[syslog-ng]Syslogd and Syslog-ng shareing ports.
Jay Davis
syslog-ng@lists.balabit.hu
Sun, 07 Sep 2003 08:09:53 -0400
I tested quite a bit with syslogd and syslog-ng and am now having a
problem. I need syslogd and syslog-ng to share port 514 for inbound
syslog messages. When I tested in the lab this was not a problem. Now it
seems the only way I can get syslog-ng to listen to the correct
IPaddress port pair is to specify that port in the config file. When I
do this syslog-ng takes over port 514 and syslogd can not listen anymore
:( Here is the config slightly sanitized. Any ideas? This is on solaris
2.8 standard build with all good patches.
options { sync (0);
time_reopen (10);
log_fifo_size (1000);
long_hostnames (off);
use_dns (yes);
dns_cache_size(1000);
dns_cache_expire_failed(5);
use_fqdn (no);
create_dirs (no);
keep_hostname (yes);
};
source s_sys { sun-streams ("/dev/log" door("/etc/.syslog_door"));
internal(); };
#source s_udpmessages {udp(ip(SPECIFIC IP) port(514));};
source s_udpmessages {udp(ip(0.0.0.0) port(514));};
destination l_mesg { file("/export/epm/syslog-ng/logs/local.log"); };
destination d_mesg { file("/export/epm/syslog-ng/logs/network.log"); };
destination d_acpt { udp("LOWER ENVIRON IP" port(514)); };
filter f_filter5 { facility(local5) and
level(emerg,alert,crit,err,warning,notice,info); };
filter f_filter6 { facility(local6) and
level(emerg,alert,crit,err,warning,notice,info); };
filter f_filter7 { facility(local7) and
level(emerg,alert,crit,err,warning,notice,info); };
log { source(s_udpmessages); filter(f_filter5); destination(d_mesg); };
log { source(s_udpmessages); filter(f_filter6); destination(d_mesg); };
log { source(s_udpmessages); filter(f_filter7); destination(d_mesg); };
log { source(s_udpmessages); filter(f_filter5); destination(d_acpt); };
log { source(s_udpmessages); filter(f_filter6); destination(d_acpt); };
log { source(s_udpmessages); filter(f_filter7); destination(d_acpt); };