[syslog-ng]Not remotely logging...

Matt Mencel mmatt@freew3.com
Wed, 23 May 2001 18:10:22 -0500


Hi all.  I'm hoping someone can help me with this because I'm stumped.

I'm running 1.4.11 and am trying to send my logs to another machine.  It is
working (kind of) for the messages log and some of the other logs though
sometimes it is extremely slow.  Sometimes taking an hour or more to get
logs to the other machine.  My main problem though is that my ftp and http
logs are not getting there at all.  My FTP server is set to log to the
LOCAL7 facility and is logging correctly to the machine it is on.  My remote
logger is not recieving anything however.  Same goes for my HTTP logs.  One
logs to LOCAL6 facility, and another is logging to a named_pipe file that
syslog-ng is "listening" to.  Both HTTP logs are working on the host box but
I get nothing at the remote logger.  I've included my .conf files from both
machines.  Any help at all would be appreciated.  Thanks.

Matt Mencel
matt@cmitech.com

************
MAIN SERVER CONF FILE
************
#
# Syslog-ng example configuration for for Debian GNU/Linux
#
# Copyright (c) 1999 anonymous
# Copyright (c) 1999 Balazs Scheidler
# $Id: syslog-ng.conf.sample,v 1.2 1999/11/15 12:30:41 bazsi Exp $
#
# Syslog-ng configuration file, compatible with default Debian syslogd
# installation.
#

options { long_hostnames(off); sync(0); log_fifo_size(1000);
gc_busy_threshold(5000); };

source src { unix-dgram("/var/run/log"); internal(); file("/dev/klog"); };
source httpd { pipe("/var/run/httpd-access"); };

destination authlog { file("/var/log/auth.log"); };
destination syslog { file("/var/log/syslog"); };
destination cron { file("/var/log/cron"); };
destination daemon { file("/var/log/daemonlog"); };
destination kern { file("/var/log/kern.log"); };
destination lpr { file("/var/log/lpr.log"); };
destination user { file("/var/log/userlog"); };
destination uucp { file("/var/log/uucp.log"); };
#destination ppp { file("/var/log/ppp.log"); };
destination mail { file("/var/log/maillog"); };

destination mailinfo { file("/var/log/mail.info"); };
destination mailwarn { file("/var/log/mail.warn"); };
destination mailerr { file("/var/log/mail.err"); };

#destination newscrit { file("/var/log/news/news.crit"); };
#destination newserr { file("/var/log/news/news.err"); };
#destination newsnotice { file("/var/log/news/news.notice"); };

destination debug { file("/var/log/debug"); };
destination messages { file("/var/log/messages"); };
destination console { usertty("root"); };
destination console_all { file("/dev/tty12"); };

#  Added/modified by Matt
destination ftpd { file("/var/log/ftp.log"); };
destination loghost { tcp("192.168.0.9" port(514)); };
destination httpd { file("/var/log/httpd-access.log"); };
destination httpderr { file("/var/log/httpd-error.log"); };

#destination xconsole { pipe("/dev/xconsole"); };

filter f_auth { facility(auth); };
filter f_authpriv { facility(auth, authpriv); };
filter f_syslog { not facility(authpriv, mail); };
filter f_cron { facility(cron); };
filter f_daemon { facility(daemon); };
filter f_kern { facility(kern); };
filter f_lpr { facility(lpr); };
filter f_mail { facility(mail); };
filter f_user { facility(user); };
filter f_uucp { facility(cron); };
#filter f_ppp { facility(ppp); };
#filter f_news { facility(news); };
filter f_debug { not facility(auth, authpriv, mail); };
filter f_messages { level(info..warn)
 and not facility(auth, authpriv, mail); };
filter f_emergency { level(emerg); };

filter f_info { level(info); };
filter f_notice { level(notice); };
filter f_warn { level(warn); };
filter f_crit { level(crit); };
filter f_err { level(err); };

#  Added/modified by Matt
filter f_ftpd { facility(local7); };
filter f_httpderr { facility(local6); };

log { source(src); filter(f_authpriv); destination(authlog); };
log { source(src); filter(f_syslog); destination(syslog); };
log { source(src); filter(f_cron); destination(cron); };
log { source(src); filter(f_daemon); destination(daemon); };
log { source(src); filter(f_kern); destination(kern); };
log { source(src); filter(f_lpr); destination(lpr); };
log { source(src); filter(f_mail); destination(mail); };
log { source(src); filter(f_user); destination(user); };
log { source(src); filter(f_uucp); destination(uucp); };
log { source(src); filter(f_mail); filter(f_info); destination(mailinfo); };
log { source(src); filter(f_mail); filter(f_warn); destination(mailwarn); };
log { source(src); filter(f_mail); filter(f_err); destination(mailerr); };
#log { source(src); filter(f_news); filter(f_crit);
destination(newscrit); };
#log { source(src); filter(f_news); filter(f_err); destination(newserr); };
#log { source(src); filter(f_news); filter(f_notice);
destination(newsnotice); };
log { source(src); filter(f_debug); destination(debug); };
log { source(src); filter(f_messages); destination(messages); };
log { source(src); filter(f_emergency); destination(console); };
#log { source(src); filter(f_ppp); destination(ppp); };
log { source(src); destination(console_all); };

