[syslog-ng]UDP syslog not being logged by syslog-ng
Hamilton, Andrew
Andrew.Hamilton@afccc.af.mil
Wed, 29 Jan 2003 13:22:02 -0500
Glad you figured it out.
Drew
-----Original Message-----
From: Moxey, Joel, CND Tech Dev, VF UK
[mailto:Joel.Moxey@gb.vodafone.co.uk]
Sent: Wednesday, January 29, 2003 1:11 PM
To: syslog-ng@lists.balabit.hu
Subject: RE: [syslog-ng]UDP syslog not being logged by syslog-ng
Drew,
Thanks for you help.
It was me being stupid! It's the Red Hat firewall stopping it working!
Joel
-----Original Message-----
From: Hamilton, Andrew [mailto:Andrew.Hamilton@afccc.af.mil]
Sent: 29 January 2003 5:14 pm
To: syslog-ng@lists.balabit.hu
Subject: RE: [syslog-ng]UDP syslog not being logged by syslog-ng
Joel,
I'm not sure this will really make a difference and it may just be a typo in
the message, but in the filters you have authprov which should be authpriv,
I believe. You could also try logging just source, destination and not use
any filters to see what you are getting.
Regards,
Drew
-----Original Message-----
From: Moxey, Joel, CND Tech Dev, VF UK
[mailto:Joel.Moxey@gb.vodafone.co.uk]
Sent: Wednesday, January 29, 2003 12:02 PM
To: syslog-ng@lists.balabit.hu
Subject: RE: [syslog-ng]UDP syslog not being logged by syslog-ng
They are in the local log files either.
I tried changing the parameter to yes and still no success.
Thanks for the ideas so far...
Joel
-----Original Message-----
From: Hamilton, Andrew [mailto:Andrew.Hamilton@afccc.af.mil]
Sent: 29 January 2003 2:23 pm
To: syslog-ng@lists.balabit.hu
Subject: RE: [syslog-ng]UDP syslog not being logged by syslog-ng
Did you check the log file for the log server host? You have
keep_hostname(no) so I think that the machine will log as from the local log
server. Check to see if they are in the local host log file.
Regards,
Drew
-----Original Message-----
From: Moxey, Joel, CND Tech Dev, VF UK
[mailto:Joel.Moxey@gb.vodafone.co.uk]
Sent: Wednesday, January 29, 2003 9:08 AM
To: syslog-ng@lists.balabit.hu
Subject: [syslog-ng]UDP syslog not being logged by syslog-ng
Hi!
I'm having some problems getting remote hosts to log as desired to a log
server.
I'm using version 1.4.17 on Red Hat with the following config:
#Start
options {
sync(0);
log_fifo_size(1000);
use_dns(no);
use_fqdn(no);
create_dirs(no);
keep_hostname(no);
};
source s_all {
pipe("/proc/kmsg");
unix-stream("/dev/log");
udp(localip(A.B.C.D) localport(514));
internal();
};
destination d_notauth { file("/systems/$HOST/messages" perm(0644)); };
destination d_auth { file("/systems/$HOST/authmsg"); };
filter f_notauth { not facility(auth, authprov); };
filter f_auth { facility(auth, authprov); };
log { source(s_all); filter(f_notauth); destination(d_notauth) };
log { source(s_all); filter(f_auth); destination(d_auth) };
#End
I have created appropriate directories for each remote host, and each host
has an entry in the /etc/hosts file.
Using logger, I have confirmed the config works as desired for the log
server. However, using logger on remote hosts (I've tried Solaris and Red
Hat), I can not seem to get the message written to file.
I have confirmed using tcpdump that the messages reach the log server, and
can see by netstat that the UDP socket is open.
I thought it might be because of the $HOST part, but also tried using
destinations without this to no success.
Any suggestions to what my problem might be?
Thanks for any help,
Joel
_______________________________________________
syslog-ng maillist - syslog-ng@lists.balabit.hu
https://lists.balabit.hu/mailman/listinfo/syslog-ng
Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
_______________________________________________
syslog-ng maillist - syslog-ng@lists.balabit.hu
https://lists.balabit.hu/mailman/listinfo/syslog-ng
Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
_______________________________________________
syslog-ng maillist - syslog-ng@lists.balabit.hu
https://lists.balabit.hu/mailman/listinfo/syslog-ng
Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
_______________________________________________
syslog-ng maillist - syslog-ng@lists.balabit.hu
https://lists.balabit.hu/mailman/listinfo/syslog-ng
Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
_______________________________________________
syslog-ng maillist - syslog-ng@lists.balabit.hu
https://lists.balabit.hu/mailman/listinfo/syslog-ng
Frequently asked questions at http://www.campin.net/syslog-ng/faq.html