[syslog-ng] Destination systax fail ??

Leonardo Marques de Souza leo@conectiva.com.br
Thu, 15 Jun 2000 11:52:16 -0300 (BRST) 

Its my full syslog-ng.conf


# ----8<------------------------------------------------------------------
#
# Syslog-ng configuração para o Conectiva Linux 5.1
#
# Copyright (c) 1999 Balazs Scheidler
# $Id: syslog-ng.conf,v 1.0 12/06/2000 12:30:41 bazsi Exp $
#
# Arquivo de configuração syslog-ng, compatible com o syslogd do Conectiva
#
# Adaptado por Leo
# Leonardo Marques de Souza <leo@conectiva.com.br>
#

# Opções Padrão
#options { long_hostnames(off); sync(0); };

# ------------------------
# Fontes de Leitura do Log
# ------------------------

# Leitura do /dev/log
source src { unix-stream("/dev/log"); internal(); };

# Leitura da porta UDP do syslog padrão (514)
#
# Por padrão, ele não esta ligado na instalação
# Para iniciá-lo, basta descomentar a linha abaixo

source net { udp(ip("10.0.2.4") port(514)); };

# ---------------------------
# Destino dos dados Filtrados
# ---------------------------

destination remotenet { udp(ip("10.0.0.10") port("514")); };
destination console { pipe("/dev/console"); };
destination messages { file("/var/log/messages"); };
destination secure { file("/var/log/secure"); };
destination maillog { file("/var/log/maillog"); };
destination spooler { file("/var/log/spooler"); };
destination boot { file("/var/log/boot.log"); };

# ------------------------
# Configuração dos filtros
# ------------------------

filter f_kern { facility(kern); };
filter f_mail { facility(mail); };
filter f_authpriv { facility(authpriv); };
filter f_uucp { facility(cron); };
filter f_news { facility(news); };
filter f_local7 { facility(local7); };

filter f_info { level(info); };
filter f_crit { level(crit); };
filter f_emerg { level(emerg); };
filter f_notice { level(notice); };

# ------------------------
# Arquivos de destino
# ------------------------

log { source(src); filter(f_kern); destination(console); };
log { source(src); filter(f_info); destination(messages); };
log { source(src); filter(f_authpriv); destination(secure); };
log { source(src); filter(f_mail); destination(maillog); };
log { source(src); filter(f_uucp); filter(f_crit); destination(spooler); };
log { source(src); filter(f_local7); destination(boot); };

#log { source(src); filter(f_authpriv); destination(remote_net); };

# ---8<---------------------------------------------------------



[root@patolino syslog-ng-1.4.4]# syslog-ng -d -v
parse error at 33
Parse error reading configuration file, exiting.
[root@patolino syslog-ng-1.4.4]# 


[root@patolino syslog-ng-1.4.4]# strace syslog-ng -d -v
[snips]
brk(0x8059000)                          = 0x8059000
open("/etc/syslog-ng/syslog-ng.conf", O_RDONLY) = 3
brk(0x805e000)                          = 0x805e000
ioctl(3, TCGETS, 0xbffff834)            = -1 ENOTTY (Inappropriate ioctl for device)
read(3, "#\n# Syslog-ng configura\347\343o para "..., 8192) = 2121
read(3, "", 6071)                       = 0
write(2, "parse error at 33\n", 18parse error at 33
)     = 18
close(3)                                = 0
write(2, "Parse error reading configuratio"..., 49Parse error reading configuration file, exiting.
) = 49
_exit(1)                                = ?
[root@patolino syslog-ng-1.4.4]# 

Sniff :( not works ...


a more SIMPLE conf :

---------8<-----------
options { long_hostnames(off); sync(0); };
source src { unix-stream("/dev/log"); internal(); };
source net { udp(ip(10.0.2.4) port(514)); };
destination messages { file("/var/log/messages"); };
destination remotenet { udp(ip("10.0.0.10") port("514")); };

filter f_info { level(info); };

log { source(src); filter(f_info); destination(messages); };
log { source(net); filter(f_info); destination(remotenet); };
------------8<-------------

[root@patolino syslog-ng]# syslog-ng -d -v
parse error at 5
Parse error reading configuration file, exiting.
[root@patolino syslog-ng]# 


other combinations:
source net { udp(ip("10.0.2.4") port("514")); };
source net { udp(10.0.2.4 514); };
source net { udp(10.0.2.4, 514); };
source net { udp("10.0.2.4" "514"); };
source net { udp(10.0.2.4) port(514); };
source net { udp(10.0.2.4); port(514); };
source net { udp(ip("10.0.2.4") port("514");); };
source net { udp(ip("10.0.2.4") { port("514")};); };

no way... i got same errors  :(((

I do not undersand the lex-algoritm in source code ...
i will try more...

Any Help?? I would like to do this program to work in our machines (remote
log) ...

What i doing wrong?? I see the manuals, helps, web-list.. :((
and why "destination" and "source" have diferent sintax??
too strange... :(

Its appers too simple, but i not got any coerent debug to undertand whats
happen..

Thanks in advanced,


Any help are wellcome.

Ps.: im still tring to do this program works with remote log, but fails.


Leonardo Marques de Souza
+--------------------------+
|      Conectiva S/A       |
|Curitiba - Paraná - Brazil|
|     Suporte Interno      |
+--------------------------+

On Thu, 15 Jun 2000, Hamilton, Andrew Mr. wrote:

> Yes, there is a problem the line should read
> 
> destination remotenet { udp("10.0.0.10" port(514)); };
> 

???
destination remotenet { udp("10.0.0.10"); port(514); };
destination remotenet { udp("10.0.0.10" {port("514")}; ); };

Thanks!! but i tried and nothing happens... 


> The port statement goes inside the parentheses since it is a function of udp
> for a destination.  sources are a little different.
hummm ok..
thanks!