[syslog-ng]Error message: No source refers to internal messages,

[R Saroukhanian]

Hi again!

Thank you Nate and Bob for responding.
I made changes which both of you pointed out.
However, my error message persists.

That is I am still getting=20
" No source refers to internal messages, they will go to /dev/null
 unresolved reference:src
 Error initializing configuration, exiting." error message

Now, after the recommended changes, my syslog-ng.conf file looks like =
this:

>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
options {sync(0); };
source src {
            udp(10.101.54.2) port(514);=20
	      internal();
};

destination telnet_d {file ("/var/log/telnetlog"); } ;
log {source (src);  destination (telnet_d); };

>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>


Specifically,=20
- "internal();" was referenced in the syslog-ng.conf file
- telnet_d was properly referenced in both destination and log...
- just in case I changed source src_udp to source src...and change log =
to look like "log {source (src);  destination (telnet_d); };"....this is =
because I am getting " unresolved reference:src" in the error message..

After, I made changes in the syslog-ng.conf AND rebooted the box (blame =
my Windows mentality) I ran syslog-ng manually from /etc and AGAIN  the =
same error message popped up.

Since, I have followed the editing recommendations from Nate Campi and =
Bob Lister and=20
I am still getting the same error message I am forced to think out of =
the box now.

Here are possible problem areas
1. SYSLOG-NG.CONF SYNTAX
2. SOMETHING WITH MY FREE BSD SET UP
3. Here is another problem area...the way I created telnetlog file in my =
/var/log folder is by way of running "vi telnetlog" and then exiting vi  =
by way of "ESC...:wq!...." .  This created the telnetlog file in =
/var/log which I CAN observe by way of l"s".
The doubts I have is whether syslog-ng is able to write into thus =
created telnetlog file...does syslog-ng like the format of thus created =
telnetlog?

Because, I am very new to FreeBSD I cannot be more specific in =
hypothesizing what is wrong with my FreeBSD...however...
I managed at a certain point to pick up logs from my NT box...some =
entries related to the Telnet service start and stop showed up in one of =
my log files.   At that point I had an assistance....from another =
person....not any more.

Since then we terminated SYSLOG service entirely....and also made some =
changes to the ORIGINAL syslog-ng-conf file that came with the syslog-ng =
installation.

Do you have any pointers...clues?  Which other factors may be causing =
this error message?

Here is round up of my setup:
SYSLOG-NG release 1.6.0 r3=20
FreeBSD 4.8 box
telnetlog created using vi
syslog-ng is in /etc
syslog-ng.conf is in /etc

My original posting is below.

I would greatly appreciate your suggestions.


Regards,

Ruben Saroukhanian





MY ORIGINAL POSTING IN SYSLOG-NG MAILING LIST....

> Hello folks,
>=3D20
> Could somebody help me with this error message I am getting when =3D
trying to run SYSLOG-NG?
>=3D20
> Error message:
> No source refers to internal messages, they will go to /dev/null
> unresolved reference:src
> Error initializing configuration, exiting.
>=3D20
> Here is my setup.
>=3D20
> I installed syslog-ng version 1.6.0 r3 on my FreeBSD 4.8 box.
>=3D20
> The overall plan is to collect log messages sent to by NTSyslog from a =
=3D
Windows 2000 box to SYSLOG-NG on the FreeBSD 4.8 box.
> For a test I have been starting and stopping a telnet service on my =
=3D
Windows 2000 box to pick  up these events in the telnetlog file which I =
=3D
created on my FreeBSD computer.
>=3D20
> Both syslog-ng and syslog-ng.conf file are located in /etc of the =3D
FreeBSD box.
>=3D20
> I am logged in as root.
>=3D20
> syslog.conf file looks like this:
>=3D20
> >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
> options {sync(0); };
>=3D20
> source src_udp {udp(10.101.54.2) port(514); };
>=3D20
> destination telnet_d {file ("/var/log/telnetlog"); } ;
>=3D20
> log {source (src_udp);  destination (telnet_t); };
>=3D20
> >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
>=3D20
>=3D20
> I run syslog-ng manually from inside /etc and get the error message =
=3D
listed above.
>=3D20
> Does the error message I am getting relate to syntax of the =3D
syslog-ng.conf or something else?
>=3D20
> Should I add a filter entry ...inside log statement argument? for it =
=3D
to lool like >>>>>>  log {source (src_udp);  filter (DEFAUILT); =3D
destination (telnet_t); }; ???
>=3D20
> I am looking forward to hearing from you.
>=3D20
> Please send a copy of your response to rex@piva.net.
>=3D20
> Thank you,
>=3D20
> Ruben Saroukhanian

--__--__--

Message: 8
Date: Thu, 19 Jun 2003 22:34:13 +0100
From: Robert Lister <robl@linx.net>
To: syslog-ng@lists.balabit.hu
Subject: Re: [syslog-ng]Need help...with SYSLOG-NG
Reply-To: syslog-ng@lists.balabit.hu

> >=20
> > >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
> > options {sync(0); };
> >=20
> > source src_udp {udp(10.101.54.2) port(514); };
> >=20
> > destination telnet_d {file ("/var/log/telnetlog"); } ;
----------------^^^^^^^^
=20
> > log {source (src_udp);  destination (telnet_t); };
-----------------------------------------^^^^^^^^

... maybe it relates to that?

