[syslog-ng] Re: file issues

Brian Loe knobdy at gmail.com
Tue Sep 26 17:05:29 CEST 2006 

No one with an idea of what might be going on here? I've reread most
of the documentation for syslog-ng and can't figure it out...perhaps
its an AIX/fs permissions issue?

On 9/25/06, Brian Loe <knobdy at gmail.com> wrote:
> I'm running into all kinds of problems running syslog-ng. It won't
> create the files in subdirectories like I want, it won't feed the
> named pipes I want...  The following is my configuration (and I'm
> running sec against the pipes - since I need a reader before I start
> the writer on AIX):
>
> # cat /etc/syslog-ng/syslog-ng.conf
> options {
>          sync (0);
>          chain_hostnames (no);
>          use_dns (no);
>          use_fqdn (no);
>          create_dirs (yes);
>          keep_hostname (yes);
>          dir_owner(syslog);
>          dir_group(syslog);
>          dir_perm(0660);
>          owner(syslog);
>          group(syslog);
>          perm(0660);
>        };
>
> source s_cron { unix-dgram("/dev/cron"); internal(); };
> source s_snmp { unix-dgram("/dev/snmp"); internal(); };
> source s_sys { unix-dgram("/dev/log"); internal(); };
> source s_udp { udp(ip("0.0.0.0") port(514)); };
> source s_udp_s { udp(ip("0.0.0.0") port(601)); };
> source s_tcp { tcp(ip("0.0.0.0") port(601)); };
> source s_tcp1 { tcp(ip("0.0.0.0") port(1026)); };
> source s_tcp2 { tcp(ip("0.0.0.0") port(5140)); };
>
> destination d_cons { file("/data/logs/console" perm(0660)); };
> destination d_mesg { file("/data/logs/syslog.log" perm(0660)); };
> destination d_mail { file("/data/logs/mail.log" perm(0660)); };
> destination d_mlrt { usertty("root"); };
> destination d_mlal { usertty("*"); };
>
> destination allmessages {
> file("/data/logs/$YEAR$MONTH$DAY.allmessages.log" owner(syslog)
> group(syslog) perm(0660)); };
> destination netmessages {
> file("/data/logs/$YEAR$MONTH$DAY.netmessages.log" owner(syslog)
> group(syslog) perm(0660)); };
> destination d_vpn { file("/data/logs/vpn/$YEAR$MONTH$DAY.vpn.log"
> owner(syslog) group(syslog) perm(0660)); };
> destination d_switch {
> file("/data/logs/switch/$YEAR$MONTH$DAY.switch.log" owner(syslog)
> group(syslog) perm(0660)); };
> destination d_router {
> file("/data/logs/router/$YEAR$MONTH$DAY.router.log" owner(syslog)
> group(syslog) perm(0660)); };
> destination d_pixen { file("/data/logs/pixen/$YEAR$MONTH$DAY.pixen.log"
> owner(syslog) group(syslog) perm(0660)); };
> destination d_ids { file("/data/logs/ids/$YEAR$MONTH$DAY.ids.log"
> owner(syslog) group(syslog) perm(0660)); };
>
> destination vpn_pipe { pipe("/data/pipes/vpn_pipe"); };
> # destination net_pipe { pipe("/data/pipes/net_pipe"); };
> destination fire_pipe { pipe("/data/pipes/fire_pipe"); };
>
> filter f_filter1   { facility(mail) and level(debug); };
> filter f_filter2   { (facility(mail) and level(debug)) or level(info);
> };
> filter f_filter3   { level(alert); };
> filter f_filter4   { level(emerg); };
> filter f_fl2r16   { netmask(1.1.253.5/255.255.255.255); };
> filter f_fl2r17   { netmask(1.1.253.6/255.255.255.255); };
> filter f_fl2f12   { netmask(1.1.253.2/255.255.255.255); };
> filter f_fl2f1   { netmask(1.1.253.2/255.255.255.255); };
> filter f_fl2f2   { netmask(1.1.62.10/255.255.255.255); };
> filter f_fl2f11   { netmask(1.1.193.10/255.255.255.255); };
> filter f_fl1f1   { netmask(1.1.253.212/255.255.255.255); };
>
> log { source(s_sys); filter(f_filter1); destination(d_mail); };
> log { source(s_sys); filter(f_filter2); destination(d_mesg); };
> log { source(s_sys); filter(f_filter3); destination(d_cons);
> destination(d_mlrt); };
> log { source(s_sys); filter(f_filter4); destination(d_mlal); };
> # log { source(s_sys); source(s_cron); source(s_snmp); destination
> (allmessages); };
> log { source(s_sys); source(s_cron); destination (allmessages); };
>
> log { source(s_udp); source (s_udp_s); source (s_tcp); source (s_tcp1);
> source (s_tcp2); destination(netmessages); };
>
> # log { source(s_udp); source (s_udp_s); source (s_tcp); source
> (s_tcp1); source (s_tcp2); destination(net_pipe); };
>
> log { source(s_udp); filter(f_fl2r16); filter(f_fl2r17);
> filter(f_fl2f12); destination(vpn_pipe); };
>
> log { source(s_udp); filter(f_fl2r16); filter(f_fl2r17);
> filter(f_fl2f12); destination(d_vpn); };
>
> log { source(s_udp); filter(f_fl2f1); filter(f_fl2f2); filter(f_fl2f11);
> filter(f_fl2f12); filter(f_fl1f1); destination(fire_pipe); };
>
> log { source(s_udp); filter(f_fl2f1); filter(f_fl2f2); filter(f_fl2f11);
> filter(f_fl2f12); filter(f_fl1f1); destination(d_pixen); };
>
> The command I'm running (and I'm TRYING to run it from inittab):
> syslog-ng:23456789:respawn:/usr/local/sbin/syslog-ng -f
> /etc/syslog-ng/syslog-ng.conf -u syslog -g <me> -p /etc/syslog-ng.pid
>

More information about the syslog-ng mailing list