[syslog-ng] syslog-ng.conf problem on HP-UX-11.11
olivier rolland
madmax2010fr at yahoo.fr
Tue Feb 20 17:32:18 CET 2007
You have to put the log device with the pad_size into your system source.
source s_sys {pipe("/dev/log" pad_size(2048));
internal(); };
It's working on my system so you can try.
You can also add the klog device (/dev/klog) with same options than
/dev/log.
Shamim a écrit :
>
> Hi,
> I've compile syslog-ng-2.0.2 on HP-UX-11.11, however messages are not
> going to desired destinations as defined in the syslog-ng.conf .
>
> my syslog-ng.conf
> ---------------------------------------------
> # syslog-ng configuration file.
> #
> # This should behave pretty much like the original syslog on HP-UX. But
> # it could be configured a lot smarter.
> #
> # See syslog-ng(8) and syslog-ng.conf(8) for more information.
> #
> # 20000925 gb at sysfive.com <mailto:gb at sysfive.com>
> options { sync (0);
> time_reopen (10);
> log_fifo_size (1000);
> long_hostnames (off);
> use_dns (no);
> use_fqdn (no);
> create_dirs (no);
> keep_hostname (yes);
> };
> source s_sys {internal();pipe("/dev/log"); };
> destination d_cons { file("/dev/console1"); };
> destination d_mesg { file("/var/adm/syslog/syslog-ng.log"); };
> destination d_mail { file("/var/adm/syslog/mail-ng.log"); };
> destination d_mlrt { usertty("root"); };
> destination d_mlal { usertty("*"); };
> filter f_filter1 { facility(mail) and level(debug); };
> filter f_filter2 { (facility(mail) and level(debug)) or
> level(info); };
> filter f_filter3 { level(alert); };
> filter f_filter4 { level(emerg); };
> log { source(s_sys); destination(d_mail); };
> log { source(s_sys); destination(d_mesg); };
> log { source(s_sys); destination(d_cons);destination(d_mlrt); };
> log { source(s_sys); destination(d_mlal); };
> #
> --------------------------------------------
> Now If I generate message using "logger" utility on system, message
> should go to "/var/adm/syslog/syslog-ng.log", though they are not going...
> Is there anything wrong with .conf file?
>
> What should be the conf file for central server and client on HP-UX?
>
>
> syslog-ng daemon is running like:
> -------------------------------------------------------------------------------
> syslog-ng service starting.
> # ps -eaf |grep syslog-ng
> root 14437 1 0 10:22:30 ? 0:00
> /opt/soe/local/syslog-ng-2.0.2/sbin/syslog-ng -f /opt/soe/local
> #
> ------------------------------------------------------------------------------
>
> Thanks
> Shamim
>
> */syslog-ng-request at lists.balabit.hu/* wrote:
>
> Send syslog-ng mailing list submissions to
> syslog-ng at lists.balabit.hu
>
> To subscribe or unsubscribe via the World Wide Web, visit
> https://lists.balabit.hu/mailman/listinfo/syslog-ng
> or, via email, send a message with subject or body 'help' to
> syslog-ng-request at lists.balabit.hu
>
> You can reach the person managing the list at
> syslog-ng-owner at lists.balabit.hu
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of syslog-ng digest..."
>
>
> Today's Topics:
>
> 1. Re: Is this possible in syslog-ng.conf . (v2.0.2)
> (Balazs Scheidler)
> 2. Re: Setting permissions on log files (Balazs Scheidler)
> 3. Re: Is this possible in syslog-ng.conf . (v2.0.2) (Evan Rempel)
> 4. compilation errors with --enable-spoof-source
> (Ravi Papisetti -X (rpapiset - HCL at Cisco))
> 5. Re: Is this possible in syslog-ng.conf . (v2.0.2)
> (Balazs Scheidler)
> 6. Re: compilation errors with --enable-spoof-source
> (Balazs Scheidler)
> 7. RE: compilation errors with --enable-spoof-source
> (Ravi Papisetti -X (rpapiset - HCL at Cisco))
> 8. RE: compilation errors with --enable-spoof-source
> (Balazs Scheidler)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Mon, 19 Feb 2007 17:14:12 +0100
> From: Balazs Scheidler
> Subject: Re: [syslog-ng] Is this possible in syslog-ng.conf . (v2.0.2)
> To: Syslog-ng users' and developers' mailing list
>
> Message-ID: <1171901652.11781.7.camel at bzorp.balabit>
> Content-Type: text/plain
>
> On Sun, 2007-02-18 at 16:48 -0800, Mr. James W. Laferriere wrote:
>
> > Ok . IMO counter intuitive , Tho reasonable with your explanation .
