[syslog-ng] Rép. : Re: Question about Syslog

FRANCIS PROVENCHER francis.provencher at msp.gouv.qc.ca
Mon Nov 5 22:34:17 CET 2007

I'v start manualy the syslog-ng service and i received this error;
Nov  5 16:55:03 ServerNAae syslog-ng[4948]: Reaping unused destination
files; template='/var/log/ServerName/$YEAR/$MONTH/$DAY/$HOST.log'
Some one know what is going wrong? This message is repeating numerous
I look for the permission of the user that run de syslog-ng service, it
have rigth to write on partition.
Thanks for your support

Francis Provencher
Ministère de la Sécurité publique du Québec
Direction des technologies de l'information
Division de la sécurité informatique
Tél: 1 418 646-3258
Courriel:   Francis.provencher at Msp.gouv.qc.ca 
CEH - Certified Ethical Hackers
SSCP - System Security Certified Practitionner
Sec+ - Security +

>>> "Geller, Sandor (IT)" <Sandor.Geller at morganstanley.com> 4/11/2007
10:45 >>>


> I'v put the localhost on source, but it's an error, i change 
> it for the Ip adress of the nic that i connect to the tap.
> But syslog call from remote server continu to goes in the 
> /var/log/message instead of 
> /var/log/SPSSOWL1/$YEAR/$MONTH/$DAY/$HOST.log"
> Like it's configure in the syslog-ng.conf.
> Do you want i paste here my syslog-ng.conf ? (i only change 
> source net { udp(ip( port(514)); };  for    source 
> net { udp(ip( port(514)); };

Without looking up the source my first guess would be that the 
problem is caused by having udp() in your configuration twice.
The 'src' and the 'net' sources both have udp(). It is possible
that the second bind was unsuccessful as syslog-ng already has
bound to UDP port. Check your logs whether this is
the case, it should be logged. Optionally remove udp() from
the 'src' source if you're not logging from jails running on
the local machine.



NOTICE: If received in error, please destroy and notify sender. Sender
does not intend to waive confidentiality or privilege. Use of this email
is prohibited when received in error.
syslog-ng maillist  -  syslog-ng at lists.balabit.hu 
Frequently asked questions at http://www.campin.net/syslog-ng/faq.html

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20071105/d9b02a92/attachment.htm 
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Url: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20071105/d9b02a92/attachment.txt 

More information about the syslog-ng mailing list