[syslog-ng]Trouble using syslog-ng on Solaris 8

Hamilton, Andrew Andrew.Hamilton@afccc.af.mil
Wed, 19 Feb 2003 13:42:38 -0500 

Your config looks ok.  If it is starting ok, make sure you are not still
running syslogd.  Also, you might try to log everything to a test log file
to make sure your host is what you expect in your filters.  You can set up
something like this:

destination all_net { file ("/var/log/net/$HOST.log"); };
log { source(local); source(net); destination(all_net); };

That would at least tell you the hosts that your syslog-ng daemon is seeing.
Also you can run syslog-ng with the "-dv" switch to see if syslog-ng is
actually catching the traffic.

Regards,

Drew

-----Original Message-----
From: Robin Brown [mailto:robin_brown@totalcomm.com]
Sent: Wednesday, February 19, 2003 1:36 PM
To: syslog-ng@lists.balabit.hu
Subject: [syslog-ng]Trouble using syslog-ng on Solaris 8


Hi, running solaris 8 and syslog-ng 1.5.26.  It all seems to start just
fine, no errors at startup or when running.  But none of the logs get
populated and I can see the UDP traffic is still coming in.  Any way to
see if it's simply not matching the host criteria for some reason?

Below is my config, any help is appreciated:


source net { udp(); };
source local { sun-streams("/dev/log"
door("/etc/.syslog_door"));internal(); };

filter f_mine { host("router1") or host("router2") or host("router3");
};
filter f_theirs { host("xxx.xxx.xxx.79"); };
filter f_next { host("xxx.xxx.xxx.230") or host ("xxx.xxx.xxx.129"); };
filter f_right { host("xxx.xxx.xxx.14"); };

destination mine { file("/var/log/mine.log"); };
destination theirs { file("/var/log/theirs.log"); };
destination next { file("/var/log/next.log"); };
destination right { file("/var/log/right.log"); };
destination all { file("/var/adm/messages"); };

log { source(net); filter(f_mine); destination(mine); };
log { source(net); filter(f_theirs); destination(theirs); };
log { source(net); filter(f_next); destination(next); };
log { source(net); filter(f_right); destination(right); };
log { source(local); destination(all); };


Regards,
Robin



_______________________________________________
syslog-ng maillist  -  syslog-ng@lists.balabit.hu
https://lists.balabit.hu/mailman/listinfo/syslog-ng
Frequently asked questions at http://www.campin.net/syslog-ng/faq.html