[syslog-ng] syslog-ng.conf problem on HP-UX-11.11
Shamim
shamim_99 at yahoo.com
Tue Feb 20 16:17:13 CET 2007
Hi,
I've compile syslog-ng-2.0.2 on HP-UX-11.11, however messages are not going to desired destinations as defined in the syslog-ng.conf .
my syslog-ng.conf
---------------------------------------------
# syslog-ng configuration file.
#
# This should behave pretty much like the original syslog on HP-UX. But
# it could be configured a lot smarter.
#
# See syslog-ng(8) and syslog-ng.conf(8) for more information.
#
# 20000925 gb at sysfive.com
options { sync (0);
time_reopen (10);
log_fifo_size (1000);
long_hostnames (off);
use_dns (no);
use_fqdn (no);
create_dirs (no);
keep_hostname (yes);
};
source s_sys {internal();pipe("/dev/log"); };
destination d_cons { file("/dev/console1"); };
destination d_mesg { file("/var/adm/syslog/syslog-ng.log"); };
destination d_mail { file("/var/adm/syslog/mail-ng.log"); };
destination d_mlrt { usertty("root"); };
destination d_mlal { usertty("*"); };
filter f_filter1 { facility(mail) and level(debug); };
filter f_filter2 { (facility(mail) and level(debug)) or
level(info); };
filter f_filter3 { level(alert); };
filter f_filter4 { level(emerg); };
log { source(s_sys); destination(d_mail); };
log { source(s_sys); destination(d_mesg); };
log { source(s_sys); destination(d_cons);destination(d_mlrt); };
log { source(s_sys); destination(d_mlal); };
#
--------------------------------------------
Now If I generate message using "logger" utility on system, message should go to "/var/adm/syslog/syslog-ng.log", though they are not going...
Is there anything wrong with .conf file?
What should be the conf file for central server and client on HP-UX?
syslog-ng daemon is running like:
-------------------------------------------------------------------------------
syslog-ng service starting.
# ps -eaf |grep syslog-ng
root 14437 1 0 10:22:30 ? 0:00 /opt/soe/local/syslog-ng-2.0.2/sbin/syslog-ng -f /opt/soe/local
#
------------------------------------------------------------------------------
Thanks
Shamim
syslog-ng-request at lists.balabit.hu wrote:
Send syslog-ng mailing list submissions to
syslog-ng at lists.balabit.hu
To subscribe or unsubscribe via the World Wide Web, visit
https://lists.balabit.hu/mailman/listinfo/syslog-ng
or, via email, send a message with subject or body 'help' to
syslog-ng-request at lists.balabit.hu
You can reach the person managing the list at
syslog-ng-owner at lists.balabit.hu
When replying, please edit your Subject line so it is more specific
than "Re: Contents of syslog-ng digest..."
Today's Topics:
1. Re: Is this possible in syslog-ng.conf . (v2.0.2)
(Balazs Scheidler)
2. Re: Setting permissions on log files (Balazs Scheidler)
3. Re: Is this possible in syslog-ng.conf . (v2.0.2) (Evan Rempel)
4. compilation errors with --enable-spoof-source
(Ravi Papisetti -X (rpapiset - HCL at Cisco))
5. Re: Is this possible in syslog-ng.conf . (v2.0.2)
(Balazs Scheidler)
6. Re: compilation errors with --enable-spoof-source
(Balazs Scheidler)
7. RE: compilation errors with --enable-spoof-source
(Ravi Papisetti -X (rpapiset - HCL at Cisco))
8. RE: compilation errors with --enable-spoof-source
(Balazs Scheidler)
----------------------------------------------------------------------
Message: 1
Date: Mon, 19 Feb 2007 17:14:12 +0100
From: Balazs Scheidler
Subject: Re: [syslog-ng] Is this possible in syslog-ng.conf . (v2.0.2)
To: Syslog-ng users' and developers' mailing list
Message-ID: <1171901652.11781.7.camel at bzorp.balabit>
Content-Type: text/plain
On Sun, 2007-02-18 at 16:48 -0800, Mr. James W. Laferriere wrote:
> Ok . IMO counter intuitive , Tho reasonable with your explanation .
> One is very used to the 'source' in FW/router/...'s as being the source
> device(s) IP from where a packet came from .
syslog-ng is not a firewall :) this is sometimes strange to me as well,
being involved in firewall products as well. But putting the joke aside,
syslog-ng is a "syslog message pipe" processor: sources generate
messages, destinations serve as message sinks. Some filtering here and
there, that's about syslog-ng's internal structure.
