[syslog-ng]networking problems
Justin Scheiber (98030)
jscheibe@css.tayloru.edu
Mon, 14 May 2001 16:09:22 -0500 (EST)
I checked the archives, but no entries exactly described my problem. It
seems as though syslog-ng does not log properly over the network (at least
with my configuration). The configuration is supposed to send the data
across the network to a centralized logging machine. However, it seems as
though the data gets logged only out of random chance.
version:
syslog-ng-1.4.10
Here is a listing of the logs off the centralized logging machine:
SIZE DATE LOG FILES
0 Apr 12 16:02 machine1.automation.log
1760 Apr 18 19:21 machine1.security.log
0 Apr 17 00:01 machine2.automation.log
899 Apr 18 19:13 machine2.security.log
0 Apr 10 17:01 machine3.automation.log
3608 Apr 19 15:20 machine3.security.log
0 Apr 12 15:01 machine4.automation.log
903 Apr 23 04:59 machine4.error.log
14073 Apr 23 10:54 machine4.security.log
4618 Apr 18 19:48 machine5.security.log
0 Apr 10 17:01 machine5.automation.log
0 Apr 12 16:01 machine6.automation.log
1804 Apr 18 19:09 machine6.security.log
Here is the configuration file for the log host:
options { long_hostnames(off); sync(10); };
## sources ##
source local_src { unix-stream("/dev/log"); internal(); };
## external source (log messages from other machcines) ##
#source external_src { tcp(); };
source external_src { udp(ip(10.0.1.4) port(1800)); };
## destinations ##
destination kernel_dest { file("/var/log/kernel.log"); };
destination automation_dest { file("/var/log/automation.log"); };
destination security_dest { file("/var/log/security.log"); };
destination error_dest { file("/var/log/error.log"); };
destination eternal_peril_dest { file("/dev/null"); };
## destination for external logs ##
destination external_security_dest {
file("/export/hda3/log/$HOST.security.log"); };
destination external_automation_dest {
file("/export/hda3/log/$HOST.automation.log"); };
destination external_error_dest {
file("/export/hda3/log/$HOST.error.log"); };
## filters ##
filter kernel_filter { facility(kern); };
filter security_filter { match("connect")
or program("PAM_pwdb")
or match("pam")
or program("sshd")
or program("login")
or facility(security)
and not program("sendmail"); };
filter error_filter { level(crit..panic); };
filter automation_filter { program("runfixes"); };
filter eternal_peril_filter { program("gpm")
or program("talkd")
or program("gnome-name-server")
or program("automount")
or program("sendmail")
or program("CMD")
and level(debug..error); };
## log the messages ##
log { source(local_src); filter(kernel_filter);
destination(kernel_dest); };
log { source(local_src); filter(security_filter);
destination(security_dest); };
log { source(local_src); filter(automation_filter);
destination(automation_dest); };
log { source(local_src); filter(error_filter); filter(DEFAULT);
destination(error_dest); };
log { source(local_src); filter(eternal_peril_filter);
destination(eternal_peril_dest); };
The log-client configuration is almost identical, except it for a
destination
line: and the log lines:
destination remote_john { udp("10.0.1.4" port(1800)); };
log { source(local_src); filter(kernel_filter);
destination(kernel_dest); }
Any help would be appreciated.
-justin