[syslog-ng] RE: Syslog-ng not logging anything from Solaris host

Shah, Maunir Maunir.shah at knowles.com
Fri Jun 16 23:12:04 CEST 2006


I guess I wasn't patient enough to try on one of our production boxes
that does generate messages.  I see the messages coming in now. But
thanks for all the help.

 

Maunir Shah

 

________________________________

From: Shah, Maunir 
Sent: Friday, June 16, 2006 2:47 PM
To: Shah, Maunir; 'syslog-ng at lists.balabit.hu'
Subject: RE: Syslog-ng not logging anything from Solaris host

 

telnet uses tcp, whereas syslogd uses udp by default, so the traffic
might still be blocked by a firewall.
 
Regarding your response for telnet, we had tcp and udp protocol enabled
for syslog-ng when we tested to make sure firewall is not blocking it.
But, since default solaris syslog uses udp I took out tcp to test and no
logging whatsoever.  When I run a snoop on syslog-ng server I don't even
see any kind of packets coming in when I run logger -p on the test host.
Does anyone know if my syslog.conf file on the test box is right or
wrong?  Maybe that's what is causing it to not send anything.
 
Thanks
 

Maunir Shah

 

________________________________

From: Shah, Maunir 
Sent: Friday, June 16, 2006 11:37 AM
To: 'syslog-ng at lists.balabit.hu'
Subject: Syslog-ng not logging anything from Solaris host

 

I'm running syslog-ng 1.6.11 on Solaris 10 zone, and so far I'm able to
see logs being created locally but I'm not seeing any kind of logging
from other Solaris host.  For my syslog-ng server I made sure that I'm
using udp and for source its door.  I've two test servers running
Solaris 8 and 10 that I'm testing from and have changed syslog.conf to
reflect the changes and point all my logs to go to syslog-ng.  It's not
the firewall that is blocking it as we are able to telnet to port 514
and whatever you type in the cmd prompt it records it on the syslog-ng
server.  I know I'm missing something in the config file but not sure
what I'm doing wrong.

 

My syslog-ng.conf file

 

source s_dgram

 { sun-streams ("/dev/log" door("/etc/.syslog_door")); };

 

source s_internal

  { internal(); };

 

#source s_kernel

#  { pipe("/proc/kmsg" log_prefix("kernel: ")); };

 

#source s_tcp

#  { tcp(ip(10.1.100.84)port(514) keep-alive(yes) max_connections(100));
};

 

source s_udp

  { udp(); };

 

Solaris 8 box syslog.conf file

 

#ident  "@(#)syslog.conf        1.5     98/12/14 SMI"   /* SunOS 5.0 */

#

# Copyright (c) 1991-1998 by Sun Microsystems, Inc.

# All rights reserved.

#

# syslog configuration file.

#

# This file is processed by m4 so be careful to quote (`') names

# that match m4 reserved words.  Also, within ifdef's, arguments

# containing commas must be quoted.

#

*.*                                             @loghost

 

Maunir Shah

630-285-5875 - desk

630-550-6266 - cell

 

******************************* IMPORTANT MESSAGE ******************************
This transmission may contain information that is privileged, confidential
and/or exempt from disclosure under applicable law. If you are not the intended
recipient, you are hereby notified that any disclosure, copying, distribution, 
or use of the information contained herein (including any reliance thereon) is 
STRICTLY PROHIBITED. If you received this transmission in error, please 
immediately contact the sender and destroy the material in its entirety, whether
in electronic or hard copy format. Thank you.
********************************************************************************
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20060616/80dccda7/attachment.htm


More information about the syslog-ng mailing list