Fix that and see what it does.

Rob


--=20
Robert Lister   -   London Internet Exchange    -  http://www.linx.net/
                -   tel: +44 (0)20 7645 3510    -  RL786-RIPE

--__--__--

Message: 9
Date: Thu, 19 Jun 2003 16:54:32 -0700
From: Nate Campi <nate@campin.net>
To: syslog-ng@lists.balabit.hu
Subject: Re: [syslog-ng]Need help...with SYSLOG-NG
Reply-To: syslog-ng@lists.balabit.hu

On Thu, Jun 19, 2003 at 05:14:55PM -0400, R Saroukhanian wrote:
> >=20
> > Error message:
> > No source refers to internal messages, they will go to /dev/null
> > unresolved reference:src
> > Error initializing configuration, exiting.

<DEFANGED_snip>

> > syslog.conf file looks like this:
> >=20
> > >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
> > options {sync(0); };
> >=20
> > source src_udp {udp(10.101.54.2) port(514); };
> >=20

You'll need to declare the "internal" source too. See the FAQ and the
links to example syslog-ng.conf files.
--=20
Nate Campi    http://www.campin.net=20

--__--__--

Message: 10
Date: Thu, 19 Jun 2003 16:58:15 -0700
From: Nate Campi <nate@campin.net>
To: syslog-ng@lists.balabit.hu
Subject: Re: [syslog-ng]Need help...with SYSLOG-NG
Reply-To: syslog-ng@lists.balabit.hu

On Thu, Jun 19, 2003 at 05:14:55PM -0400, R Saroukhanian wrote:
> > Hello folks,
> >=20
> > Could somebody help me with this error message I am getting when =
trying to run SYSLOG-NG?
> >=20
> > Error message:
> > No source refers to internal messages, they will go to /dev/null
> > unresolved reference:src
> > Error initializing configuration, exiting.
> >=20
> > Here is my setup.
> >=20
> > I installed syslog-ng version 1.6.0 r3 on my FreeBSD 4.8 box.
> >=20
> > The overall plan is to collect log messages sent to by NTSyslog from =
a Windows 2000 box to SYSLOG-NG on the FreeBSD 4.8 box.
> > For a test I have been starting and stopping a telnet service on my =
Windows 2000 box to pick  up these events in the telnetlog file which I =
created on my FreeBSD computer.
> >=20
> > Both syslog-ng and syslog-ng.conf file are located in /etc of the =
FreeBSD box.
> >=20
> > I am logged in as root.
> >=20
> > syslog.conf file looks like this:
> >=20
> > >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
> > options {sync(0); };
> >=20
> > source src_udp {udp(10.101.54.2) port(514); };
> >=20
> > destination telnet_d {file ("/var/log/telnetlog"); } ;
> >=20
> > log {source (src_udp);  destination (telnet_t); };
> >=20
> > >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

I didn't address the error that makes syslog-ng exit, how lame of me :(

Here's what I think you want out of syslog-ng:

####################################################
 options { sync(0); };

 source src_udp {
			udp(10.101.54.2) port(514);
			internal;
 };

 destination telnet_d { file ("/var/log/telnetlog"); } ;

 log {
	source (src);
	destination (telnet_d);
 };
####################################################

I fixed the differing destination name, and make your source name
consistent, and added the internal source. This should at least get your
basic setup working.

Sorry I didn't pay more attention the first time.
--=20
Nate Campi    http://www.campin.net=20

--__--__--

Message: 11
Date: Thu, 19 Jun 2003 17:00:56 -0700
From: Nate Campi <nate@campin.net>
To: syslog-ng@lists.balabit.hu
Subject: Re: [syslog-ng]Need help...with SYSLOG-NG
Reply-To: syslog-ng@lists.balabit.hu

On Thu, Jun 19, 2003 at 04:58:15PM -0700, Nate Campi wrote:
>=20
>  source src_udp {
> 			udp(10.101.54.2) port(514);
> 			internal;
>  };

Arg, make that "internal();" I promise not to reply to myself again on
this thread, no matter how bad my next mistake is ;)
--=20
Nate Campi    http://www.campin.net=20


--__--__--

_______________________________________________
syslog-ng maillist  -  syslog-ng@lists.balabit.hu
https://lists.balabit.hu/mailman/listinfo/syslog-ng


End of syslog-ng Digest