> > One is very used to the 'source' in FW/router/...'s as being the
> source
> > device(s) IP from where a packet came from .
>
> syslog-ng is not a firewall :) this is sometimes strange to me as
> well,
> being involved in firewall products as well. But putting the joke
> aside,
> syslog-ng is a "syslog message pipe" processor: sources generate
> messages, destinations serve as message sinks. Some filtering here and
> there, that's about syslog-ng's internal structure.
>
> So, naming source as a source is consistent with syslog-ng itself.
>
> > An aside , Can one do the 'Formatting' like my example above ,
> again
> > no examples show up like that , but I am hopeful .
> >
> >
> > > To do that you need the netmask() filter.
> >
> > Next time I'll go looking at the Blog at Gmane first before
> shooting my
> > mouth off . netmask was just the hint I needed .
> > Tho it sure would be nice for netmask() to support the /xx bits
> netmask
> > format .
>
> It does support this format.
>
> --
> Bazsi
>
>
>
> ------------------------------
>
> Message: 2
> Date: Mon, 19 Feb 2007 17:15:57 +0100
> From: Balazs Scheidler
> Subject: Re: [syslog-ng] Setting permissions on log files
> To: Syslog-ng users' and developers' mailing list
>
> Message-ID: <1171901757.11781.10.camel at bzorp.balabit>
> Content-Type: text/plain
>
> On Mon, 2007-02-19 at 01:45 +0000, Bryan Henderson wrote:
> > With the 'file' destination, Syslog-ng modifies the ownership and
> > permissions of the file when it opens it. There are configuration
> > file options to choose what it sets them to, but AFAICT, no way to
> > have Syslog-ng just leave the files as it finds them.
> >
> > I prefer to maintain permissions and ownership separately; I set
> them
> > when I create the file and expect them to stick. Could there be a
> > configuration file option for that?
> >
>
> IIRC, you can use -1 for various options, which means "do not touch".
> But I would need to test it. The code in the C part is there, the only
> question that remains whether the parser accepts "-1" in the place of
> owner/group/permissions.
>
> --
> Bazsi
>
>
>
> ------------------------------
>
> Message: 3
> Date: Mon, 19 Feb 2007 09:02:15 -0800
> From: Evan Rempel
> Subject: Re: [syslog-ng] Is this possible in syslog-ng.conf . (v2.0.2)
> To: "Syslog-ng users' and developers' mailing list"
>
> Message-ID: <45D9D817.7050309 at uvic.ca>
> Content-Type: text/plain; charset=ISO-8859-1; format=flowed
>
> Balazs Scheidler wrote:
> > On Sun, 2007-02-18 at 16:48 -0800, Mr. James W. Laferriere wrote:
> >
> >> Ok . IMO counter intuitive , Tho reasonable with your
> explanation .
> >> One is very used to the 'source' in FW/router/...'s as being
> the source
> >> device(s) IP from where a packet came from .
> >
> > syslog-ng is not a firewall :) this is sometimes strange to me
> as well,
> > being involved in firewall products as well. But putting the
> joke aside,
> > syslog-ng is a "syslog message pipe" processor: sources generate
> > messages, destinations serve as message sinks. Some filtering
> here and
> > there, that's about syslog-ng's internal structure.
> >
> > So, naming source as a source is consistent with syslog-ng itself.
