[syslog-ng]central syslog server

Asif Iqbal syslog-ng@lists.balabit.hu
Wed, 31 Dec 2003 06:55:47 -0500


Asif Iqbal wrote:
> Asif Iqbal wrote:
> > Hi All
> > 
> > I am trying to setup a central syslog server. Server A will push all its data to
> > Server B (central syslog server, ip 1.2.3.4)
> > 
> > Server A:
> > *********
> > options { dir_perm(0755); perm(0644); chain_hostnames(no);
> >           keep_hostname(yes); };
> > 
> > source src {
> >         sun-streams("/dev/log");
> >         udp();
> >         internal();
> > };
> > 
> > destination d_server_B {
> >         udp("1.2.3.4" port(514));
> > };
> > 
> > log { source(src); destination(d_server_B); };
> > 
> > 
> > Server B:
> > **********
> > options { dir_perm(0755); perm(0644); chain_hostnames(no);
> >           keep_hostname(yes); };
> > 
> > source local {
> >         sun-streams("/dev/log");
> >         udp();
> >         internal();
> > };
> > 
> > destination d_mysql {
> > pipe("/tmp/mysql.pipe"
> > template("INSERT INTO logs (host, facility, priority, level, tag, date,
> > time, program, msg) VALUES ( '$HOST', '$FACILITY', '$PRIORITY', '$LEVEL',
> > '$TAG',
> > '$YEAR-$MONTH-$DAY', '$HOUR:$MIN:$SEC', '$PROGRAM', '$MSG' );\n")
> > template-escape(yes));
> > };
> > 
> > log { source(local); destination(d_mysql); };
> > 
> > But It does not seem to fully working. I get lots of logs in Server A from the
> > routers. However only logs that Server B (central syslog server) gets from
> > Server A are internal logs, nothing about the routers
> > 
> > Am I missing something ?
> > 
> > Thanks
> > -- 
> 
> Hi All
> 
> I am still looking for somehelp incase in got slipped through your email 
> 
> I am trying to collect all the logs from the router that get pushed on
> local0. I can definitely see them in syslogd but not in syslog-ng. Once
> I collect those data I should be able to push them to my central server
> Server B
> 
> Thanks for any help/suggestion
> 

Its working. I had to use udp(ip(1.2.3.4) port(514)) instead of just
udp() to receive logs coming from routers. Also my central log serer
working exactly how it is explained in the FAQ

Thanks a lot for such an awesome tool

-- 
Asif Iqbal
http://pgpkeys.mit.edu:11371/pks/lookup?op=get&search=0x8B686E08
There's no place like 127.0.0.1