[syslog-ng]Logserver doesn't receving remote logs

Ed Davison syslog-ng@lists.balabit.hu
Mon, 28 Feb 2005 12:12:06 -0600 

bump.

On Fri, 2005-02-25 at 10:47 -0300, Viper sec wrote:
> Hey ,
> I have a central logserver with syslog-ng installed and configured
> (see above syslog-ng.conf), some clients (in conf just remotehost5)
> send (514/udp) their logs to this logserver; but logserver isn't
> receiving these logs. When I try to use local system logs, it's ok,
> create the log files, but with remote host doesn't.
> I have created /var/log/HOSTS/{nameserver}, and clients, that use
> syslog has in syslog.conf *.warning        @logserver (/etc/hosts is
> ok).
> remotehost5 is pinging logserver.
> 
> Anybody has any ideia about it? (thanks too much)
> 
> logserver: linux  Fedora Core 3
>                syslog-ng-1.6.5-6
>                libol-0.3.14-1
> 
> /* syslog-ng.conf
> logserver = = local server
> */
> 
> options{ sync(0);
>           keep_hostname(no);
>           log_fifo_size(1000);
>           long_hostnames(off);
>           use_dns(no);
>           use_fqdn(no);
>           create_dirs(yes);
>        };
> 
> source s_sys{ unix-stream("/dev/log"); internal(); };
> source s_udp{ udp(ip(192.168.100.100) ); }; #listenned interface on server
> 
> filter f_remotehost5sec{ host( "web5" ) and level( warning .. emerg )
> and facility( authpriv ); };
> filter f_logservermesg{ level(info .. emerg) and not
> (facility(authpriv) and facility(mail) and facility(cron)); };
> filter f_logserversec { facility(authpriv) and level(info .. emerg); };
> 
> destination d_remotehost5mesg { 
>                              
> file("/var/log/HOSTS/remotehost5/$YEAR-$MONTH-$DAY.secure" ); };
> destination d_remotehost5sec {
>                              
> file("/var/log/HOSTS/remotehost5/$YEAR-$MONTH-$DAY.secure" ); };
> destination d_logservermesg {
>                             
> file("/var/log/HOSTS/logserver/$YEAR-$MONTH-$DAY.message"); };
> destination d_logserversec {
>                              
> file("/var/log/HOSTS/logserver/$YEAR-$MONTH-$DAY.secure"); };
> 
> log { source(s_udp); filter(f_remotehost5mesg);
> destination(d_remotehost5mesg); };
> log { source(s_sys); filter(f_logservermesg); destination(d_logservermesg); };
> log { source(s_sys); filter(f_logserversec); destination(d_logserversec); };
> _______________________________________________
> syslog-ng maillist  -  syslog-ng@lists.balabit.hu
> https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
> 
-- 

--------------------------
Ed Davison
Sr. Systems Analyst
McCombs School of Business
512-232-6620 voice