[syslog-ng]UDP syslog not being logged by syslog-ng

Hamilton, Andrew Andrew.Hamilton@afccc.af.mil
Wed, 29 Jan 2003 09:23:03 -0500


Did you check the log file for the log server host?  You have
keep_hostname(no) so I think that the machine will log as from the local log
server.  Check to see if they are in the local host log file.

Regards,

Drew

-----Original Message-----
From: Moxey, Joel, CND Tech Dev, VF UK
[mailto:Joel.Moxey@gb.vodafone.co.uk]
Sent: Wednesday, January 29, 2003 9:08 AM
To: syslog-ng@lists.balabit.hu
Subject: [syslog-ng]UDP syslog not being logged by syslog-ng


Hi!

I'm having some problems getting remote hosts to log as desired to a log
server.

I'm using version 1.4.17 on Red Hat with the following config:

#Start
options {
		sync(0);
		log_fifo_size(1000);
		use_dns(no);
		use_fqdn(no);
		create_dirs(no);
		keep_hostname(no);
};

source s_all {
		pipe("/proc/kmsg");
		unix-stream("/dev/log");
		udp(localip(A.B.C.D) localport(514));
		internal();
};

destination d_notauth { file("/systems/$HOST/messages" perm(0644)); };
destination d_auth { file("/systems/$HOST/authmsg"); };

filter f_notauth { not facility(auth, authprov); };
filter f_auth { facility(auth, authprov); };

log { source(s_all); filter(f_notauth); destination(d_notauth) };
log { source(s_all); filter(f_auth); destination(d_auth) };
#End

I have created appropriate directories for each remote host, and each host
has an entry in the /etc/hosts file.

Using logger, I have confirmed the config works as desired for the log
server. However, using logger on remote hosts (I've tried Solaris and Red
Hat), I can not seem to get the message written to file.

I have confirmed using tcpdump that the messages reach the log server, and
can see by netstat that the UDP socket is open.

I thought it might be because of the $HOST part, but also tried using
destinations without this to no success.

Any suggestions to what my problem might be?

Thanks for any help,

Joel

_______________________________________________
syslog-ng maillist  -  syslog-ng@lists.balabit.hu
https://lists.balabit.hu/mailman/listinfo/syslog-ng
Frequently asked questions at http://www.campin.net/syslog-ng/faq.html