[syslog-ng]Logging network messages in Solaris
Ripley, Scott
Scott.Ripley@mail.house.gov
Tue, 26 Jun 2001 11:31:28 -0400
This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.
------_=_NextPart_001_01C0FE55.112BC3D0
Content-Type: text/plain;
charset="iso-8859-1"
I have syslog-ng running successfully on several of our Solaris servers, but
I can't get it to work with our logging server. I have the following config:
source local { sun-streams("/dev/log" door("/etc/.syslog_door"));
internal(); };
source s_tcp { tcp(ip(0.0.0.0)); };
source s_udp { udp(); };
<...filters removed...>
log { source(local); filter (DEFAULT); destination(all); };
log { source(s_udp); filter (DEFAULT); destination(all); };
log { source(s_tcp); filter (DEFAULT); destination(all); };
I've simplified the config just to see if I can get messages to show up
anywhere. It's not logging any messages from network devices, although it
logs local messages just fine. I know the messages are getting there b/c
syslogd is logging them and I've sniffed the network to verify UDP and port
514.
I've also tried declaring the tcp and udp sources in the local definition.
I know this can work. What am I missing?
Scott Ripley
DNS Administrator, House Information Resources
202.226.2833 - mailto:scott.ripley@mail.house.gov
<mailto:scott.ripley@mail.house.gov>
------_=_NextPart_001_01C0FE55.112BC3D0
Content-Type: text/html;
charset="iso-8859-1"
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
<META content="MSHTML 5.50.4522.1800" name=GENERATOR></HEAD>
<BODY bgColor=#ffffff>
<DIV><FONT face=Arial size=2><SPAN class=865432215-26062001>I have syslog-ng
running successfully on several of our Solaris servers, but I can't get it to
work with our logging server. I have the following config:</SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN
class=865432215-26062001></SPAN></FONT> </DIV>
<DIV><FONT face=Arial size=2><SPAN class=865432215-26062001>source local {
sun-streams("/dev/log" door("/etc/.syslog_door")); internal(); };<BR>source
s_tcp { tcp(ip(0.0.0.0)); };<BR>source s_udp { udp(); };</SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN
class=865432215-26062001></SPAN></FONT> </DIV>
<DIV><FONT face=Arial size=2><SPAN class=865432215-26062001><...filters
removed...></DIV>
<DIV><BR></DIV></SPAN></FONT>
<DIV><FONT face=Arial size=2><SPAN class=865432215-26062001>log { source(local);
filter (DEFAULT); destination(all); };<BR>log { source(s_udp); filter (DEFAULT);
destination(all); };<BR>log { source(s_tcp); filter (DEFAULT); destination(all);
};</SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN
class=865432215-26062001></SPAN></FONT> </DIV>
<DIV><FONT face=Arial size=2><SPAN class=865432215-26062001>I've simplified the
config just to see if I can get messages to show up anywhere. It's not logging
any messages from network devices, although it logs local messages just fine. I
know the messages are getting there b/c syslogd is logging them and I've sniffed
the network to verify UDP and port 514.</SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN
class=865432215-26062001></SPAN></FONT> </DIV>
<DIV><FONT face=Arial size=2><SPAN class=865432215-26062001>I've also tried
declaring the tcp and udp sources in the local definition.</SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN
class=865432215-26062001></SPAN></FONT> </DIV>
<DIV><FONT face=Arial size=2><SPAN class=865432215-26062001>I know this
can work. What am I missing?</DIV>
<DIV><BR></SPAN></FONT><FONT face=Arial size=2>Scott Ripley</FONT> <BR><FONT
face=Arial size=2>DNS Administrator, House Information Resources</FONT>
<BR><FONT face=Arial size=2>202.226.2833 - <A target=_blank
href="mailto:scott.ripley@mail.house.gov">mailto:scott.ripley@mail.house.gov</A></FONT>
</DIV>
<DIV> </DIV></BODY></HTML>
------_=_NextPart_001_01C0FE55.112BC3D0--