[syslog-ng] Rép. : Re: Question about Syslog
Geller, Sandor (IT)
Sandor.Geller at morganstanley.com
Sun Nov 4 16:45:38 CET 2007
Hi,
> I'v put the localhost on source, but it's an error, i change
> it for the Ip adress of the nic that i connect to the tap.
>
> But syslog call from remote server continu to goes in the
> /var/log/message instead of
> /var/log/SPSSOWL1/$YEAR/$MONTH/$DAY/$HOST.log"
>
> Like it's configure in the syslog-ng.conf.
>
> Do you want i paste here my syslog-ng.conf ? (i only change
> source net { udp(ip(127.0.0.1) port(514)); }; for source
> net { udp(ip(192.168.33.8) port(514)); };
Without looking up the source my first guess would be that the
problem is caused by having udp() in your configuration twice.
The 'src' and the 'net' sources both have udp(). It is possible
that the second bind was unsuccessful as syslog-ng already has
bound to 0.0.0.0:514 UDP port. Check your logs whether this is
the case, it should be logged. Optionally remove udp() from
the 'src' source if you're not logging from jails running on
the local machine.
Regards,
Sandor
--------------------------------------------------------
NOTICE: If received in error, please destroy and notify sender. Sender does not intend to waive confidentiality or privilege. Use of this email is prohibited when received in error.
More information about the syslog-ng
mailing list