[syslog-ng] Creating a named pipe (FIFO)

Timothy A. Holmes tholmes at mcaschool.net
Wed Mar 22 14:50:55 CET 2006 

Good Morning All:

I have hit a bit of a problem with the set up of my Splunk system.

I am trying to set it up for using a named pipe to get my data into
splunk.  I have the logging server receiving data and logging it to
files with no problem, but, someplace, I have gotten the named pipe
configuration messed up.  Here is my syslog-ng.conf file


# $Header:
/var/cvsroot/gentoo-x86/app-admin/syslog-ng/files/syslog-ng.conf.gentoo,
v 1.5 2005/05/12 05:46:10 mr_bones_ Exp $
#
# Syslog-ng default configuration file for Gentoo Linux
# contributed by Michael Sterrett

options {
        chain_hostnames(off);
        sync(0);

        # The default action of syslog-ng 1.6.0 is to log a STATS line
        # to the file every 10 minutes.  That's pretty ugly after a
while.
        # Change it to every 12 hours so you get a nice daily update of
        # how many messages syslog-ng missed (0).
        stats(43200);
};

source src { unix-stream("/dev/log"); internal(); pipe("/proc/kmsg"); };

destination messages { file("/var/log/messages"); };

source remote {
        udp();
};

destination splunk {
        pipe("/var/syslog-ng/syslog_fifo");
};

log{
        source(remote);
        destination(splunk);
};

destination hosts {
        file("/var/log/hosts/$HOST/messages"
        owner(root) group(logs) perm(0640) dir_perm(0750)
create_dirs(yes)
        );
};

log {
        source(remote);
        destination(hosts);
};


# By default messages are logged to tty12...
destination console_all { file("/dev/tty12"); };
# ...if you intend to use /dev/console for programs like xconsole
# you can comment out the destination line above that references
/dev/tty12
# and uncomment the line below.
#destination console_all { file("/dev/console"); };

log { source(src); destination(messages); };
log { source(src); destination(console_all); };
srvnms-01 ~ #





As the file is currently configured, syslog-ng starts with no problems
and runs logging to the files as specified in the destination hosts
directive.


The data never appears in the named pipe.  

I did some investigation and asked a few questions on IRC, and someone
told me that I needed to use the mkpipe command, however I have been
unable to locate (using google) the proper syntax for the mkpipe
command.

Another person told me that once I got it set up, I would need to
configure logrotate as well.

Any and all pointers that you can provide would be most welcome.  I have
gone over the FAQ and also the users manual.  As well as googling about
for the proper answers. If you prefer to just point me to resources and
let me figure it out myself, That is also quite cool, I like to learn.


Thank you 


Timothy A. Holmes
IT Manager / Network Admin / Web Master / Computer Teacher
 
Medina Christian Academy
A Higher Standard...
 
Jeremiah 33:3
Jeremiah 29:11
Esther 4:14

More information about the syslog-ng mailing list