So, naming source as a source is consistent with syslog-ng itself.
> An aside , Can one do the 'Formatting' like my example above , again
> no examples show up like that , but I am hopeful .
>
>
> > To do that you need the netmask() filter.
>
> Next time I'll go looking at the Blog at Gmane first before shooting my
> mouth off . netmask was just the hint I needed .
> Tho it sure would be nice for netmask() to support the /xx bits netmask
> format .
It does support this format.
--
Bazsi
------------------------------
Message: 2
Date: Mon, 19 Feb 2007 17:15:57 +0100
From: Balazs Scheidler
Subject: Re: [syslog-ng] Setting permissions on log files
To: Syslog-ng users' and developers' mailing list
Message-ID: <1171901757.11781.10.camel at bzorp.balabit>
Content-Type: text/plain
On Mon, 2007-02-19 at 01:45 +0000, Bryan Henderson wrote:
> With the 'file' destination, Syslog-ng modifies the ownership and
> permissions of the file when it opens it. There are configuration
> file options to choose what it sets them to, but AFAICT, no way to
> have Syslog-ng just leave the files as it finds them.
>
> I prefer to maintain permissions and ownership separately; I set them
> when I create the file and expect them to stick. Could there be a
> configuration file option for that?
>
IIRC, you can use -1 for various options, which means "do not touch".
But I would need to test it. The code in the C part is there, the only
question that remains whether the parser accepts "-1" in the place of
owner/group/permissions.
--
Bazsi
------------------------------
Message: 3
Date: Mon, 19 Feb 2007 09:02:15 -0800
From: Evan Rempel
Subject: Re: [syslog-ng] Is this possible in syslog-ng.conf . (v2.0.2)
To: "Syslog-ng users' and developers' mailing list"
Message-ID: <45D9D817.7050309 at uvic.ca>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Balazs Scheidler wrote:
> On Sun, 2007-02-18 at 16:48 -0800, Mr. James W. Laferriere wrote:
>
>> Ok . IMO counter intuitive , Tho reasonable with your explanation .
>> One is very used to the 'source' in FW/router/...'s as being the source
>> device(s) IP from where a packet came from .
>
> syslog-ng is not a firewall :) this is sometimes strange to me as well,
> being involved in firewall products as well. But putting the joke aside,
> syslog-ng is a "syslog message pipe" processor: sources generate
> messages, destinations serve as message sinks. Some filtering here and
> there, that's about syslog-ng's internal structure.
>
> So, naming source as a source is consistent with syslog-ng itself.
I think that the author of the original comment was refereing to the IP address binding
in the source definition
source network { tcp( ip(xxxx) ); };
where the IP address is NOT the source at all, it is a local IP address to bind the listener to.
Perhaps the syntax should be
source network { tcp( bind(xxxx) ); };
since the bind address MUST be ip since the definition is already defined to be tcp.
I think it is a little counter intuitive even within the scope of syslog-ng.
Evan.
>
>> An aside , Can one do the 'Formatting' like my example above , again
>> no examples show up like that , but I am hopeful .
>>
>>
>>> To do that you need the netmask() filter.
>> Next time I'll go looking at the Blog at Gmane first before shooting my
>> mouth off . netmask was just the hint I needed .
>> Tho it sure would be nice for netmask() to support the /xx bits netmask
>> format .
>
> It does support this format.
>
--
Evan Rempel erempel at uvic.ca
Senior Programmer Analyst 250.721.7691
Computing Services
University of Victoria
------------------------------
Message: 4
Date: Mon, 19 Feb 2007 13:09:41 -0600
From: "Ravi Papisetti -X (rpapiset - HCL at Cisco)"
Subject: [syslog-ng] compilation errors with --enable-spoof-source
To: "syslog-ng at lists.balabit.hu"
Message-ID: <5A8F8213-CAC5-4190-A902-FE91C0DC844D at mimectl>
Content-Type: text/plain; charset="iso-8859-1"
Hi,
I am using syslog-ng 1.6.11 and trying to compile this package with
./configure --enable-spoof-source, it throws errors as below
checking whether to enable Sun STREAMS support... yes
checking whether to enable Sun door support... yes
checking whether to enable TCP wrapper support... no
checking whether to enable spoof_source support... ./configure: test: too many arguments
configure: error: libnet-config not found
It compiles fine without --enable-spoof-source this option. Could you do the needful.
