[syslog-ng] Syslogd and syslog-ng
Rocco Scappatura
Rocco.Scappatura at infracom.it
Wed Dec 9 18:09:35 CET 2009
Hello,
I'm configuring a centralized loghost (SLES 10 SP3) based on syslog-ng,
for collecting mail log of different clients.
Several machine which are entitled to log its mail logs on the central
loghost (Debian), still use old syslogd as logger system.
I configured one of this to send its mail logs to the loghost putting:
mail.* @syslogmi01.local
in /etc/syslog.conf file and restarted the service. Moreover on the
loghost I set:
source mail_gateway_src {
udp(ip("0.0.0.0") port(514));
};
filter ernesto_mail_f { facility(mail); };
destination d_ernesto_mail { file("/var/log/ernesto_mail"); };
log {
source(mail_gateway_src);
filter(ernesto_mail_f);
destination(d_ernesto_mail);
};
And restarted it.
But no file are created and so no log are saved on the loghost.
With tcpdump I see the the log comes on the loghost, but syslog doesn't
want to catch them.
# tcpdump -vvv host 192.168.252.107 and port 514
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 96
bytes
18:04:57.046952 IP (tos 0x0, ttl 64, id 3157, offset 0, flags [DF],
proto: UDP (17), length: 358) 192.168.252.107.syslog >
syslogmi01.local.syslog: SYSLOG, length: 330
Facility mail (2), Severity info (6)
Msg: postfix/smtpd[30946]: NOQUEUE: reject: RCPT from u[|syslog]
18:04:57.046962 IP (tos 0x0, ttl 64, id 3158, offset 0, flags [DF],
proto: UDP (17), length: 360) 192.168.252.107.syslog >
syslogmi01.local.syslog: SYSLOG, length: 332
I saw that the logs coming from Debian machine (so using syslogd) miss
of timestamp and host name that generates host. Could be this a source
of incompatibility between syslogd and syslog-ng? Or there is something
that I'm wrong?
Thanks in advance,
rocsca
More information about the syslog-ng
mailing list