[syslog-ng]central log server not working

Ed Davison syslog-ng@lists.balabit.hu
Tue, 22 Feb 2005 16:10:35 -0600 

I am trying to setup a central log host and am having trouble getting
events registered on the central server.  It looks like the remote host
does register with the central host but nothing shows in a log anywhere
for it.  

I really need another set of eyes on this as I cannot figure this out
for the life of me and I need to get this going.

Here is the excerpt from /var/log/messages (cleaned on the ip numbers):

--------8<--------8<--------8<--------
Feb 18 14:19:45 sec5 syslog-ng[27866]: syslog-ng version 1.6.5 starting
Feb 18 14:19:45 sec5 syslog-ng[27866]: Changing permissions on special
file /dev/tty12
Feb 18 14:24:00 sec5 syslog-ng[27866]: AF_INET client connected from
1.2.3.4, port 50378
--------8<--------8<--------8<--------

Here is the central loghost config file:

--------8<--------8<--------8<--------
options {
        long_hostnames(off);
        sync(0);
        stats(43200);
        dns_cache(yes);
        use_fqdn(no);
        keep_hostname(yes);
        use_dns(yes);
};

source gateway {
        unix-stream("/dev/log");
        internal();
        udp(ip(0.0.0.0) port(514));
};

source tcpgateway {
        unix-stream("/dev/log");
        internal();
        tcp(ip(0.0.0.0) port(514) max_connections(1000));
};

destination hosts {
        file("/var/log/syslogs/$HOST/$FACILITY"
        owner(root) group(root) perm(0600) dir_perm(0700)
create_dirs(yes));
};

log {
        source(gateway); destination(hosts);
};

log {
        source(tcpgateway); destination(hosts);
};

--------8<--------8<--------8<--------

The remote host config file is:

--------8<--------8<--------8<--------
options {
        long_hostnames(off);
        sync(0);
        stats(43200);
};

source src { unix-stream("/dev/log"); internal(); pipe("/proc/kmsg"); };

source gateway {
        unix-stream("/dev/log" max_connections(1000));
        internal();
};

destination messages { file("/var/log/messages"); };

# By default messages are logged to tty12...
destination console_all { file("/dev/tty12"); };

destination shell {
        tcp("1.2.3.1" port(514));
};

log { source(src); destination(messages); };
log { source(src); destination(console_all); };

log {
        source(gateway); destination(shell);
};
--------8<--------8<--------8<--------



-- 

--------------------------
Ed Davison
Sr. Systems Analyst
McCombs School of Business
512-232-6620 voice