[syslog-ng]UDP syslog not being logged by syslog-ng
Moxey, Joel, CND Tech Dev, VF UK
Joel.Moxey@gb.vodafone.co.uk
Wed, 29 Jan 2003 14:07:41 -0000
Hi!
I'm having some problems getting remote hosts to log as desired to a log =
server.
I'm using version 1.4.17 on Red Hat with the following config:
#Start
options {
sync(0);
log_fifo_size(1000);
use_dns(no);
use_fqdn(no);
create_dirs(no);
keep_hostname(no);
};
source s_all {
pipe("/proc/kmsg");
unix-stream("/dev/log");
udp(localip(A.B.C.D) localport(514));
internal();
};
destination d_notauth { file("/systems/$HOST/messages" perm(0644)); };
destination d_auth { file("/systems/$HOST/authmsg"); };
filter f_notauth { not facility(auth, authprov); };
filter f_auth { facility(auth, authprov); };
log { source(s_all); filter(f_notauth); destination(d_notauth) };
log { source(s_all); filter(f_auth); destination(d_auth) };
#End
I have created appropriate directories for each remote host, and each =
host has an entry in the /etc/hosts file.
Using logger, I have confirmed the config works as desired for the log =
server. However, using logger on remote hosts (I've tried Solaris and =
Red Hat), I can not seem to get the message written to file.
I have confirmed using tcpdump that the messages reach the log server, =
and can see by netstat that the UDP socket is open.
I thought it might be because of the $HOST part, but also tried using =
destinations without this to no success.
Any suggestions to what my problem might be?
Thanks for any help,
Joel