# Added/modified by Matt
log { source(src); destination(loghost); };
log { source(src); filter(f_ftpd); destination(ftpd); };
log { source(httpd); destination(httpd); destination(loghost); };
log { source(src); filter(f_httpderr); destination(httpderr); };

************
REMOTE LOGGING SERVER CONF FILE
************
#
# Syslog-ng example configuration for for Debian GNU/Linux
#
# Copyright (c) 1999 anonymous
# Copyright (c) 1999 Balazs Scheidler
# $Id: syslog-ng.conf.sample,v 1.2 1999/11/15 12:30:41 bazsi Exp $
#
# Syslog-ng configuration file, compatible with default Debian syslogd
# installation.
#

options { long_hostnames(off); sync(0); log_fifo_size(1000);
gc_busy_threshold(5000); };

source src { unix-dgram("/var/run/log"); tcp(ip(192.168.0.9) port(514));
internal(); file("/dev/klog"); };

destination authlog { file("/var/log/auth.log"); };
destination syslog { file("/var/log/syslog"); };
destination cron { file("/var/log/cron"); };
destination daemon { file("/var/log/daemonlog"); };
destination kern { file("/var/log/kern.log"); };
destination lpr { file("/var/log/lpr.log"); };
destination user { file("/var/log/userlog"); };
destination uucp { file("/var/log/uucp.log"); };
#destination ppp { file("/var/log/ppp.log"); };
destination mail { file("/var/log/maillog"); };

destination mailinfo { file("/var/log/mail.info"); };
destination mailwarn { file("/var/log/mail.warn"); };
destination mailerr { file("/var/log/mail.err"); };

#destination newscrit { file("/var/log/news/news.crit"); };
#destination newserr { file("/var/log/news/news.err"); };
#destination newsnotice { file("/var/log/news/news.notice"); };

destination debug { file("/var/log/debug"); };
destination messages { file("/var/log/messages"); };
destination console { usertty("root"); };
destination console_all { file("/dev/tty12"); };

#destination xconsole { pipe("/dev/xconsole"); };

# Added/modified by Matt
destination ftpd { file("/var/log/ftp.log"); };
destination httpd { file("/var/log/httpd-access.log"); };
destination httpderr { file("/var/log/httpd-error.log"); };


filter f_auth { facility(auth); };
filter f_authpriv { facility(auth, authpriv); };
filter f_syslog { not facility(authpriv, mail); };
filter f_cron { facility(cron); };
filter f_daemon { facility(daemon); };
filter f_kern { facility(kern); };
filter f_lpr { facility(lpr); };
filter f_mail { facility(mail); };
filter f_user { facility(user); };
filter f_uucp { facility(cron); };
#filter f_ppp { facility(ppp); };
#filter f_news { facility(news); };
filter f_debug { not facility(auth, authpriv, mail); };
filter f_messages { level(info..warn)
 and not facility(auth, authpriv, mail); };
filter f_emergency { level(emerg); };

filter f_info { level(info); };
filter f_notice { level(notice); };
filter f_warn { level(warn); };
filter f_crit { level(crit); };
filter f_err { level(err); };

#  Added/modified by Matt
filter f_ftpd { facility(local7); };
filter f_httpderr { facility(local6); };
filter f_httpd { match("apache:"); };

log { source(src); filter(f_authpriv); destination(authlog); };
log { source(src); filter(f_syslog); destination(syslog); };
log { source(src); filter(f_cron); destination(cron); };
log { source(src); filter(f_daemon); destination(daemon); };
log { source(src); filter(f_kern); destination(kern); };
log { source(src); filter(f_lpr); destination(lpr); };
log { source(src); filter(f_mail); destination(mail); };
log { source(src); filter(f_user); destination(user); };
log { source(src); filter(f_uucp); destination(uucp); };
log { source(src); filter(f_mail); filter(f_info); destination(mailinfo); };
log { source(src); filter(f_mail); filter(f_warn); destination(mailwarn); };
log { source(src); filter(f_mail); filter(f_err); destination(mailerr); };
#log { source(src); filter(f_news); filter(f_crit);
destination(newscrit); };
#log { source(src); filter(f_news); filter(f_err); destination(newserr); };
#log { source(src); filter(f_news); filter(f_notice);
destination(newsnotice); };
log { source(src); filter(f_debug); destination(debug); };
log { source(src); filter(f_messages); destination(messages); };
log { source(src); filter(f_emergency); destination(console); };
#log { source(src); filter(f_ppp); destination(ppp); };
log { source(src); destination(console_all); };

#  Added/modified by Matt
log { source(src); filter(f_ftpd); destination(ftpd); };
log { source(src); filter(f_httpderr); destination(httpderr); };
log { source(src); filter(f_httpd); destination(httpd); };