[syslog-ng] syslog-ng.conf problem on HP-UX-11.11

olivier rolland madmax2010fr at yahoo.fr
Tue Feb 20 17:32:18 CET 2007


You have to put the log device with the pad_size into your system source.
source s_sys {pipe("/dev/log" pad_size(2048));
                        internal(); };
It's working on my system so you can try.
You can also add the klog device (/dev/klog) with same options than 
/dev/log.
 
Shamim a écrit :
>  
> Hi,
> I've compile syslog-ng-2.0.2 on HP-UX-11.11, however messages are not 
> going to desired destinations as  defined in the syslog-ng.conf .
>  
> my syslog-ng.conf
> ---------------------------------------------
> # syslog-ng configuration file.
> #
> # This should behave pretty much like the original syslog on HP-UX. But
> # it could be configured a lot smarter.
> #
> # See syslog-ng(8) and syslog-ng.conf(8) for more information.
> #
> # 20000925 gb at sysfive.com <mailto:gb at sysfive.com>
> options { sync (0);
>           time_reopen (10);
>           log_fifo_size (1000);
>           long_hostnames (off);
>           use_dns (no);
>           use_fqdn (no);
>           create_dirs (no);
>           keep_hostname (yes);
>         };
> source s_sys {internal();pipe("/dev/log"); };
> destination d_cons { file("/dev/console1"); };
> destination d_mesg { file("/var/adm/syslog/syslog-ng.log"); };
> destination d_mail { file("/var/adm/syslog/mail-ng.log"); };
> destination d_mlrt { usertty("root"); };
> destination d_mlal { usertty("*"); };
> filter f_filter1   { facility(mail) and level(debug); };
> filter f_filter2   { (facility(mail) and level(debug)) or
>                      level(info); };
> filter f_filter3   { level(alert); };
> filter f_filter4   { level(emerg); };
> log { source(s_sys);  destination(d_mail); };
> log { source(s_sys); destination(d_mesg); };
> log { source(s_sys); destination(d_cons);destination(d_mlrt); };
> log { source(s_sys);  destination(d_mlal); };
> #
> --------------------------------------------
> Now If I generate message using "logger"  utility on system, message 
> should go to "/var/adm/syslog/syslog-ng.log", though they are not going...
> Is there anything wrong with .conf file?
>  
> What should be the conf file for  central server and client on HP-UX?
>  
>  
> syslog-ng daemon is running like:
> -------------------------------------------------------------------------------
> syslog-ng service starting.
> # ps -eaf |grep syslog-ng
>     root 14437     1  0 10:22:30 ?         0:00 
> /opt/soe/local/syslog-ng-2.0.2/sbin/syslog-ng -f /opt/soe/local
> #
> ------------------------------------------------------------------------------
>  
> Thanks
> Shamim
>
> */syslog-ng-request at lists.balabit.hu/* wrote:
>
>     Send syslog-ng mailing list submissions to
>     syslog-ng at lists.balabit.hu
>
>     To subscribe or unsubscribe via the World Wide Web, visit
>     https://lists.balabit.hu/mailman/listinfo/syslog-ng
>     or, via email, send a message with subject or body 'help' to
>     syslog-ng-request at lists.balabit.hu
>
>     You can reach the person managing the list at
>     syslog-ng-owner at lists.balabit.hu
>
>     When replying, please edit your Subject line so it is more specific
>     than "Re: Contents of syslog-ng digest..."
>
>
>     Today's Topics:
>
>     1. Re: Is this possible in syslog-ng.conf . (v2.0.2)
>     (Balazs Scheidler)
>     2. Re: Setting permissions on log files (Balazs Scheidler)
>     3. Re: Is this possible in syslog-ng.conf . (v2.0.2) (Evan Rempel)
>     4. compilation errors with --enable-spoof-source
>     (Ravi Papisetti -X (rpapiset - HCL at Cisco))
>     5. Re: Is this possible in syslog-ng.conf . (v2.0.2)
>     (Balazs Scheidler)
>     6. Re: compilation errors with --enable-spoof-source
>     (Balazs Scheidler)
>     7. RE: compilation errors with --enable-spoof-source
>     (Ravi Papisetti -X (rpapiset - HCL at Cisco))
>     8. RE: compilation errors with --enable-spoof-source
>     (Balazs Scheidler)
>
>
>     ----------------------------------------------------------------------
>
>     Message: 1
>     Date: Mon, 19 Feb 2007 17:14:12 +0100
