[syslog-ng]syslog-ng

Hamilton, Andrew syslog-ng@lists.balabit.hu
Mon, 14 Apr 2003 08:38:07 -0400 

See embedded remarks...

Regards,

Drew

-----Original Message-----
From: Hong Tian [mailto:htian@ias.edu]
Sent: Friday, April 11, 2003 5:51 PM
To: 'syslog-ng@lists.balabit.hu'
Subject: [syslog-ng]syslog-ng


Hi,

Our purpose is to set up a syslog-ng server to receive the log messages from
other unix servers (linux and solaris) based on each hostname.

I am setting syslog-ng 1.6 on Red Hat 7.3 for the first time. The compiling
installation looks ok (./configure, make, and make install) on both
libol-0.3.9 and syslog-ng-1.6.0rc1.

After compiling I copied a starup script and a syslog-ng.conf as followings:
# cp syslog-ng-1.6.0rc1/contrib/syslog-ng.conf.RedHat
/etc/syslog-ng/syslog-ng.conf
# cp syslog-ng-1.6.0rc1/contrib/init.d.RedHat-7.3 /etc/init.d/syslog-ng
# /etc/init.d/syslog stop
# /etc/init.d/syslog-ng start
   Starting syslog-ng: Cannot open configuration file 
   /usr/local/etc/syslog-ng/syslog-ng.conf for reading 
   Parse error reading configuration file, exiting. (line 1)
                                              [Failed]

Only after I moved syslog-ng.conf to /usr/local/etc/syslog-ng, syslog-ng
could start.
# mv /etc/syslog-ng/syslog-ng.conf /usr/local/etc/syslog-ng
# /etc/init.d/syslog-ng start
Starting syslog-ng:                           [ OK ]

(1) My question is why it forced me to use /usr/local/etc/syslog-ng instead
of default location of /etc/syslog-ng/syslog-ng.conf?

****  /usr/local/etc/syslog-ng is the default not /etc/syslog-ng, you can
either
****   modify this at compile time or start syslog-ng with the -f flag and
point
****   it to /etc/syslog-ng/syslog-ng.conf

(2) After starting syslog-ng, I am trying to set up a basic config file to
receive log messages from each Unix servers based on hostname. I am look for
the good examples of a basic config file for my requirments. Could anyone
provide some information?

****  You can use a destination with a predfined macro called $HOST i.e.
****   destination d_hosts { file("/var/log/hosts/$HOST.log"); };


(3) I think that I only need to install syslog-ng on the central log server.
I don't need to install syslog-ng on every Unix servers, am I right? If I
don't need to install syslog-ng on each syslog-ng client, should I do
anything on each syslog-ng client? 

****  This is correct.  You don't have to use syslog-ng on the clients.
****  Unless you want to use something like tcp.

Thanks,
Hong

_______________________________________________
syslog-ng maillist  -  syslog-ng@lists.balabit.hu
https://lists.balabit.hu/mailman/listinfo/syslog-ng
Frequently asked questions at http://www.campin.net/syslog-ng/faq.html