[syslog-ng]syslog-ng on Sol8 - newbie questions
"Pedroche, Raśl"
syslog-ng@lists.balabit.hu
Wed, 14 Jul 2004 08:52:14 +0100
This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.
------=_NextPartTM-000-23640317-f2b2-4772-b1e3-8714ec39da95
Content-Type: multipart/alternative;
boundary="----_=_NextPart_001_01C46977.7A0E51C0"
------_=_NextPart_001_01C46977.7A0E51C0
Content-Type: text/plain; charset="iso-8859-1"
The idea would be configuring syslogd to not to listen on UDP
and send messages to it, while syslog-ng listens on UDP socket and
does not read from /dev/log.
You can add a line "LOG_FROM_REMOTE=NO" to /etc/default/syslogd
(but it should not be necessary, as Solaris syslogd does not listen
on UDP port by default) and add a line to /etc/syslog.conf alike to
whatever.whatever,*.somethingelse @localhost
Then create (and use) an UDP source in syslog-ng.conf and NOT
a source of type sun-streams.
-----Original Message-----
From: jbrunke@ctsgi.com [mailto:jbrunke@ctsgi.com]
Sent: Tuesday, July 13, 2004 10:18 PM
To: syslog-ng@lists.balabit.hu
Subject: [syslog-ng]syslog-ng on Sol8 - newbie questions
I'm running Solaris 8. I would like to setup syslog-ng and syslogd to
operate
together. Reading the faq, it says:
Q: I'm new to syslog-ng. Is there a way for syslog-ng and syslogd to co-
exist?...
A: Yes, syslog-ng can accept messages from stock syslogd using the udp()
source.
Can anyone give me more specifics on how to setup the source for this setup?
We've got syslogs forwarded from our network gear to this box so I want to
make sure syslog-ng can get those forwarded messages from syslogd.
Also, can anyone give a suggested filter setup for the following syslog.conf
entry:
local7.notice;*.err;kern.debug;daemon.notice;mail.none /var/log/error.log
Thanks, Jim
_______________________________________________
syslog-ng maillist - syslog-ng@lists.balabit.hu
https://lists.balabit.hu/mailman/listinfo/syslog-ng
Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
**********************************************************************
COLT Telecom Espana S.A.
Oficina Registrada en: Telemaco, 5 28027 Madrid
Tel. +34 91 789 9000
This message is subject to and does not create or vary any contractual
relationship between COLT Telecommunications, its subsidiaries or
affiliates ("COLT") and you. Internet communications are not secure
and therefore COLT does not accept legal responsibility for the
contents of this message. Any view or opinions expressed are those of
the author. The message is intended for the addressee only and its
contents and any attached files are strictly confidential. If you have
received it in error, please telephone the number above. Thank you.
**********************************************************************
------_=_NextPart_001_01C46977.7A0E51C0
Content-Type: text/html; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; charset=3Diso-8859-=
1">
<META NAME=3D"Generator" CONTENT=3D"MS Exchange Server version 5.5.2653.12">
<TITLE>RE: [syslog-ng]syslog-ng on Sol8 - newbie questions</TITLE>
</HEAD>
<BODY>
<P><FONT SIZE=3D2> The idea would be configuring syslogd to not to li=
sten on UDP</FONT>
<BR><FONT SIZE=3D2>and send messages to it, while syslog-ng listens on UDP =
socket and</FONT>
<BR><FONT SIZE=3D2>does not read from /dev/log.</FONT>
</P>
<P><FONT SIZE=3D2> You can add a line "LOG_FROM_REMOTE=3DNO"=
