[syslog-ng] Source-file not working

[fabian marcos]

Hi everyone,
   
  I have a problems with a “source-file”. Syslog-ng can’t read my “source-file”. I don’t know why, please help me.
   
   
  This is my simple syslog-ng.conf file (Vers- 1.6.11) on my Solaris 8 (Sparc.117350-16);
   
  options    { mark(600); sync(0); use_dns(yes); create_dirs(yes);
  };
  source src_tail {
          file("/var/log/syslog-ng/mar" );
          internal();
  };
  source s_local   {
          sun-streams("/dev/log" door("/etc/.syslog_door"));
  };
  destination d_loghost_localhost {
          udp("10.10.10.48" port(514)); file ("/var/log/syslog-ng/$YEAR.$MONTH.$DAY/localhost.log");
  };
  log {
         source(src_tail); source(s_local); destination(d_loghost_localhost) ;
  };
   
   
  I can see on the remote central server log "10.10.10.48" that it is working with the internal messages;
   
  15:11:50.193397 10.10.1.36.33055 > 10.10.10.48.syslog: udp 92 (DF)
  0x0000   4500 0078 df47 4000 fd11 7ec5 0a0a 0124        E..x.G at ...~....$
  0x0010   0a0a 0a30 811f 0202 0064 9f5e 3c34 353e        ...0.....d.^<45>
  0x0020   4f63 7420 2034 2031 353a 3131 3a35 3020        Oct..4.15:11:50.
  0x0030   7372 635f 7461 696c 4061 7070 7331 6d6e        src_tail at testhos
  0x0040   3120 7379 736c 6f67 2d6e 675b 3139 3933        t.syslog-ng[1993
  0x0050   305d                                           0]
   
  I make a test in the local server #logger -p local3.info test1 and I can see the message on tcpdump in the remote server; 
   
  15:22:58.946246 10.10.1.36.33318 > 10.10.10.48.syslog: udp 78 (DF)
  0x0000   4500 006a 014e 4000 fd11 5ccd 0a0a 0124        E..j.N at ...\....$
  0x0010   0a0a 0a30 8226 0202 0056 852d 3c31 3538        ...0.&...V.-<158
  0x0020   3e4f 6374 2020 3420 3135 3a32 323a 3538        >Oct..4.15:22:58
  0x0030   2073 5f6c 6f63 616c 4061 7070 7331 6d6e        .s_local at testhos
  0x0040   3120 6d61 7266 6162 6961 3a20 5b49 4420        t.marcos:.[ID.
  0x0050   3730                                           70
   
  The file destination local is writing only the internal() but nothing about my file “/var/log/syslog-ng/mar” ;
   
  #tail  /var/log/syslog-ng/$YEAR.$MONTH.$DAY/localhost.log
  Oct  4 15:22:54 src_tail at testhost syslog-ng[23738]: syslog-ng version 1.6.11 starting
  Oct  4 15:32:54 src_tail at testhost syslog-ng[23738]: STATS: dropped 0
   
  This test script is running  “while true; do date >>/var/log/syslog-ng/mar; sleep 5; done &” and it is writing every 5 seconds on my “source file” but I can see nothing on the remote host and nothing in local host (root at testhost# snoop -d hme0 10.10.10.48) or local file.
   
  root at testhost # ps -ef|grep syslog
      root 28281     1  0   Sep 19 ?        0:00 /usr/sbin/syslogd
      root 28310     1  1 16:09:21 ?        0:00 /usr/local/sbin/syslog-ng -f /etc/syslog-ng.conf
  root at testhost # ls -la /var/log/syslog-ng/mar
  -rwxrwxrwx   1 root     other      64042 Oct  4 16:09 /var/log/syslog-ng/mar
   
   
   
  Can you help me?
  Thanks in advance,
   
  Marcos Fabian.
   
   
  PS- Also when I include the option “follow_freq(1)” on the syslog-ng.conf ; 
  source s_tail { file("/var/log/apache/access.log" follow_freq(1) flags(no-parse)); };
  I have the next error;
  # /usr/local/sbin/syslog-ng -d -v /etc/syslog-ng.conf
  syntax error at 10
  Parse error reading configuration file, exiting. (line 10)
   

       
---------------------------------
Yahoo! oneSearch: Finally,  mobile search that gives answers, not web links. 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20071008/919606af/attachment.htm