[syslog-ng] Re : Re : Re : Re : Syslogd + Syslog-ng
olivier "madmax"rolland
madmax2010fr at yahoo.fr
Wed Jul 23 15:04:54 CEST 2008
Is syslogd running on your central server? In this case you have to disable syslogd logging from remote (using -s option) .
personally in order to recieve logs from syslogd clients i use this config:
source s_sys {
udp(ip(0.0.0.0) port(514));
};
filter f_sys { level(info..emerg) and not facility(mail); };
destination d_sys {file("/foo/full$DAY.log");};
log { source(s_sys); filter(f_sys) ; destination(d_sys) ;};
----- Message d'origine ----
De : Leandro Ferreira da Silva <ferreira at iqm.unicamp.br>
À : Syslog-ng users' and developers' mailing list <syslog-ng at lists.balabit.hu>
Envoyé le : Mercredi, 23 Juillet 2008, 14h14mn 29s
Objet : Re: [syslog-ng] Re : Re : Re : Syslogd + Syslog-ng
The configuration is the standart, I only do the follow changes.
# sources
source src { unix-dgram("/var/run/log");
unix-dgram("/var/run/logpriv" perm(0600));
udp(); internal(); file("/dev/klog"); };
I add this,
source r_src { udp(ip("client.domain") port(514)); };
I add this,
destination gafanhoto_messages { file("/var/log/gafanhoto/messages"
owner("root") group("wheel") perm(0640)); };
I add this,
log { source(r_src); destination(gafanhoto_messages); };
When I start the syslog-ng..
scorpion# /usr/local/etc/rc.d/syslog-ng start
Starting syslog_ng.
Error binding socket; addr='AF_INET(client.domain:514)',
error='Can\'t assign requested address (49)'
Error initializing source driver; source='r_src'
Could you send us a partial copy of your syslog-ng configuration?
-----
Message d'origine ----
De : Leandro Ferreira da Silva <ferreira at iqm.unicamp.br>
À : syslog-ng at lists.balabit.hu
Envoyé le : Mardi, 22 Juillet 2008, 21h35mn 02s
Objet : Re: [syslog-ng] Re : Re : Syslogd + Syslog-ng
The messages is send to server, the problem is the server that can't
take the messages.
I'm using FreeBSD 7.0 release.
> You can try to launch syslogd in the debug mode and look if your
> messages from the client are really rend to the syslog-ng server.
> What OS do you use?
> ----- Message d'origine ----
> De : Leandro Ferreira da Silva <ferreira at iqm.unicamp.br>
> À : "olivier "madmax"rolland" <madmax2010fr at yahoo.fr>
> Envoyé le : Mardi, 22 Juillet 2008, 19h54mn 28s
> Objet : Re: Re : [syslog-ng] Syslogd + Syslog-ng
>
> The syslogd is correctly configured with *.* @server,
> I can say this because the following command is logging at server.
> tcpdump -nn -i re0 host "machine" and udp port 514
>
> The problem is that in some machines I can't install syslog-ng, so
> these machines have to send their logs through syslogd to the
server
> that is using the syslog-ng.
> Any help?
>
> > First of all I'm not sure that with *.* your syslogd is able
to work,
> > you might user *.debug in order to log all messages from
debug to the
> > maximal level of logging. Secondly if your computer or server
is in a
> > domain you might test the remote logging as
> > *.debug @server.domain_name
> >
> > ----- Message d'origine ----
> > De : Leandro Ferreira da Silva <ferreira at iqm.unicamp.br
> <mailto:ferreira at iqm.unicamp.br>>
> > À : syslog-ng at lists.balabit.hu <mailto:syslog-ng at lists.balabit.hu>
> > Envoyé le : Mardi, 22 Juillet 2008, 0h22mn 35s
> > Objet : [syslog-ng] Syslogd + Syslog-ng
> >
> > Dear Friends.
> >
> > I have some problems.. =P
> > I'm building a log server, I installed the syslog-ng at the
server. The
> > clients has the common syslogd.
> > How Can I do for the syslog-ng receive the messages from
syslogd?
> >
> > The configuration of syslogd.
> > # uncomment this to enable logging to a remote loghost named
loghost
> > *.* @loghost
> >
> > Is this possible?
> > I need to configure of this form, because I can't install and
configure
> > the syslog-ng in all my machines.
> >
> > Thanks for all..
> >
> > Leandro Ferreira
> >
> >
>
______________________________________________________________________________
> > Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> > Documentation:
> > http://www.balabit.com/support/documentation/?product=syslog-ng
> > FAQ: http://www.campin.net/syslog-ng/faq.html
> >
> >
> >
------------------------------------------------------------------------
> > Envoyé avec Yahoo! Mail
> >
> <http://us.rd.yahoo.com/mailuk/taglines/isp/control/*http://us.rd.yahoo.com/evt=52423/*http://fr.docs.yahoo.com/mail/overview/index.html>.
> > Une boite mail plus intelligente.
>
>
>
------------------------------------------------------------------------
> Envoyé avec Yahoo! Mail
> <http://us.rd.yahoo.com/mailuk/taglines/isp/control/*http://us.rd.yahoo.com/evt=52423/*http://fr.docs.yahoo.com/mail/overview/index.html>.
> Une boite mail plus intelligente.
______________________________________________________________________________
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
FAQ: http://www.campin.net/syslog-ng/faq.html
________________________________
Envoyé avec Yahoo!
Mail.
Une boite mail plus intelligente.
________________________________
______________________________________________________________________________
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
FAQ: http://www.campin.net/syslog-ng/faq.html
_____________________________________________________________________________
Envoyez avec Yahoo! Mail. Une boite mail plus intelligente http://mail.yahoo.fr
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20080723/857af527/attachment-0001.htm
More information about the syslog-ng
mailing list