; to /etc/default/syslogd</FONT>
<BR><FONT SIZE=3D2>(but it should not be necessary, as Solaris syslogd does=
not listen</FONT>
<BR><FONT SIZE=3D2>on UDP port by default) and add a line to /etc/syslog.co=
nf alike to</FONT>
</P>
<P><FONT SIZE=3D2>whatever.whatever,*.somethingelse =
@localhost</FONT>
</P>
<P><FONT SIZE=3D2> Then create (and use) an UDP source in syslog-ng.c=
onf and NOT</FONT>
<BR><FONT SIZE=3D2>a source of type sun-streams.</FONT>
</P>
<P><FONT SIZE=3D2>-----Original Message-----</FONT>
<BR><FONT SIZE=3D2>From: jbrunke@ctsgi.com [<A HREF=3D"mailto:jbrunke@ctsgi=
.com">mailto:jbrunke@ctsgi.com</A>] </FONT>
<BR><FONT SIZE=3D2>Sent: Tuesday, July 13, 2004 10:18 PM</FONT>
<BR><FONT SIZE=3D2>To: syslog-ng@lists.balabit.hu</FONT>
<BR><FONT SIZE=3D2>Subject: [syslog-ng]syslog-ng on Sol8 - newbie questions=
</FONT>
</P>
<BR>
<P><FONT SIZE=3D2>I'm running Solaris 8. I would like to setup syslog-ng an=
d syslogd to operate </FONT>
<BR><FONT SIZE=3D2>together. Reading the faq, it says: </FONT>
</P>
<P><FONT SIZE=3D2>Q: I'm new to syslog-ng. Is there a way for syslog-ng and=
syslogd to co-</FONT>
<BR><FONT SIZE=3D2>exist?... </FONT>
<BR><FONT SIZE=3D2>A: Yes, syslog-ng can accept messages from stock syslogd=
using the udp() </FONT>
<BR><FONT SIZE=3D2>source. </FONT>
</P>
<P><FONT SIZE=3D2>Can anyone give me more specifics on how to setup the sou=
rce for this setup? </FONT>
<BR><FONT SIZE=3D2>We've got syslogs forwarded from our network gear to thi=
s box so I want to </FONT>
<BR><FONT SIZE=3D2>make sure syslog-ng can get those forwarded messages fro=
m syslogd.</FONT>
</P>
<P><FONT SIZE=3D2>Also, can anyone give a suggested filter setup for the fo=
llowing syslog.conf </FONT>
<BR><FONT SIZE=3D2>entry:</FONT>
</P>
<P><FONT SIZE=3D2>local7.notice;*.err;kern.debug;daemon.notice;mail.none&nb=
sp; /var/log/error.log</FONT>
</P>
<P><FONT SIZE=3D2>Thanks, Jim</FONT>
<BR><FONT SIZE=3D2>_______________________________________________</FONT>
<BR><FONT SIZE=3D2>syslog-ng maillist - syslog-ng@lists.balabit=
.hu</FONT>
<BR><FONT SIZE=3D2><A HREF=3D"https://lists.balabit.hu/mailman/listinfo/sys=
log-ng" TARGET=3D"_blank">https://lists.balabit.hu/mailman/listinfo/syslog-=
ng</A></FONT>
<BR><FONT SIZE=3D2>Frequently asked questions at <A HREF=3D"http://www.camp=
in.net/syslog-ng/faq.html" TARGET=3D"_blank">http://www.campin.net/syslog-n=
g/faq.html</A></FONT>
</P>
<FONT SIZE=3D3><BR>
<BR>
**********************************************************************<BR>
COLT Telecom Espana S.A.<BR>
Oficina Registrada en: Telemaco, 5 28027 Madrid<BR>
Tel. +34 91 789 9000<BR>
<BR>
This message is subject to and does not create or vary any contractual<BR>
relationship between COLT Telecommunications, its subsidiaries or <BR>
affiliates ("COLT") and you. Internet communications are not secure<BR>
and therefore COLT does not accept legal responsibility for the<BR>
contents of this message. Any view or opinions expressed are those of<BR>
the author. The message is intended for the addressee only and its<BR>
contents and any attached files are strictly confidential. If you have<BR>
received it in error, please telephone the number above. Thank you.<BR>
<BR>
**********************************************************************<BR>
</FONT>
</BODY>
</HTML>
------_=_NextPart_001_01C46977.7A0E51C0--
------=_NextPartTM-000-23640317-f2b2-4772-b1e3-8714ec39da95--