[syslog-ng]Moving from syslog -> syslog-ng - not logging
Dan Zubey
syslog-ng@lists.balabit.hu
Fri, 16 Apr 2004 13:06:24 -0700
This is a multi-part message in MIME format.
------=_NextPart_000_001B_01C423B3.9FB1E310
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Moving from syslog -> syslog-ng - not loggingIm not sure if this helps or
not, but make sure klogd is running on each of the hosts.
Something like klogd -c 3 or somesuch.
-Dan
-----Original Message-----
From: syslog-ng-admin@lists.balabit.hu
[mailto:syslog-ng-admin@lists.balabit.hu]On Behalf Of Mark Robinson
Sent: Thursday, April 15, 2004 6:53 AM
To: 'syslog-ng@lists.balabit.hu'
Subject: [syslog-ng]Moving from syslog -> syslog-ng - not logging
I'm trying to move to syslog-ng but I can't get anything other than system
messages to write to the log.
Here's the syslog.conf file that woks:
--------------------------------------------------------------------------
------
*.err;kern.notice;auth.notice /dev/console
*.err;kern.debug;daemon.info;daemon.notice;mail.crit /var/adm/messages
*.alert;kern.err;daemon.err operator
*.alert root
*.emerg *
mail.debug ifdef(`LOGHOST', /var/log/syslog,
@loghost)
ifdef(`LOGHOST', ,
*.err /var/adm/messages
user.err /dev/console
user.err /var/adm/messages
user.alert `root, operator'
user.emerg *
)
local7.debug /data1/syslogs/nd.log
auth.debug /data1/syslogs/nd.log
local3.err /data1/syslogs/nd.log
*.err;*.debug;*.crit;*.warning;*.info;*.notice /data1/syslogs/mcs.log
local2.notice @sudosyslog.ca.company.com
--------------------------------------------------------------------------
------
How should a very basic syslog-ng.conf file be written?
--
this message has been intercepted
------=_NextPart_000_001B_01C423B3.9FB1E310
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; =
charset=3Diso-8859-1">
<TITLE>Moving from syslog -> syslog-ng - not logging</TITLE>
<META content=3D"MSHTML 6.00.2800.1400" name=3DGENERATOR></HEAD>
<BODY>
<DIV><SPAN class=3D389300520-16042004><FONT face=3DArial color=3D#0000ff =
size=3D2>Im not=20
sure if this helps or not, but make sure klogd is running on each of the =
hosts.</FONT></SPAN></DIV>
<DIV><SPAN class=3D389300520-16042004><FONT face=3DArial color=3D#0000ff =
size=3D2></FONT></SPAN> </DIV>
<DIV><SPAN class=3D389300520-16042004><FONT face=3DArial color=3D#0000ff =
size=3D2>Something like klogd -c 3 or somesuch.</FONT></SPAN></DIV>
<DIV><SPAN class=3D389300520-16042004><FONT face=3DArial color=3D#0000ff =
size=3D2></FONT></SPAN> </DIV>
<DIV><SPAN class=3D389300520-16042004><FONT face=3DArial color=3D#0000ff =
size=3D2>-Dan</FONT></SPAN></DIV>
<DIV><SPAN class=3D389300520-16042004></SPAN> </DIV>
<BLOCKQUOTE dir=3Dltr style=3D"MARGIN-RIGHT: 0px">
<DIV class=3DOutlookMessageHeader dir=3Dltr align=3Dleft><FONT =
face=3DTahoma=20
size=3D2>-----Original Message-----<BR><B>From:</B>=20
syslog-ng-admin@lists.balabit.hu=20
[mailto:syslog-ng-admin@lists.balabit.hu]<B>On Behalf Of </B>Mark=20
Robinson<BR><B>Sent:</B> Thursday, April 15, 2004 6:53 =
AM<BR><B>To:</B>=20
'syslog-ng@lists.balabit.hu'<BR><B>Subject:</B> [syslog-ng]Moving from =
syslog=20
-> syslog-ng - not logging<BR><BR></FONT></DIV>
<P><FONT face=3DArial size=3D2>I'm trying to move to syslog-ng but I =
can't get=20
anything other than system messages to write to the log.</FONT> </P>
<P><FONT face=3DArial size=3D2>Here's the syslog.conf file that =
woks:</FONT>=20
<BR><FONT face=3DArial=20
=
size=3D2>----------------------------------------------------------------=
----------------</FONT>=20
<BR><FONT face=3DArial=20
=
size=3D2>*.err;kern.notice;auth.notice  =
; =
=20
/dev/console</FONT> <BR><FONT face=3DArial=20
=
size=3D2>*.err;kern.debug;daemon.info;daemon.notice;mail.crit =
=20
/var/adm/messages</FONT> <BR><FONT face=3DArial=20
=
size=3D2>*.alert;kern.err;daemon.err &=
nbsp; &n=
bsp; =20
operator</FONT> <BR><FONT face=3DArial=20
=
size=3D2>*.alert &nb=
sp; &nbs=
p;  =
; =20
root</FONT> <BR><FONT face=3DArial=20
=
size=3D2>*.emerg &nb=
sp; &nbs=
p;  =
; =20
*</FONT> </P>
<P><FONT face=3DArial=20
=
size=3D2>mail.debug =
=
ifdef(`LOGHOST', /var/log/syslog, @loghost)</FONT> </P>
<P><FONT face=3DArial size=3D2>ifdef(`LOGHOST', ,</FONT> <BR><FONT =
face=3DArial=20
=
size=3D2>*.err  =
; =
=
/var/adm/messages</FONT> <BR><FONT face=3DArial=20
=
size=3D2>user.err &n=
bsp; &nb=
sp; =20
/dev/console</FONT> <BR><FONT face=3DArial=20
=
size=3D2>user.err &n=
bsp; &nb=
sp; =20
/var/adm/messages</FONT> <BR><FONT face=3DArial=20
=
size=3D2>user.alert =
&=
nbsp; =20
`root, operator'</FONT> <BR><FONT face=3DArial=20
=
size=3D2>user.emerg =
&=
nbsp; =20
*</FONT> <BR><FONT face=3DArial size=3D2>)</FONT> <BR><FONT =
face=3DArial=20
size=3D2>local7.debug /data1/syslogs/nd.log</FONT> =
<BR><FONT=20
face=3DArial size=3D2>auth.debug =20
/data1/syslogs/nd.log</FONT> <BR><FONT face=3DArial=20
size=3D2>local3.err =20
/data1/syslogs/nd.log</FONT> <BR><FONT face=3DArial=20
size=3D2>*.err;*.debug;*.crit;*.warning;*.info;*.notice =20
/data1/syslogs/mcs.log</FONT> </P>
<P><FONT face=3DArial=20
=
size=3D2>local2.notice &nb=
sp; &nbs=
p; =20
@sudosyslog.ca.company.com</FONT> <BR><FONT face=3DArial=20
=
size=3D2>----------------------------------------------------------------=
----------------</FONT>=20
</P>
<P><FONT face=3DArial size=3D2>How should a very basic syslog-ng.conf =
file be=20
written?</FONT> </P></BLOCKQUOTE></BODY></HTML>
------=_NextPart_000_001B_01C423B3.9FB1E310--