[syslog-ng]syslog-ng on Sol8 - newbie questions

syslog-ng@lists.balabit.hu syslog-ng@lists.balabit.hu
Wed, 14 Jul 2004 10:08:23 -0500 

For whatever reason, my syslogd probe IS configured to listen on the UDP port 
by default...  I confirmed this by stopping syslogd, starting syslog-ng and 
then trying to restart syslogd.  Syslogd would not start because it could not 
hook to port 514...  Creating the /etc/default/syslogd was the answer.  There 
is also a "-t" option for syslogd that may also do the same thing.  

As for your other suggestion.  I was unable to get syslogd to forward anything 
to @localhost.  It would complain at startup it was undefined (it is not).  
When I put @theactualhostname, no compaints on startup, but that didn't seem 
to do it either.

So I went back and took the @theactualhostname definition out of syslogd.conf 
(making syslogd.conf "stock") and put the sun-streams src back in syslog-ng.  
That seems to have done the trick.  Both syslogd and syslog-ng "see" local 
system messages and take appropriate action(s).  So I guess there is no issue 
with syslog & syslog-ng "sharing" the /dev/log stream.  Can someone confirm I 
won't run into problems with this config?

So now I believe I have the best of both worlds...  The SA can have his 
syslog.conf file and whatever files he wants to do there.  All remote syslog 
traffic is received and managed by syslog-ng.  The SA never liked the fact 
that forwarded syslog messages "gummed up" /var/adm/messages anyway...  ;-)

Thanks, 

Jim Brunke

-------------------------------------------------------------------------------
-
From: syslog-ng-admin@lists.balabit.hu [mailto:syslog-ng-
admin@lists.balabit.hu] On Behalf Of Pedroche, Raśl
Sent: Wednesday, July 14, 2004 3:52 AM
To: 'syslog-ng@lists.balabit.hu'
Subject: RE: [syslog-ng]syslog-ng on Sol8 - newbie questions


  The idea would be configuring syslogd to not to listen on UDP 
and send messages to it, while syslog-ng listens on UDP socket and 
does not read from /dev/log. 

  You can add a line "LOG_FROM_REMOTE=NO" to /etc/default/syslogd 
(but it should not be necessary, as Solaris syslogd does not listen 
on UDP port by default) and add a line to /etc/syslog.conf alike to 

whatever.whatever,*.somethingelse       @localhost 

  Then create (and use) an UDP source in syslog-ng.conf and NOT 
a source of type sun-streams. 

-----Original Message----- 
From: jbrunke@ctsgi.com [mailto:jbrunke@ctsgi.com] 
Sent: Tuesday, July 13, 2004 10:18 PM 
To: syslog-ng@lists.balabit.hu 
Subject: [syslog-ng]syslog-ng on Sol8 - newbie questions 



I'm running Solaris 8. I would like to setup syslog-ng and syslogd to operate 
together.  Reading the faq, it says:  

Q: I'm new to syslog-ng. Is there a way for syslog-ng and syslogd to co- 
exist?... 
A: Yes, syslog-ng can accept messages from stock syslogd using the udp() 
source. 

Can anyone give me more specifics on how to setup the source for this setup?  
We've got syslogs forwarded from our network gear to this box so I want to 
make sure syslog-ng can get those forwarded messages from syslogd. 

Also, can anyone give a suggested filter setup for the following syslog.conf 
entry: 

local7.notice;*.err;kern.debug;daemon.notice;mail.none  /var/log/error.log 

Thanks, Jim 
_______________________________________________ 
syslog-ng maillist  -  syslog-ng@lists.balabit.hu 
https://lists.balabit.hu/mailman/listinfo/syslog-ng 
Frequently asked questions at http://www.campin.net/syslog-ng/faq.html 



**********************************************************************
COLT Telecom Espana S.A.
Oficina Registrada en: Telemaco, 5 28027 Madrid
Tel. +34 91 789 9000

This message is subject to and does not create or vary any contractual
relationship between COLT Telecommunications, its subsidiaries or 
affiliates ("COLT") and you. Internet communications are not secure
and therefore COLT does not accept legal responsibility for the
contents of this message. Any view or opinions expressed are those of
the author. The message is intended for the addressee only and its
contents and any attached files are strictly confidential. If you have
received it in error, please telephone the number above. Thank you.

**********************************************************************