[syslog-ng] tcp centralized setup

Geller, Sandor (IT) Sandor.Geller at morganstanley.com
Thu Jul 12 08:47:43 CEST 2007


Hello,

> I had my sys admin install syslog-ng for me, because I can't have root
> access. I wish to set up a syslog-ng listener to collect syslog (TCP)
> messages from cisco routers. I need the existing solaris 9 syslog
> daemon (UDP 514) to remain running. I used a basic conf file
> 
> options {
>         long_hostnames(on);sync(0);stats(43200);dns_cache(yes);
>         use_fqdn(no);keep_hostname(yes);use_dns(yes);
> };
> 
> source tcpgateway {
>         unix-stream("/dev/log");
>         internal();
>         tcp(ip(0.0.0.0) port(514) max_connections(1000));
> };

On Solaris you can't use /dev/log. There is the door mechanism, but
as syslogd is running, you shouldn't use the door as well. Simply
remove unix-stream("/dev/log"); from rhe config.

> destination tcplocalhost {
>         file("/var/tmp/syslog-ng.all");
> };
> 
> log {
>         source(tcpgateway); destination(tcplocalhost);
> };
> 
> I tried to start the syslog-ng daemon and got this error
> 'io.c: bind_unix_socket(): /dev/log not a socket'
> 
> the ls -l of /dev/log shows       /devices/pseudo/log at 0:log
> 
> Is this because I am not running syslog-ng as root ?  What am 
> I doing wrong ?

No, but you might have problems binding to ports lower than 1024 when
you're not root.

Regards,

Sandor
--------------------------------------------------------

NOTICE: If received in error, please destroy and notify sender. Sender does not intend to waive confidentiality or privilege. Use of this email is prohibited when received in error.


More information about the syslog-ng mailing list