[syslog-ng] Client forwarding to server

Thu Aug 30 17:25:34 CEST 2007

> looks like you have not configured a source listening on the ip
> w.x.y.z and port 5140 on the server which should receive the syslog
> messages .... and of course you are only using w.x.y.z and not a valid
> ip adress do not reveal the ip to us ;-)
> 
> in the servers syslo-ng config you have to configure:
> 
> source loghost { tcp( ip(w.x.y.z) port(5140)); };
> 
> ... don't hesitate to read the manual ... it's good ;-)

But I do have the "source loghost..." on the server side, not on the client
side.  Here's my syslog-ng.conf on the server side (server1).  I read the
manual but I'm not comprehending some of the explanations :-)  I read the
"Configuring syslog-ng client" but it gives a list of "to do" rather than "how
to."

syslog-ng 2.0.4, Solaris 10, client side is running MP (multi-path, and I'm not
sure if MP causes any problem?)

SERVER SIDE
#####################################################################

options {
        long_hostnames(off);
        log_msg_size(8192);
        sync(1);
        log_fifo_size(2048); 
        bad_hostname("^(ctld.|cmd|tmd|last)$");
        time_reopen(10);
};

#####################################################################

source src { sun-stream("/dev/log" door("/etc/.syslog_door")); internal(); };
source loghost { tcp(ip(192.168.1.11) port(5140)); };
source s_tcp { tcp(port(5140) keep-alive(yes) max_connections(100)); };

destination syslog { file("/var/log/syslog"); };
destination mail   { file("/var/log/syslog"); };
destination messages { file("/var/adm/messages"); };

filter f_mail { facility(mail); };
filter f_not_mail { not facility(mail); };

# log { source(loghost); };
log { source(src); filter(f_mail); destination(syslog); };
log { source(src); filter(f_not_mail); destination(messages); };

CLIENT SIDE
#####################################################################

options {
        long_hostnames(off);
        log_msg_size(8192);
        sync(1);
        log_fifo_size(2048);
        bad_hostname("^(ctld.|cmd|tmd|last)$");
        time_reopen(10);
};

#####################################################################

source src { sun-stream("/dev/log" door("/etc/.syslog_door")); internal(); };

destination syslog { file("/var/log/syslog"); };
# destination mail   { file("/var/log/syslog"); };
destination messages { file("/var/adm/messages"); };
destination loghost { tcp("192.168.1.11" port(5140)); };

filter f_mail { facility(mail); };
filter f_not_mail { not facility(mail); };

# log { source(loghost); };
log { source(src); filter(f_mail); destination(syslog); };
log { source(src); filter(f_not_mail); destination(messages); };

source s_localhost { tcp(ip(127.0.0.1) port(5140) ); };
log { source(s_localhost); destination(loghost); };

____________________________________________________________________________________Ready for the edge of your seat? 
Check out tonight's top picks on Yahoo! TV. 
http://tv.yahoo.com/