>     From: Balazs Scheidler
>     Subject: Re: [syslog-ng] Is this possible in syslog-ng.conf . (v2.0.2)
>     To: Syslog-ng users' and developers' mailing list
>
>     Message-ID: <1171901652.11781.7.camel at bzorp.balabit>
>     Content-Type: text/plain
>
>     On Sun, 2007-02-18 at 16:48 -0800, Mr. James W. Laferriere wrote:
>
>     > Ok . IMO counter intuitive , Tho reasonable with your explanation .
>     > One is very used to the 'source' in FW/router/...'s as being the
>     source
>     > device(s) IP from where a packet came from .
>
>     syslog-ng is not a firewall :) this is sometimes strange to me as
>     well,
>     being involved in firewall products as well. But putting the joke
>     aside,
>     syslog-ng is a "syslog message pipe" processor: sources generate
>     messages, destinations serve as message sinks. Some filtering here and
>     there, that's about syslog-ng's internal structure.
>
>     So, naming source as a source is consistent with syslog-ng itself.
>
>     > An aside , Can one do the 'Formatting' like my example above ,
>     again
>     > no examples show up like that , but I am hopeful .
>     >
>     >
>     > > To do that you need the netmask() filter.
>     >
>     > Next time I'll go looking at the Blog at Gmane first before
>     shooting my
>     > mouth off . netmask was just the hint I needed .
>     > Tho it sure would be nice for netmask() to support the /xx bits
>     netmask
>     > format .
>
>     It does support this format.
>
>     -- 
>     Bazsi
>
>
>
>     ------------------------------
>
>     Message: 2
>     Date: Mon, 19 Feb 2007 17:15:57 +0100
>     From: Balazs Scheidler
>     Subject: Re: [syslog-ng] Setting permissions on log files
>     To: Syslog-ng users' and developers' mailing list
>
>     Message-ID: <1171901757.11781.10.camel at bzorp.balabit>
>     Content-Type: text/plain
>
>     On Mon, 2007-02-19 at 01:45 +0000, Bryan Henderson wrote:
>     > With the 'file' destination, Syslog-ng modifies the ownership and
>     > permissions of the file when it opens it. There are configuration
>     > file options to choose what it sets them to, but AFAICT, no way to
>     > have Syslog-ng just leave the files as it finds them.
>     >
>     > I prefer to maintain permissions and ownership separately; I set
>     them
>     > when I create the file and expect them to stick. Could there be a
>     > configuration file option for that?
>     >
>
>     IIRC, you can use -1 for various options, which means "do not touch".
>     But I would need to test it. The code in the C part is there, the only
>     question that remains whether the parser accepts "-1" in the place of
>     owner/group/permissions.
>
>     -- 
>     Bazsi
>
>
>
>     ------------------------------
>
>     Message: 3
>     Date: Mon, 19 Feb 2007 09:02:15 -0800
>     From: Evan Rempel
>     Subject: Re: [syslog-ng] Is this possible in syslog-ng.conf . (v2.0.2)
>     To: "Syslog-ng users' and developers' mailing list"
>
>     Message-ID: <45D9D817.7050309 at uvic.ca>
>     Content-Type: text/plain; charset=ISO-8859-1; format=flowed
>
>     Balazs Scheidler wrote:
>     > On Sun, 2007-02-18 at 16:48 -0800, Mr. James W. Laferriere wrote:
>     >
>     >> Ok . IMO counter intuitive , Tho reasonable with your
>     explanation .
>     >> One is very used to the 'source' in FW/router/...'s as being
>     the source
>     >> device(s) IP from where a packet came from .
>     >
>     > syslog-ng is not a firewall :) this is sometimes strange to me
>     as well,
>     > being involved in firewall products as well. But putting the
>     joke aside,
>     > syslog-ng is a "syslog message pipe" processor: sources generate
>     > messages, destinations serve as message sinks. Some filtering
>     here and
>     > there, that's about syslog-ng's internal structure.
>     >
>     > So, naming source as a source is consistent with syslog-ng itself.
>
>     I think that the author of the original comment was refereing to
>     the IP address binding
>     in the source definition
>
>     source network { tcp( ip(xxxx) ); };
