[syslog-ng]central log server not working

Ed Davison syslog-ng@lists.balabit.hu
Mon, 28 Feb 2005 12:15:54 -0600 

Any thoughts?

Ed

On Tue, 2005-02-22 at 16:10 -0600, Ed Davison wrote:
> I am trying to setup a central log host and am having trouble getting
> events registered on the central server.  It looks like the remote host
> does register with the central host but nothing shows in a log anywhere
> for it.  
> 
> I really need another set of eyes on this as I cannot figure this out
> for the life of me and I need to get this going.
> 
> Here is the excerpt from /var/log/messages (cleaned on the ip numbers):
> 
> --------8<--------8<--------8<--------
> Feb 18 14:19:45 sec5 syslog-ng[27866]: syslog-ng version 1.6.5 starting
> Feb 18 14:19:45 sec5 syslog-ng[27866]: Changing permissions on special
> file /dev/tty12
> Feb 18 14:24:00 sec5 syslog-ng[27866]: AF_INET client connected from
> 1.2.3.4, port 50378
> --------8<--------8<--------8<--------
> 
> Here is the central loghost config file:
> 
> --------8<--------8<--------8<--------
> options {
>         long_hostnames(off);
>         sync(0);
>         stats(43200);
>         dns_cache(yes);
>         use_fqdn(no);
>         keep_hostname(yes);
>         use_dns(yes);
> };
> 
> source gateway {
>         unix-stream("/dev/log");
>         internal();
>         udp(ip(0.0.0.0) port(514));
> };
> 
> source tcpgateway {
>         unix-stream("/dev/log");
>         internal();
>         tcp(ip(0.0.0.0) port(514) max_connections(1000));
> };
> 
> destination hosts {
>         file("/var/log/syslogs/$HOST/$FACILITY"
>         owner(root) group(root) perm(0600) dir_perm(0700)
> create_dirs(yes));
> };
> 
> log {
>         source(gateway); destination(hosts);
> };
> 
> log {
>         source(tcpgateway); destination(hosts);
> };
> 
> --------8<--------8<--------8<--------
> 
> The remote host config file is:
> 
> --------8<--------8<--------8<--------
> options {
>         long_hostnames(off);
>         sync(0);
>         stats(43200);
> };
> 
> source src { unix-stream("/dev/log"); internal(); pipe("/proc/kmsg"); };
> 
> source gateway {
>         unix-stream("/dev/log" max_connections(1000));
>         internal();
> };
> 
> destination messages { file("/var/log/messages"); };
> 
> # By default messages are logged to tty12...
> destination console_all { file("/dev/tty12"); };
> 
> destination shell {
>         tcp("1.2.3.1" port(514));
> };
> 
> log { source(src); destination(messages); };
> log { source(src); destination(console_all); };
> 
> log {
>         source(gateway); destination(shell);
> };
> --------8<--------8<--------8<--------
> 
> 
> 
-- 

--------------------------
Ed Davison
Sr. Systems Analyst
McCombs School of Business
512-232-6620 voice