>
> I think that the author of the original comment was refereing to
> the IP address binding
> in the source definition
>
> source network { tcp( ip(xxxx) ); };
>
> where the IP address is NOT the source at all, it is a local IP
> address to bind the listener to.
> Perhaps the syntax should be
>
> source network { tcp( bind(xxxx) ); };
>
> since the bind address MUST be ip since the definition is already
> defined to be tcp.
>
> I think it is a little counter intuitive even within the scope of
> syslog-ng.
>
> Evan.
>
>
> >
> >> An aside , Can one do the 'Formatting' like my example above ,
> again
> >> no examples show up like that , but I am hopeful .
> >>
> >>
> >>> To do that you need the netmask() filter.
> >> Next time I'll go looking at the Blog at Gmane first before
> shooting my
> >> mouth off . netmask was just the hint I needed .
> >> Tho it sure would be nice for netmask() to support the /xx bits
> netmask
> >> format .
> >
> > It does support this format.
> >
>
>
> --
> Evan Rempel erempel at uvic.ca
> Senior Programmer Analyst 250.721.7691
> Computing Services
> University of Victoria
>
>
> ------------------------------
>
> Message: 4
> Date: Mon, 19 Feb 2007 13:09:41 -0600
> From: "Ravi Papisetti -X (rpapiset - HCL at Cisco)"
>
> Subject: [syslog-ng] compilation errors with --enable-spoof-source
> To: "syslog-ng at lists.balabit.hu"
> Message-ID: <5A8F8213-CAC5-4190-A902-FE91C0DC844D at mimectl>
> Content-Type: text/plain; charset="iso-8859-1"
>
> Hi,
>
> I am using syslog-ng 1.6.11 and trying to compile this package with
> ./configure --enable-spoof-source, it throws errors as below
>
> checking whether to enable Sun STREAMS support... yes
> checking whether to enable Sun door support... yes
> checking whether to enable TCP wrapper support... no
> checking whether to enable spoof_source support... ./configure:
> test: too many arguments
> configure: error: libnet-config not found
>
> It compiles fine without --enable-spoof-source this option. Could
> you do the needful.
>
> Thanks,
> Ravi Kumar P.
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL:
> http://lists.balabit.hu/pipermail/syslog-ng/attachments/20070219/dc8ca38e/attachment-0001.html
>
> ------------------------------
>
> Message: 5
> Date: Mon, 19 Feb 2007 20:23:01 +0100
> From: Balazs Scheidler
> Subject: Re: [syslog-ng] Is this possible in syslog-ng.conf . (v2.0.2)
> To: Syslog-ng users' and developers' mailing list
>
> Message-ID: <1171912981.11781.12.camel at bzorp.balabit>
> Content-Type: text/plain
>
> On Mon, 2007-02-19 at 09:02 -0800, Evan Rempel wrote:
> > Balazs Scheidler wrote:
> > > On Sun, 2007-02-18 at 16:48 -0800, Mr. James W. Laferriere wrote:
> > >
> > >> Ok . IMO counter intuitive , Tho reasonable with your
> explanation .
> > >> One is very used to the 'source' in FW/router/...'s as being
> the source
> > >> device(s) IP from where a packet came from .
> > >
> > > syslog-ng is not a firewall :) this is sometimes strange to me
> as well,
> > > being involved in firewall products as well. But putting the
> joke aside,
> > > syslog-ng is a "syslog message pipe" processor: sources generate
> > > messages, destinations serve as message sinks. Some filtering
> here and
> > > there, that's about syslog-ng's internal structure.
> > >
> > > So, naming source as a source is consistent with syslog-ng itself.
> >
> > I think that the author of the original comment was refereing to
> the IP address binding
> > in the source definition
> >
> > source network { tcp( ip(xxxx) ); };
> >
> > where the IP address is NOT the source at all, it is a local IP
> address to bind the listener to.
> > Perhaps the syntax should be
> >
> > source network { tcp( bind(xxxx) ); };
> >
> > since the bind address MUST be ip since the definition is
> already defined to be tcp.
> >
> > I think it is a little counter intuitive even within the scope
> of syslog-ng.