Thanks,
Ravi Kumar P.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20070219/dc8ca38e/attachment-0001.html
------------------------------
Message: 5
Date: Mon, 19 Feb 2007 20:23:01 +0100
From: Balazs Scheidler
Subject: Re: [syslog-ng] Is this possible in syslog-ng.conf . (v2.0.2)
To: Syslog-ng users' and developers' mailing list
Message-ID: <1171912981.11781.12.camel at bzorp.balabit>
Content-Type: text/plain
On Mon, 2007-02-19 at 09:02 -0800, Evan Rempel wrote:
> Balazs Scheidler wrote:
> > On Sun, 2007-02-18 at 16:48 -0800, Mr. James W. Laferriere wrote:
> >
> >> Ok . IMO counter intuitive , Tho reasonable with your explanation .
> >> One is very used to the 'source' in FW/router/...'s as being the source
> >> device(s) IP from where a packet came from .
> >
> > syslog-ng is not a firewall :) this is sometimes strange to me as well,
> > being involved in firewall products as well. But putting the joke aside,
> > syslog-ng is a "syslog message pipe" processor: sources generate
> > messages, destinations serve as message sinks. Some filtering here and
> > there, that's about syslog-ng's internal structure.
> >
> > So, naming source as a source is consistent with syslog-ng itself.
>
> I think that the author of the original comment was refereing to the IP address binding
> in the source definition
>
> source network { tcp( ip(xxxx) ); };
>
> where the IP address is NOT the source at all, it is a local IP address to bind the listener to.
> Perhaps the syntax should be
>
> source network { tcp( bind(xxxx) ); };
>
> since the bind address MUST be ip since the definition is already defined to be tcp.
>
> I think it is a little counter intuitive even within the scope of syslog-ng.
>
ip is an alias for localip(), but it's true that all examples use ip().
--
Bazsi
------------------------------
Message: 6
Date: Mon, 19 Feb 2007 20:23:34 +0100
From: Balazs Scheidler
Subject: Re: [syslog-ng] compilation errors with --enable-spoof-source
To: Syslog-ng users' and developers' mailing list
Message-ID: <1171913014.11781.14.camel at bzorp.balabit>
Content-Type: text/plain
On Mon, 2007-02-19 at 13:09 -0600, Ravi Papisetti -X (rpapiset - HCL at
Cisco) wrote:
> Hi,
>
> I am using syslog-ng 1.6.11 and trying to compile this package with
> ./configure --enable-spoof-source, it throws errors as below
>
> checking whether to enable Sun STREAMS support... yes
> checking whether to enable Sun door support... yes
> checking whether to enable TCP wrapper support... no
> checking whether to enable spoof_source support... ./configure: test:
> too many arguments
> configure: error: libnet-config not found
>
> It compiles fine without --enable-spoof-source this option. Could you
> do the needful.
>
You need libnet in order to compile syslog-ng with spoof source support.
--
Bazsi
------------------------------
Message: 7
Date: Mon, 19 Feb 2007 16:36:42 -0600
From: "Ravi Papisetti -X (rpapiset - HCL at Cisco)"
Subject: RE: [syslog-ng] compilation errors with --enable-spoof-source
To: "Syslog-ng users' and developers' mailing list"
Message-ID: <6F4AD076-DD4B-45CE-9B37-8C326CB89BA9 at mimectl>
Content-Type: text/plain; charset="us-ascii"
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20070219/5f74b573/attachment-0001.htm
------------------------------
Message: 8
Date: Tue, 20 Feb 2007 08:59:33 +0000
From: Balazs Scheidler
Subject: RE: [syslog-ng] compilation errors with --enable-spoof-source
To: Syslog-ng users' and developers' mailing list
Message-ID: <1171961973.9887.0.camel at bzorp.balabit>
Content-Type: text/plain
On Mon, 2007-02-19 at 16:36 -0600, Ravi Papisetti -X (rpapiset - HCL at
Cisco) wrote:
> Already that is installed in my m/c. Compilations went successful
> without this option. I understand that libnet is to compile this
> package.
>
> Let us know how to check if Libnet package installation is fine in my
> system or not.
if libnet is installed, you should have a script called libnet-config
somewhere in your path. that's what the configure script does not find.
--
Bazsi
------------------------------
_______________________________________________
syslog-ng maillist - syslog-ng at lists.balabit.hu
https://lists.balabit.hu/mailman/listinfo/syslog-ng
End of syslog-ng Digest, Vol 22, Issue 21
*****************************************
---------------------------------
New Yahoo! Mail is the ultimate force in competitive emailing. Find out more at the Yahoo! Mail Championships. Plus: play games and win prizes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20070220/a53601f7/attachment.html
More information about the syslog-ng
mailing list