[syslog-ng] NewBe syslog-ng and fedora core 5 64+bit

Roberto Nibali ratz at drugphish.ch
Thu Sep 21 13:03:28 CEST 2006 

> This is the first time I'm using syslog-ng and I'm trying to log all 
> data to a mysql database ...
> when I start the service I get the following errors ..
> 
> [root at greg syslog-ng]# service syslog-ng restart
> Stopping syslog-ng:                                        [FAILED]
> Starting syslog-ng: Warning: No source refers to internal messages, 
> they'll go to /dev/null
> unresolved reference: inputs

You set a reference to inputs, which is not defined in your 
configuration file.

> # syslog-ng central log host configuration file
> #
> #
> #
> #####################################################################
> # General options
> 
> options { check_hostname(yes);
>           keep_hostname(yes);
>           chain_hostnames(no); };
> 
> # Other important general options
> 
> # use_fqdn(yes);
> # sync(0);
> # keep_hostname(yes);
> # chain_hostnames(no);
> # create_dirs(yes);
> 
> #####################################################################
> # Define syslog input stream
> # This is specific to Solaris 9
> 
> #source inputs { internal();
> #                sun-streams("/dev/log" door("/var/run/syslog_door"));
> #                tcp(max_connections(1000)); };

Since this is commented out (for obvious reasons)

> # For newer versions of Linux (Debian GNU/Linux woody,
> # and RedHat Linux post 7.0)
> #
> source stdlog { unix-dgram("/dev/log"); };   <<<<<<<<<<<<<<<< How should 
> this be defined for fedora core ?

Try following:

source inputs {
   internal();
   unix-dgram("/dev/log");
};

> #####################################################################
> # Define filters
> 
> # Level Filters
> filter f_emerg { level (emerg); };
> filter f_alert { level (alert .. emerg); };
> filter f_crit { level (crit .. emerg); };
> filter f_err { level (err .. emerg); };
> filter f_warning { level (warning .. emerg); };
> filter f_notice { level (notice .. emerg); };
> filter f_info { level (info .. emerg); };
> filter f_debug { level (debug .. emerg); };
> 
> # Facility Filters
> filter f_kern { facility (kern); };
> filter f_user { facility (user); };
> filter f_mail { facility (mail); };
> filter f_daemon { facility (daemon); };
> filter f_auth { facility (auth); };
> filter f_syslog { facility (syslog); };
> filter f_lpr { facility (lpr); };
> filter f_news { facility (news); };
> filter f_uucp { facility (uucp); };
> filter f_cron { facility (cron); };
> filter f_local0 { facility (local0); };
> filter f_local1 { facility (local1); };
> filter f_local2 { facility (local2); };
> filter f_local3 { facility (local3); };
> filter f_local4 { facility (local4); };
> filter f_local5 { facility (local5); };
> filter f_local6 { facility (local6); };
> filter f_local7 { facility (local7); };
> 
> # syslog-ng stats filter
> filter f_n_stats { not match("STATS: dropped 0"); };
> 
> # syslog-ng "connect from filter
> filter f_n_connected { not match("AF_INET client connected from"); };
> 
> #####################################################################
> # Define where the logs can be stored
> 
> # Log log files
> destination logpile {
>         file("/var/syslog-ng/$HOST/$YEAR/$MONTH/$FACILITY.$YEAR$MONTH$DAY"
>         owner(root) group(root) perm(0600)
>         create_dirs(yes) dir_perm(0700)); };
> 
> # Console log
> destination console { file("/dev/sysmsg"); };
> 
> # Linux Console
> # destination console { file("/dev/console"); };
> 
> # MySQL Database
> destination d_mysql { pipe("/var/run/mysql.pipe"
>                       template("INSERT INTO logs (host, facility,
>                       priority, level, tag, date, time, program, msg)
>                       VALUES
>                       ( '$HOST', '$FACILITY', '$PRIORITY', '$LEVEL','$TAG',
>                       '$YEAR-$MONTH-$DAY', '$HOUR:$MIN:$SEC', '$PROGRAM',
>                       '$MSG' );\n") template-escape(yes));
> };

Why not insert the date and time as MySQL timestamp or date field?

> #####################################################################
> # Define logging
> 
> # Local log
> log { source(inputs);

"inputs" is not defined in the source section of the configuration

>       filter(f_n_stats);
>       filter(f_notice);
>       filter(f_n_connected);
>       destination(logpile); };
> 
> # Console
> log { source(inputs);

"inputs" is not defined in the source section of the configuration

>       filter(f_n_stats);
>       filter(f_err);
>       filter(f_n_connected);
>       destination(console); };
> 
> # MySQL Database
> log { source(inputs);

"inputs" is not defined in the source section of the configuration

>       filter(f_n_stats);
>       filter(f_notice);
>       filter(f_n_connected);
>       destination(d_mysql); };

Best regards,
Roberto Nibali, ratz
-- 
echo 
'[q]sa[ln0=aln256%Pln256/snlbx]sb3135071790101768542287578439snlbxq' | dc

More information about the syslog-ng mailing list