[syslog-ng] syntax error in config-file

andip andip at syndig.com
Tue Dec 15 10:13:29 CET 2009


Hi folks,

I just tried updating syslog-ng to version 3.0.4, from 2.1.4. i use the
gentoo linux-distro, and the new version came into "stable" gentoo a few days
ago.

I'm no syslog-ng expert, but i use it to log quite a few things, so my
config-file it not default.
I've read a bit in the admin-guide, but did not find any reason to my
problem.

i've tried converting my 2.1.4 config-file to the new 3.0.4 version, with no
success. this is parts of my old config-file. ### are comments made to
reflect changes i made for v2 -> v3 conversion
----------------------------------------------------------------------------
options {
	chain_hostnames(off);		 ### changed this to "no"
	sync(0);			 ### changed this to "flush_lines"
	time_sleep(20);
	log_fifo_size (2048);
	create_dirs (yes);
	perm (0640);
	dir_perm (0750);
	stats(43200);			 ### changed this to "stats_freq"
	owner (syslogger);
	group (syslogger);
	perm (0664);
};

source sys {
    unix-stream("/dev/log" max-connections(256));
    internal();
    file("/proc/kmsg");
};

source net { udp(); };

destination clients	{ file ("/var/log/fwlogs/netclients/$HOST"); };
destination console_all { file ("/dev/tty12"); };
destination authlog	{ file ("/var/log/authlog");   };
destination messages	{ file ("/var/log/messages"); };
destination maillog	{ file ("/var/log/maillog"); };
destination ipflog	{ file ("/var/log/ipflog"); };
destination imaplog	{ file ("/var/log/imaplog"); };
destination console	{ file ("/dev/console"); };
destination syslog	{ file ("/var/log/syslog"); };		 ### changed
to _syslog
destination komm	{ file ("/var/log/fwlogs/kommunikasjon-context.log");
};
destination asa 	{ file ("/var/log/fwlogs/asa.log"); };
destination edb 	{ file ("/var/log/fwlogs/edb-pix.log"); };
destination gje 	{ file ("/var/log/fwlogs/gjerdrum.log"); };
destination nes 	{ file ("/var/log/fwlogs/nes.log"); };
destination ull 	{ file ("/var/log/fwlogs/ullensaker.log"); };
destination hur 	{ file ("/var/log/fwlogs/hurdal.log"); };
destination eid 	{ file ("/var/log/fwlogs/eidsvoll.log"); };
destination nan 	{ file ("/var/log/fwlogs/nannestad.log"); };
destination datas	{ file ("/var/log/fwlogs/datasenter-context.log"); };

destination mgmt	{ file ("/var/log/fwlogs/management-context.log"); };

destination wifi	{ file ("/var/log/fwlogs/wifi-context.log"); };
destination aplog	{ file ("/var/log/aplog/aplog.txt"); };

filter aplog	{ host	(10.20.);	};	### this line caused the
syntax error (line 35)
filter gje	{ host	(10.8.30.28);	};
filter nes	{ host	(10.8.30.20);	};
filter ull	{ host	(10.8.30.36);	};
filter hur	{ host	(10.8.30.12);	};
filter eid	{ host	(10.8.30.44);	};
filter nan	{ host	(10.8.30.52);	};
filter datas	{ host	(10.8.0.1);	};
filter mgmt	{ host	(10.8.30.60);	};
filter wifi	{ host	(10.8.30.92);	};
filter asa	{ host	(ASA-R111);	};
filter komm	{ host	(10.8.30.76);	};
filter edb	{ host	(edb-pix);	};

filter emerg	{ level (emerg);	};
filter alert	{ level (alert .. emerg);   };
filter crit	{ level (crit .. emerg);    };
filter err	{ level (err .. emerg);     };
filter warning	{ level (warning .. emerg); };
filter notice	{ level (notice .. emerg);  };
filter info	{ level (info .. emerg);    };
filter debug	{ level (debug .. emerg);   };
filter kern	{ facility (kern);	};
filter user	{ facility (user);	};
filter mail	{ facility (mail);	};
filter daemon	{ facility (daemon);	};
filter auth	{ facility (auth);	};
filter syslog	{ facility (syslog);	};
filter lpr	{ facility (lpr);	};
filter news	{ facility (news);	};
filter uucp	{ facility (uucp);	};
filter cron	{ facility (cron);	};
#filter local0	{ facility (local0);	};
#filter local1	{ facility (local1);	};
#filter local2	{ facility (local2);	};
#filter local3	{ facility (local3);	};
#filter local4	{ facility (local4);	};
#filter local5	{ facility (local5);	};
#filter local6	{ facility (local6);	};
#filter local7	{ facility (local7);	};
filter user_none     { not facility (user);			};
filter kern_debug    { filter (kern) and filter (debug);	};
filter daemon_notice { filter (daemon) and filter (notice);	};
filter mail_crit     { filter (mail) and filter (crit); 	};
filter mesg	     { filter (kern_debug) or
		       filter (daemon_notice) or
		       filter (mail_crit);			};
filter authinfo      { filter (auth) or program (sudo); 	};

log { source (sys);			destination(messages); };
log { source (sys);			destination(console_all); };
log { source (sys); filter (authinfo);	destination (authlog);	};
log { source (sys); filter (mail);	destination (maillog);	};
#log { source (sys); filter (local0);	 destination (ipflog);	 };
#log { source (sys); filter (local1);	 destination (imaplog);  };
log { source (sys); filter (syslog);	destination (syslog);	};
log { source (sys); filter (emerg); filter (user_none);
					destination (console);	};
log { source (sys); filter (mesg); filter (user_none);
					destination (messages); };

log { source (net);			destination (clients); };
log { source (net); filter (komm);	destination (komm);   };
log { source (net); filter (asa);	destination (asa);    };
log { source (net); filter (mgmt);	destination (mgmt);   };
log { source (net); filter (wifi);	destination (wifi);   };
log { source (net); filter (datas);	destination (datas);  };
log { source (net); filter (wifi);	destination (wifi);   };
log { source (net); filter (gje);	destination (gje);    };
log { source (net); filter (nan);	destination (nan);    };
log { source (net); filter (ull);	destination (ull);    };
log { source (net); filter (hur);	destination (hur);    };
log { source (net); filter (eid);	destination (eid);    };
log { source (net); filter (nes);	destination (nes);    };
log { source (net); filter (edb);	destination (edb);    };
log { source (net); filter (aplog);	destination (aplog);  };
#log { source (net); filter (komm); destination (komm); };
----------------------------------------------------------------------
This is the error i got :

syntax error in /etc/syslog-ng/syslog-ng.conf at line 35.

syslog-ng documentation:
http://www.balabit.com/support/documentation/?product=syslog-ng
mailing list: https://lists.balabit.hu/mailman/listinfo/syslog-ng	     
	  
 * Configuration error. Please fix your configfile
(/etc/syslog-ng/syslog-ng.conf)

It is not a very big deal at the moment, as i've reverted back to version
2.1.4, but i'd like to keep my system current, and somewhat up to date. this
server's main function is as a syslogger for a few firewalls though, so i
cannot leave it unable to log for long.

hope someone can help.

cheers
andip


More information about the syslog-ng mailing list