Betr.: [syslog-ng]centralized syslog-server.

Wed, 4 Dec 2002 15:39:28 +0100

Hi,

For the host you wrote:

 source s_send { udp(); internal();  };

This means you don't receive message from the local machine (something like
unix_dgram("/dev/log"); is missing).
So, are you sure you receive any messages on the host via UDP? I think
internal doesn't generate any messages by default (I read here last month).

Regards,
Esteban.

|---------+-------------------------------->
|         |           "Jon Hofstad"        |
|         |           <Jon.Hofstad@ergo.no>|
|         |           Verzonden door:      |
|         |           syslog-ng-admin@lists|
|         |           .balabit.hu          |
|         |                                |
|         |                                |
|         |           04-12-2002 15:24     |
|         |           Antwoord a.u.b. aan  |
|         |           syslog-ng            |
|         |                                |
|---------+-------------------------------->
  >-------------------------------------------------------------------------------------------------------------------------------|
  |       Aan:      "'syslog-ng@lists.balabit.hu'" <syslog-ng@lists.balabit.hu>                                                   |
  |       cc:                                                                                                                     |
  |Onderwerp:       [syslog-ng]centralized syslog-server.                                                                         |
  >-------------------------------------------------------------------------------------------------------------------------------|

Hello.

I`ve set up an syslog-ng server that will receive syslog-messages from
different hosts.
But I have some problems with my configuration.
I was hoping some one could point out what I`m doing wrong..

----------

This is the host`s configuration:

options { sync (0);
          time_reopen (10);
          log_fifo_size (1000);
          long_hostnames (off);
          use_dns (yes);
          use_fqdn (no);
          create_dirs (yes);
          keep_hostname (yes);
        };

source s_send { udp(); internal();  };

destination d_send { udp("192.168.80.94"); };

filter f_send       { level(info); };

log { source(s_send); filter(f_send); destination(d_send); };

---------------------

AND here`s the server-config:

options { sync (0);
          time_reopen (10);
          log_fifo_size (1000);
          long_hostnames (on);
          use_dns (yes);
          use_fqdn (no);
          create_dirs (yes);
          keep_hostname (yes);
        };

source crusher-1 { udp(); internal(); };

destination d_crusher-1 { file("/var/log/crusher-1"); };

filter f_crusher-1   { host("192.168.80.141"); }

log { source(local); filter(f_filter2); destination(d_mesg); };
-----------

I`ve been snooping my interfaces and the host doesn`t seem to send out any
messages via udp..

Hints are welcomed:)

/Jon Hofstad

_______________________________________________
syslog-ng maillist  -  syslog-ng@lists.balabit.hu
https://lists.balabit.hu/mailman/listinfo/syslog-ng
Frequently asked questions at http://www.campin.net/syslog-ng/faq.html

------------------------------------------------------------------------------

De Belastingdienst gebruikt e-mail niet voor officiele mededelingen.

==============================================================================