[syslog-ng]Newbie question

Vilmos Branyik syslog-ng@lists.balabit.hu
Sun, 9 Mar 2003 10:02:34 -0700 

Nate,

Thanks for the response. I'm going to combine the answer from both your
emails in this one.

I took out the duplicate "source src" line but that didn't help.
I changed the filter f_messages line as well, also no help.

**Note below for those that may find this in a search some day in the
future**
I had changed that from the original in the example file (from the FAQ):
filter f_messages { level(info..emerg) and not facility(mail,lpr); }
To:
filter f_messages { level(info.emerg) and not facility(mail,lpr); }

I should have known it would be a comma.

syslog-ng starts just fine and shows no errors. I tried the syslog-ng -s -f
command in your message but the -s parameter is not supported , I get an
error.

I was starting to suspect that my problem may be with stunnel. When I boot I
see an OK on load but the very last thing that is loaded is stunnel and I
finally was able to catch this message on the console:

SSL_CTX_useRSAPRivateKey_file: error: 0906D06C: PEM routines: PEM_read_bio:
no start line

I took out the stunnel start line in rc.local and still no logging. I'm
wondering if I should just run syslog-ng without stunnel. I'm not planning
on having this server on a public IP address anyway. My plan was to run my
public servers with a 2 NIC cards. On card to the public IP and one on a
private network. The syslog-ng server would be on the private network behind
all the other servers. I think I would have a pretty good chance of catching
anything before it gets to the logging server.

Any thoughts/suggestions?

And not related:
Nice site, I found it early on and got a lot of good information from it.
Even so, you're not giving Great Lakes it's due, are you getting any grief
for that :).

Vilmos




-----Original Message-----
From: Nate Campi [mailto:nate@campin.net]
Sent: Sunday, March 09, 2003 1:46 AM
To: syslog-ng@lists.balabit.hu
Subject: Re: [syslog-ng]Newbie question


On Fri, Mar 07, 2003 at 08:31:12PM -0700, Vilmos Branyik wrote:
> 
> source src { unix-stream("/dev/log"); internal(); };
> source src { unix-stream("/dev/log"); internal(); };

You have two source lines, remove one and see if that helps. Also is
syslog-ng actually running or does it quit after parsing the config
file?
-- 
Nate Campi    http://www.campin.net 
_______________________________________________
syslog-ng maillist  -  syslog-ng@lists.balabit.hu
https://lists.balabit.hu/mailman/listinfo/syslog-ng
Frequently asked questions at http://www.campin.net/syslog-ng/faq.html