[syslog-ng]newbie problem
Henry Dziewa
HenryD@net2phone.com
Tue, 18 Sep 2001 12:29:13 -0400
This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.
------_=_NextPart_001_01C1405F.0D9ABCC0
Content-Type: text/plain
Hi there,
I just compiled and installed syslog-ng-1.5.9. Everything seems to be
working ok
but I'm not able to receive any traps from my cisco devices. I tried
multiple devices
and nothing seems to be getting to the syslog server. I know that they work
fine
with regular syslog on o0ther machines. I'm using Solaris 2.6.
Here is a config file I found on this list and tried to use:
options { time_reopen ( 0 );
sync ( 0 );
chain_hostnames ( no );
use_dns ( yes );
use_fqdn ( yes );
};
###########################################
# Global Source statments for the program
###########################################
source src { sun-streams ( "/dev/log" door( "/etc/.syslog_door" ));
internal ( );
# tcp ( max-connections( 1000 ) );
udp ( );
};
destination d_all_ms
{ file("/logs/machine_specific/$HOST/all.$YEAR$MONTH$DAY"
group(systems) perm(0664) dir_perm(0664) create_dirs(yes)
);};
destination d_cisco
{ file("/logs/cisco/cisco.messages" );};
# CISCO (local7) messages:
filter f_cisco { facility(local7); };
# NO CISCO (local7) messages:
filter f_no_cisco { not facility(local7); };
#Forward all messages to machine specific log monitored by system admins
log { source(src);
filter(f_no_cisco);
destination(d_all_ms);
};
# Log all messages coming in on local7 facility to
/logs/cisco/cisco.messages
log { source(src);
filter(f_cisco);
destination(d_cisco);
};
The only messages I'm getting is from d_all_ms for the local machine:
Sep 18 12:22:44 sys-backup syslog-ng[10513]: STATS: dropped 0
Sep 18 12:22:45 sys-backup syslog-ng[10513]: STATS: dropped 0
Sep 18 12:22:46 sys-backup syslog-ng[10513]: STATS: dropped 0
Sep 18 12:22:47 sys-backup syslog-ng[10513]: STATS: dropped 0
Any help would be very appreciated !
------_=_NextPart_001_01C1405F.0D9ABCC0
Content-Type: text/html
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; =
charset=3Dus-ascii">
<TITLE>Message</TITLE>
<META content=3D"MSHTML 5.50.4613.1700" name=3DGENERATOR></HEAD>
<BODY>
<DIV><SPAN class=3D250022716-18092001><FONT face=3DArial size=3D2>Hi=20
there,</FONT></SPAN></DIV>
<DIV><SPAN class=3D250022716-18092001><FONT face=3DArial=20
size=3D2></FONT></SPAN> </DIV>
<DIV><SPAN class=3D250022716-18092001><FONT face=3DArial size=3D2>I =
just compiled and=20
installed syslog-ng-1.5.9. Everything seems to be working =
ok</FONT></SPAN></DIV>
<DIV><SPAN class=3D250022716-18092001><FONT face=3DArial size=3D2>but =
I'm not able to=20
receive any traps from my cisco devices. I tried multiple=20
devices</FONT></SPAN></DIV>
<DIV><SPAN class=3D250022716-18092001><FONT face=3DArial size=3D2>and =
nothing seems to=20
be getting to the syslog server. I know that they work =
fine</FONT></SPAN></DIV>
<DIV><SPAN class=3D250022716-18092001><FONT face=3DArial size=3D2>with =
regular syslog=20
on o0ther machines. I'm using Solaris 2.6.</FONT></SPAN></DIV>
<DIV><SPAN class=3D250022716-18092001><FONT face=3DArial size=3D2>Here =
is a=20
config file I found on this list and tried to use:</FONT></SPAN></DIV>
<DIV><SPAN class=3D250022716-18092001><FONT face=3DArial=20
size=3D2></FONT></SPAN> </DIV>
<DIV><SPAN class=3D250022716-18092001><FONT face=3DArial =
size=3D2>options {=20
time_reopen ( 0 =20
);<BR> =20
sync =
(=20
0 =
);<BR> =20
chain_hostnames ( no =20
);<BR> =20
use_dns ( yes=20
);<BR> =20
use_fqdn ( yes=20
);<BR> =20
};</FONT></SPAN></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV><SPAN =
class=3D250022716-18092001>
<DIV><BR><FONT face=3DArial=20
size=3D2>###########################################<BR># Global Source =
statments=20
for the =
program<BR>###########################################<BR>source src {=20
sun-streams ( "/dev/log" door( "/etc/.syslog_door"=20
));<BR>  =
; =20
internal =20
(  =
;  =
;  =
; =20
);<BR>#  =
; =20
tcp ( max-connections( =
1000=20
)  =
; =20
);<BR> =
=20
udp =20
(  =
;  =
;  =
; =20
);<BR> =
=20
};</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>destination=20
d_all_ms<BR> =
=20
{=20
file("/logs/machine_specific/$HOST/all.$YEAR$MONTH$DAY"<BR> &=
nbsp; &=
nbsp; =20
group(systems) perm(0664) dir_perm(0664) create_dirs(yes) =
);};</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><BR><FONT face=3DArial size=3D2>destination=20
d_cisco<BR> &=
nbsp; =20
{ file("/logs/cisco/cisco.messages" );};</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><BR><FONT face=3DArial size=3D2># CISCO (local7) =
messages:<BR>filter f_cisco {=20
facility(local7); };</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2># NO CISCO (local7) =
messages:<BR>filter f_no_cisco=20
{ not facility(local7); };</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><BR><FONT face=3DArial size=3D2>#Forward all messages to machine =
specific log=20
monitored by system admins<BR>log {=20
source(src);<BR> =20
filter(f_no_cisco);<BR> =20
destination(d_all_ms);<BR> };</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2># Log all messages coming in on local7 =
facility to=20
/logs/cisco/cisco.messages<BR>log {=20
source(src);<BR> =20
filter(f_cisco);<BR> =20
destination(d_cisco);<BR> };</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><SPAN class=3D250022716-18092001><FONT face=3DArial size=3D2>The =
only messages=20
I'm getting is from d_all_ms for the local machine:</FONT></SPAN></DIV>
<DIV><SPAN class=3D250022716-18092001><FONT face=3DArial size=3D2>Sep =
18 12:22:44=20
sys-backup syslog-ng[10513]: STATS: dropped 0<BR>Sep 18 12:22:45 =
sys-backup=20
syslog-ng[10513]: STATS: dropped 0<BR>Sep 18 12:22:46 sys-backup=20
syslog-ng[10513]: STATS: dropped 0<BR>Sep 18 12:22:47 sys-backup=20
syslog-ng[10513]: STATS: dropped 0</FONT></SPAN></DIV>
<DIV><SPAN class=3D250022716-18092001><FONT face=3DArial=20
size=3D2></FONT></SPAN> </DIV>
<DIV><SPAN class=3D250022716-18092001><FONT face=3DArial size=3D2>Any =
help would be=20
very appreciated !</FONT></SPAN></SPAN></DIV></BODY></HTML>
------_=_NextPart_001_01C1405F.0D9ABCC0--