>
>     where the IP address is NOT the source at all, it is a local IP
>     address to bind the listener to.
>     Perhaps the syntax should be
>
>     source network { tcp( bind(xxxx) ); };
>
>     since the bind address MUST be ip since the definition is already
>     defined to be tcp.
>
>     I think it is a little counter intuitive even within the scope of
>     syslog-ng.
>
>     Evan.
>
>
>     >
>     >> An aside , Can one do the 'Formatting' like my example above ,
>     again
>     >> no examples show up like that , but I am hopeful .
>     >>
>     >>
>     >>> To do that you need the netmask() filter.
>     >> Next time I'll go looking at the Blog at Gmane first before
>     shooting my
>     >> mouth off . netmask was just the hint I needed .
>     >> Tho it sure would be nice for netmask() to support the /xx bits
>     netmask
>     >> format .
>     >
>     > It does support this format.
>     >
>
>
>     -- 
>     Evan Rempel erempel at uvic.ca
>     Senior Programmer Analyst 250.721.7691
>     Computing Services
>     University of Victoria
>
>
>     ------------------------------
>
>     Message: 4
>     Date: Mon, 19 Feb 2007 13:09:41 -0600
>     From: "Ravi Papisetti -X (rpapiset - HCL at Cisco)"
>
>     Subject: [syslog-ng] compilation errors with --enable-spoof-source
>     To: "syslog-ng at lists.balabit.hu"
>     Message-ID: <5A8F8213-CAC5-4190-A902-FE91C0DC844D at mimectl>
>     Content-Type: text/plain; charset="iso-8859-1"
>
>     Hi,
>
>     I am using syslog-ng 1.6.11 and trying to compile this package with
>     ./configure --enable-spoof-source, it throws errors as below
>
>     checking whether to enable Sun STREAMS support... yes
>     checking whether to enable Sun door support... yes
>     checking whether to enable TCP wrapper support... no
>     checking whether to enable spoof_source support... ./configure:
>     test: too many arguments
>     configure: error: libnet-config not found
>
>     It compiles fine without --enable-spoof-source this option. Could
>     you do the needful.
>
>     Thanks,
>     Ravi Kumar P.
>     -------------- next part --------------
>     An HTML attachment was scrubbed...
>     URL:
>     http://lists.balabit.hu/pipermail/syslog-ng/attachments/20070219/dc8ca38e/attachment-0001.html
>
>     ------------------------------
>
>     Message: 5
>     Date: Mon, 19 Feb 2007 20:23:01 +0100
>     From: Balazs Scheidler
>     Subject: Re: [syslog-ng] Is this possible in syslog-ng.conf . (v2.0.2)
>     To: Syslog-ng users' and developers' mailing list
>
>     Message-ID: <1171912981.11781.12.camel at bzorp.balabit>
>     Content-Type: text/plain
>
>     On Mon, 2007-02-19 at 09:02 -0800, Evan Rempel wrote:
>     > Balazs Scheidler wrote:
>     > > On Sun, 2007-02-18 at 16:48 -0800, Mr. James W. Laferriere wrote:
>     > >
>     > >> Ok . IMO counter intuitive , Tho reasonable with your
>     explanation .
>     > >> One is very used to the 'source' in FW/router/...'s as being
>     the source
>     > >> device(s) IP from where a packet came from .
>     > >
>     > > syslog-ng is not a firewall :) this is sometimes strange to me
>     as well,
>     > > being involved in firewall products as well. But putting the
>     joke aside,
>     > > syslog-ng is a "syslog message pipe" processor: sources generate
>     > > messages, destinations serve as message sinks. Some filtering
>     here and
>     > > there, that's about syslog-ng's internal structure.
>     > >
>     > > So, naming source as a source is consistent with syslog-ng itself.
>     >
>     > I think that the author of the original comment was refereing to
>     the IP address binding
>     > in the source definition
>     >
>     > source network { tcp( ip(xxxx) ); };
>     >
>     > where the IP address is NOT the source at all, it is a local IP
>     address to bind the listener to.
>     > Perhaps the syntax should be
>     >
>     > source network { tcp( bind(xxxx) ); };
>     >
>     > since the bind address MUST be ip since the definition is
>     already defined to be tcp.
>     >
