[syslog-ng]Sylog-ng OpenBSD Problems

me syslog-ng@lists.balabit.hu
Thu, 29 Apr 2004 07:28:00 +0200 (MEST) 

Hi again,

> Warning: No source refers to internal messages, they'll go
> to /dev/null

To get rid of this, enable the option "internal()" within your source
definition..
(http://www.balabit.com/products/syslog_ng/reference/reference.html).

<from the reference doc>
All internally generated messages "come" from this special source. If you
want warnings, errors and notices from syslog-ng itself, you have to include
this source in one of your source statements.

	  Declaration: internal()
	
Syslog-ng will issue a warning upon startup, if this driver is not
referenced. 
</from the reference doc>

Be sure to chain_hostnames() also... 
<from the reference doc>
The name of the source host where the message is originated from. If the
message traverses several hosts, and chain_hostnames() is on, the first one
is used.
</from the reference doc>

If you run syslog-ng v1.5.3 or higher, you can define templates for the
messages to be generated by syslog: template()

<from the reference doc>
Specifies a template which specifies the logformat to be used in this file.
The possible macros are the same as in destination filenames.
</from the reference doc>

Here an example: 

destination all {
  file("/var/adm/all.log"
    template("$DATE $HOST [$FACILITY.$LEVEL] $MSG\n")
  );
};

Hope this helps this time.. :-)
/me


> Hello me
> 
> thanks for your fast reply.
> But to be honest i had no luck :-(
> 
> # cat /etc/test
> options { 
> use_fqdn(no); 
> use_dns(no); 
> dns_cache(no); 
> keep_hostname(yes);
> long_hostnames(off); 
> sync(1); 
> };
> source s_udp { udp(); }; 
> destination smc { file("/var/log/info"); };
> log { source(s_udp); destination(smc); };
> # syslog-ng -f /etc/test
> Warning: No source refers to internal messages, they'll go
> to /dev/null
> # tail -f /var/log/info
> Apr 28 19:31:01 syslog 62784: Apr 28 19:50:02:
> %SEC-6-IPACCESSLOGP: list 150 denied udp
> 192.168.163.1(3381) -> 255.255.255.255(712), 1 packet
> Apr 28 19:31:01 syslog 1562183: Apr 28 19:50:03:
> %ISDN-6-CONNECT: Interface Serial1/1:27 is now connected to
> 0800321321 test32ABC
> Apr 28 19:31:02 syslog 1562184: Apr 28 19:50:03:
> %LINK-3-UPDOWN: Interface Async163, changed state to up
> Apr 28 19:31:07 syslog 1562188: Apr 28 19:50:08:
> %LINEPROTO-5-UPDOWN: Line protocol on Interface
> Serial2/1:14, changed state to up
> Apr 28 19:31:08 syslog 163080: Apr 28 17:50:09:
> %SEC-6-IPACCESSLOGP: list 150 denied udp 10.150.9.3(4031)
> -> 255.255.255.255(161), 1 packet
> 
> as you can see i done everything you told me, i always get
> the same problem, this is a standart installation of
> OpenBSD no special changes where made, nothing.
> 
> Any more Ideas?
> 
> Greets
> 
> Johannes
> 
> 
> On Wed, 28 Apr 2004 18:54:16 +0200 (MEST)
>  "me" <e.diot@gmx.net> wrote:
> > Hi,
> > 
> > check these options out...
> >
> http://www.balabit.com/products/syslog_ng/reference/x601.html:
> > 
> > options { 
> > 	use_fqdn(no); 
> > 	use_dns(no); 
> >  	dns_cache(no); 
> > 	keep_hostname(yes);
> > 	long_hostnames(off); 
> > 	sync(1); 
> > };
> > 
> > You have to disable these options as shown above.
> > Hope this helps...
> > 
> > /me
> > 
> > > Hello,
> > > 
> > > I run syslog-ng-1.5.24 on OpenBSD 3.4 sparc64,
> > > i have some problems, its not working in the way i want
> > it,
> > > my config looks in this way:
> > > 
> > > options { 
> > > long_hostnames(off);
> > > chain_hostnames(off);
> > > use_fqdn (yes);
> > > sync(0); 
> > > };
> > > source s_udp { udp(); }; 
> > > destination test { file("/var/log/info"); };
> > > log { source(s_udp); destination(test); };
> > > 
> > > no biggie at all
> > > 
> > > tail -f /var/log/info shows:
> > > Apr 28 16:23:18 syslog/syslog 1552866: Apr 28 16:42:18:
> > > %LINEPROTO-5-UPDOWN: Line protocol on Interface
> > > Serial1/1:14, changed state to down
> > > Apr 28 16:23:23 syslog/syslog 1552872: Apr 28 16:42:24:
> > > %LINK-3-UPDOWN: Interface Serial1/0:2, changed state to
> > > down
> > > 
> > > There is no Router source IP, just syslog/syslog syslog
> > is
> > > the name of the logging box
> > > 
> > > # uname -a
> > > OpenBSD syslog.srv.test.com 3.4 GENERIC#85 sparc64
> > > 
> > > when i run that box with the normal syslogd the source
> > ip,
> > > gets shown, and even when i erase all options in
> > > syslog-ng.conf :
> > > source s_udp { udp(); }; 
> > > destination test { file("/var/log/info"); };
> > > log { source(s_udp); destination(test); };
> > > 
> > > the source ip never comes in, i just want the sourceip
> > no
> > > dns name nothing any ideas?
> > > 
> > > Greets
> > > 
> > > Johannes
> > > --
> > > Die e-Mail-Boxes von Brennercom sind Virus-gesichert
> > und Spam-gefiltert.
> > > Le caselle e-Mail di Brennercom sono protette da
> > sistemi antivirus e
> > > antispam.
> > > 
> > > http://www.brennercom.it
> > > _______________________________________________
> > > syslog-ng maillist  -  syslog-ng@lists.balabit.hu
> > > https://lists.balabit.hu/mailman/listinfo/syslog-ng
> > > Frequently asked questions at
> > http://www.campin.net/syslog-ng/faq.html
> > > 
> > 
> > -- 
> > NEU : GMX Internet.FreeDSL
> > Ab sofort DSL-Tarif ohne Grundgebühr:
> > http://www.gmx.net/dsl
> > 
> > _______________________________________________
> > syslog-ng maillist  -  syslog-ng@lists.balabit.hu
> > https://lists.balabit.hu/mailman/listinfo/syslog-ng
> > Frequently asked questions at
> > http://www.campin.net/syslog-ng/faq.html
> > 
> 
> --
> Die e-Mail-Boxes von Brennercom sind Virus-gesichert und Spam-gefiltert.
> Le caselle e-Mail di Brennercom sono protette da sistemi antivirus e
> antispam.
> 
> http://www.brennercom.it
> _______________________________________________
> syslog-ng maillist  -  syslog-ng@lists.balabit.hu
> https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
> 

-- 
NEU : GMX Internet.FreeDSL
Ab sofort DSL-Tarif ohne Grundgebühr: http://www.gmx.net/dsl