> >
>
> ip is an alias for localip(), but it's true that all examples use
> ip().
>
> --
> Bazsi
>
>
>
> ------------------------------
>
> Message: 6
> Date: Mon, 19 Feb 2007 20:23:34 +0100
> From: Balazs Scheidler
> Subject: Re: [syslog-ng] compilation errors with --enable-spoof-source
> To: Syslog-ng users' and developers' mailing list
>
> Message-ID: <1171913014.11781.14.camel at bzorp.balabit>
> Content-Type: text/plain
>
> On Mon, 2007-02-19 at 13:09 -0600, Ravi Papisetti -X (rpapiset -
> HCL at
> Cisco) wrote:
> > Hi,
> >
> > I am using syslog-ng 1.6.11 and trying to compile this package with
> > ./configure --enable-spoof-source, it throws errors as below
> >
> > checking whether to enable Sun STREAMS support... yes
> > checking whether to enable Sun door support... yes
> > checking whether to enable TCP wrapper support... no
> > checking whether to enable spoof_source support... ./configure:
> test:
> > too many arguments
> > configure: error: libnet-config not found
> >
> > It compiles fine without --enable-spoof-source this option.
> Could you
> > do the needful.
> >
>
> You need libnet in order to compile syslog-ng with spoof source
> support.
>
> --
> Bazsi
>
>
>
> ------------------------------
>
> Message: 7
> Date: Mon, 19 Feb 2007 16:36:42 -0600
> From: "Ravi Papisetti -X (rpapiset - HCL at Cisco)"
>
> Subject: RE: [syslog-ng] compilation errors with --enable-spoof-source
> To: "Syslog-ng users' and developers' mailing list"
>
> Message-ID: <6F4AD076-DD4B-45CE-9B37-8C326CB89BA9 at mimectl>
> Content-Type: text/plain; charset="us-ascii"
>
> An HTML attachment was scrubbed...
> URL:
> http://lists.balabit.hu/pipermail/syslog-ng/attachments/20070219/5f74b573/attachment-0001.htm
>
> ------------------------------
>
> Message: 8
> Date: Tue, 20 Feb 2007 08:59:33 +0000
> From: Balazs Scheidler
> Subject: RE: [syslog-ng] compilation errors with --enable-spoof-source
> To: Syslog-ng users' and developers' mailing list
>
> Message-ID: <1171961973.9887.0.camel at bzorp.balabit>
> Content-Type: text/plain
>
> On Mon, 2007-02-19 at 16:36 -0600, Ravi Papisetti -X (rpapiset -
> HCL at
> Cisco) wrote:
> > Already that is installed in my m/c. Compilations went successful
> > without this option. I understand that libnet is to compile this
> > package.
> >
> > Let us know how to check if Libnet package installation is fine
> in my
> > system or not.
>
> if libnet is installed, you should have a script called libnet-config
> somewhere in your path. that's what the configure script does not
> find.
>
> --
> Bazsi
>
>
>
> ------------------------------
>
> _______________________________________________
> syslog-ng maillist - syslog-ng at lists.balabit.hu
> https://lists.balabit.hu/mailman/listinfo/syslog-ng
>
>
> End of syslog-ng Digest, Vol 22, Issue 21
> *****************************************
>
>
> ------------------------------------------------------------------------
> New Yahoo! Mail is the ultimate force in competitive emailing. Find
> out more at the Yahoo! Mail Championships
> <http://uk.rd.yahoo.com/mail/uk/taglines/default/championships/games/*http://uk.rd.yahoo.com/evt=44106/*http://mail.yahoo.net/uk/>.
> Plus: play games and win prizes.
> ------------------------------------------------------------------------
>
> _______________________________________________
> syslog-ng maillist - syslog-ng at lists.balabit.hu
> https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
>
>
___________________________________________________________________________
Yahoo! Mail réinvente le mail ! Découvrez le nouveau Yahoo! Mail et son interface révolutionnaire.
http://fr.mail.yahoo.com
More information about the syslog-ng
mailing list