. #filter f_kern { facility(kern); }; #destination d_console { file("/dev/console"); }; #log { source(system); filter(f_kern); destination(d_console); }; # Uncomment these if you'd like INN to keep logs on everything. # You won't need this if you don't run INN (the InterNetNews daemon). #filter f_news_crit { facility(news) and level(crit); }; #filter f_news_err { facility(news) and level(err); }; #filter f_news_notice { facility(news) and level(notice); }; #destination d_news_crit { file("/var/log/news/news.crit"); }; #destination d_news_err { file("/var/log/news/news.err"); }; #destination d_news_notice { file("/var/log/news/news.notice"); }; #log { source(system); filter(f_news_crit); destination(d_news_crit); }; #log { source(system); filter(f_news_err); destination(d_news_err); }; #log { source(system); filter(f_news_notice); destination(f_news_notice); }; # Remote logging source s_remote { tcp(ip(0.0.0.0) port(514)); udp(ip(0.0.0.0) port(514)); }; destination logpile { file("/var/log/$HOST/$YEAR/$MONTH/$FACILITY.$YEAR$MONTH$DAY" owner(root) group(root) perm(0600) create_dirs(yes) dir_perm(0700)); }; log { source(system); destination(logpile); }; Cleint syslog-ng.conf I just added the lines belo to the server file above # Remote logging destination logpile { file("/var/log/$HOST/$YEAR/$MONTH/$FACILITY.$YEAR$MONTH$DAY" owner(root) group(root) perm(0600) create_dirs(yes) dir_perm(0700)); }; destination remote { tcp("196.43.133.98" port(514)); }; log { source(system); destination(logpile); }; log { source(system); destination(remote); }; testing for connection root@client:/# lsof -i | grep syslog-ng syslog-ng 18339 root 9u IPv4 37485820 0t0 UDP *:syslog syslog-ng 18339 root 10u IPv4 37485822 0t0 TCP *:shell (LISTEN) syslog-ng 18339 root 11u IPv4 37485824 0t0 TCP client:48305-> syslog server:shell (ESTABLISHED) I am not seeing any logging being registered . How can i solve this and where have i gone wrong. Thanx i advance
kibirango moses <kibsmoses@gmail.com> writes: [server config] [...]
source system { internal(); unix-stream("/dev/log"); udp(); tcp(max_connections(100)); }; [...] # Remote logging source s_remote { tcp(ip(0.0.0.0) port(514)); udp(ip(0.0.0.0) port(514)); };
These two conflict. the system source will already bind to port 514, both on udp and on tcp, so the s_remote source will not be able to. Therefore, nothing will ever arrive from there, and as a consequence, nothing will make it into the logpile destination, either.
I am not seeing any logging being registered . How can i solve this and where have i gone wrong.
In general, if you run syslog-ng in the foreground, with verbose mode and debugging enabled (-Fvde), it will tell you a lot more about what is happening. -- |8]
participants (2)
-
Gergely Nagy
-
kibirango moses