[syslog-ng] port 514 not used

Martin Holste mcholste at gmail.com
Sat Aug 15 19:02:34 CEST 2009 

I believe you need to use YaST's SuSEconfig on SuSE to edit the
system's syslog-ng.conf file or SuSE becomes angry.  In my
environment, I run two versions of Syslog-NG: one basic SuSE version
that ships with the box which I do not edit (so as to not anger the
gods of YaST), and a /usr/local/syslog-ng which has a current major
version and it's own config, which is much more suitable for hackery.
If you're setting up a central log collector, you'll probably find it
beneficial to do it this way, especially if you've got a Linux team
trying to maintain many boxes remotely using YaST as they will
probably clobber your shiny new config at some point or show up to
your cube with a whiffle bat for messing with "their" stuff.  You may
of course edit the syslog-ng.conf.in file as indicated in the file
itself, but I like to keep things separate.  And yes, for the love of
god, use Notepad++ if you must edit things in Windows and pscp them
back and forth.

I would encourage you to use vi on the system to edit
syslog-ng.conf.in, though.  Just remember it's 'i' to begin
inserting/editing text, 'esc' when you're done editing and 'ZZ'
(capitals!) to save and close.  If you screw up, ':q!' will quit
without saving.

--Martin

On Sat, Aug 15, 2009 at 4:36 PM, Matt Pinkham<westphalia at gmail.com> wrote:
> What is all this junk (msftedit and \par)?  Did you copy this file off and
> edit it on a windows machine?  Can you find an the original syslog-ng.conf
> that was shipped with the machine and edit that with 'vi' or something?   Is
> syslog-ng even running?  It probably barfed on this config.. grep for
> syslog-ng in your /var/log/messages and send the last few lines.
>
> {\*\generator Msftedit 5.41.15.1515;}\viewkind4\uc1\pard\f0\fs20 #\par
> # /etc/syslog-ng/syslog-ng.conf\par
> #\par
> # Automatically generated by SuSEconfig on Sat Aug 15 12:16:03 EDT 2009.\par
> #\par
> # PLEASE DO NOT EDIT THIS FILE!\par
> #\par
> # you can modify /etc/syslog-ng/syslog-ng.conf.in instead\par
> #\par
> #\par
> #\par
> # File format description can be found in syslog-ng.conf(5)\par
> # and /usr/share/doc/packages/syslog-ng/syslog-ng.txt.\par
> #\par
> \par
> #\par
> # Global options.\par
> #\par
> options \{ long_hostnames(off); sync(0); perm(0640); stats(3600); \};\par
> \par
> #\par
> # 'src' is our main source definition. you can add\par
> # more sources driver definitions to it, or define\par
> # your own sources, i.e.:\par
> #\par
> #source my_src \{ .... \};\par
> #\par
> source src \{\par
>         #\par
>         # include internal syslog-ng messages\par
>         # note: the internal() soure is required!\par
>         #\par
>         internal();\par
>
>
> On Sat, Aug 15, 2009 at 12:19 PM, <stephen.greenfield at wachovia.com> wrote:
>>
>> I should have sent more detail originally.
>>
>>         system:                        SLES10 PatchLevel 1
>>
>>         release:                syslog-ng-1.6.8-20.18
>>
>>         server function:                syslog server, collecting syslog's
>> from various clients
>>
>>         problem:                want to open port 514 to collect syslog
>> info over network
>>
>>         description:                without changing the default
>> syslog-ng.conf, the server
>>                                 collects local syslog information, I
>> uncomment the udp
>>                                 source entry and restart the daemon.  The
>> syslog-ng
>>                                 then shows listening on various ports,
>> never constant
>>                                 and never port 514.
>>
>>
>>
>> # netstat -anp | grep LISTEN | grep 53
>> unix  2      [ ACC ]     STREAM     LISTENING     5364   2161/acpid
>>    /var/run/acpid.socket
>> unix  2      [ ACC ]     STREAM     LISTENING     5307   2134/resmgrd
>>    /var/run/.resmgr_socket
>>
>>
>>
>> syslog-ng-bounces at lists.balabit.hu wrote on 08/15/2009 11:09:23 AM:
>>
>> > Post your config.  Also, try 'netstat -anp |
>> > grep LISTEN | grep 53' and post that (so there
>> > is no services resolving issue).
>> >
>> > -Matt
>>
>> > On Sat, Aug 15, 2009 at 10:27 AM, <stephen.
>> > greenfield at wachovia.com> wrote:
>> >
>> > I configure syslog-ng to use udp port 514, on
>> > the syslog server receiving log messages.  When
>> > I issue a `netstat -lp | grep syslog` it shows
>> > different ports but never 514.  Any ideas why?
>> >
>> > /steve
>>
>> ______________________________________________________________________________
>> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>> Documentation:
>> http://www.balabit.com/support/documentation/?product=syslog-ng
>> FAQ: http://www.campin.net/syslog-ng/faq.html
>>
>>
>
>
>
> --
> Some men see things as they are and ask why. I see things that never were
> and ask for initiative rolls.
>
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation:
> http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.campin.net/syslog-ng/faq.html
>
>
>

More information about the syslog-ng mailing list