>     > I think it is a little counter intuitive even within the scope
>     of syslog-ng.
>     >
>
>     ip is an alias for localip(), but it's true that all examples use
>     ip().
>
>     -- 
>     Bazsi
>
>
>
>     ------------------------------
>
>     Message: 6
>     Date: Mon, 19 Feb 2007 20:23:34 +0100
>     From: Balazs Scheidler
>     Subject: Re: [syslog-ng] compilation errors with --enable-spoof-source
>     To: Syslog-ng users' and developers' mailing list
>
>     Message-ID: <1171913014.11781.14.camel at bzorp.balabit>
>     Content-Type: text/plain
>
>     On Mon, 2007-02-19 at 13:09 -0600, Ravi Papisetti -X (rpapiset -
>     HCL at
>     Cisco) wrote:
>     > Hi,
>     >
>     > I am using syslog-ng 1.6.11 and trying to compile this package with
>     > ./configure --enable-spoof-source, it throws errors as below
>     >
>     > checking whether to enable Sun STREAMS support... yes
>     > checking whether to enable Sun door support... yes
>     > checking whether to enable TCP wrapper support... no
>     > checking whether to enable spoof_source support... ./configure:
>     test:
>     > too many arguments
>     > configure: error: libnet-config not found
>     >
>     > It compiles fine without --enable-spoof-source this option.
>     Could you
>     > do the needful.
>     >
>
>     You need libnet in order to compile syslog-ng with spoof source
>     support.
>
>     -- 
>     Bazsi
>
>
>
>     ------------------------------
>
>     Message: 7
>     Date: Mon, 19 Feb 2007 16:36:42 -0600
>     From: "Ravi Papisetti -X (rpapiset - HCL at Cisco)"
>
>     Subject: RE: [syslog-ng] compilation errors with --enable-spoof-source
>     To: "Syslog-ng users' and developers' mailing list"
>
>     Message-ID: <6F4AD076-DD4B-45CE-9B37-8C326CB89BA9 at mimectl>
>     Content-Type: text/plain; charset="us-ascii"
>
>     An HTML attachment was scrubbed...
>     URL:
>     http://lists.balabit.hu/pipermail/syslog-ng/attachments/20070219/5f74b573/attachment-0001.htm
>
>     ------------------------------
>
>     Message: 8
>     Date: Tue, 20 Feb 2007 08:59:33 +0000
>     From: Balazs Scheidler
>     Subject: RE: [syslog-ng] compilation errors with --enable-spoof-source
>     To: Syslog-ng users' and developers' mailing list
>
>     Message-ID: <1171961973.9887.0.camel at bzorp.balabit>
>     Content-Type: text/plain
>
>     On Mon, 2007-02-19 at 16:36 -0600, Ravi Papisetti -X (rpapiset -
>     HCL at
>     Cisco) wrote:
>     > Already that is installed in my m/c. Compilations went successful
>     > without this option. I understand that libnet is to compile this
>     > package.
>     >
>     > Let us know how to check if Libnet package installation is fine
>     in my
>     > system or not.
>
>     if libnet is installed, you should have a script called libnet-config
>     somewhere in your path. that's what the configure script does not
>     find.
>
>     -- 
>     Bazsi
>
>
>
>     ------------------------------
>
>     _______________________________________________
>     syslog-ng maillist - syslog-ng at lists.balabit.hu
>     https://lists.balabit.hu/mailman/listinfo/syslog-ng
>
>
>     End of syslog-ng Digest, Vol 22, Issue 21
>     *****************************************
>
>
> ------------------------------------------------------------------------
> New Yahoo! Mail is the ultimate force in competitive emailing. Find 
> out more at the Yahoo! Mail Championships 
> <http://uk.rd.yahoo.com/mail/uk/taglines/default/championships/games/*http://uk.rd.yahoo.com/evt=44106/*http://mail.yahoo.net/uk/>. 
> Plus: play games and win prizes.
> ------------------------------------------------------------------------
>
> _______________________________________________
> syslog-ng maillist  -  syslog-ng at lists.balabit.hu
> https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
>
>   

	

	
		
___________________________________________________________________________ 
Yahoo! Mail réinvente le mail ! Découvrez le nouveau Yahoo! Mail et son interface révolutionnaire.
http://fr.mail.yahoo.com


More information about the syslog-ng mailing list