[syslog-ng] newbie
Balazs Scheidler
bazsi at balabit.hu
Wed Dec 10 23:41:49 CET 2008
On Wed, 2008-12-10 at 14:13 -0600, McGranahan, Jamen wrote:
> Ok, I guess I’m just too used to the Windows environment that I’m
> having a hard time adjusting to command line interfaces. Here’s the
> deal: I need to get syslog-ng running on my server. I think I have it
> installed, downloading the file from sunfreeware.com, putting the file
> in the /var/spool/pkg directory (file =
> syslogng-2.0.9-sol10-sparc-local.gz). I then used the pkgadd –d
> command to install it, which seemed to be fine. But where do I go from
> here? Has it started or do I need to manually start it? I’m also
> looking for a syslog-ng.conf file in order to modify it – I’m using
> this to push log data to another server, and according to the central
> logging program we are using, I need to modify this file like this:
>
> options {
> use_fqdn(yes);
> log_fifo_size(8192);
> };
>
> source local {
> file("/var/log/messages");
> udp(ip(127.0.0.1) port(514));
> internal();
> };
>
> filter notdebug {
> level(info...emerg);
> }
>
> destination loghost {
> tcp("name.of.yoursplunkserver" port (9514));
> };
>
> log {
> source(local);
> filter(notdebug);
> destination(loghost);
> };
>
>
>
> Any advice/or guidance is greatly appreciated. I know the more I use
> these Unix boxes, the more I’ll learn…
Depending on the binary, your configuration file location may vary. I
also don't know whether the package you used installs an init script at
all.
The configuration file is usually at /etc/syslog-ng/syslog-ng.conf, but
it can also reside under /opt/syslog-ng/etc (depends on the compilation
options).
If you start syslog-ng by hand:
/sbin/syslog-ng -Fedv
It should display if it cannot read its configuration file
the arguments -Fedv are:
-F for foreground
-e for logging messages to stderr
-d for enabling debug
-v for enabling verbose messages
You can also explicitly specify the configuration file using the -f
switch.
Please note that your configuration file lacks the source that would
collect local messages. If your package contains the file named
"INSTALL" that should give you more information.
--
Bazsi
More information about the syslog-ng
mailing list