[syslog-ng] syntax error in config-file

Pallagi Zoltán pzolee at balabit.hu
Tue Dec 15 10:43:10 CET 2009 

Hi,

In syslog-ng 3.0, "syslog" became a reserved word and you have a 
destination and a filter called "syslog" in your config.
Please rename them and it will work

andip írta:
> Hi folks,
>
> I just tried updating syslog-ng to version 3.0.4, from 2.1.4. i use the
> gentoo linux-distro, and the new version came into "stable" gentoo a few days
> ago.
>
> I'm no syslog-ng expert, but i use it to log quite a few things, so my
> config-file it not default.
> I've read a bit in the admin-guide, but did not find any reason to my
> problem.
>
> i've tried converting my 2.1.4 config-file to the new 3.0.4 version, with no
> success. this is parts of my old config-file. ### are comments made to
> reflect changes i made for v2 -> v3 conversion
> ----------------------------------------------------------------------------
> options {
> 	chain_hostnames(off);		 ### changed this to "no"
> 	sync(0);			 ### changed this to "flush_lines"
> 	time_sleep(20);
> 	log_fifo_size (2048);
> 	create_dirs (yes);
> 	perm (0640);
> 	dir_perm (0750);
> 	stats(43200);			 ### changed this to "stats_freq"
> 	owner (syslogger);
> 	group (syslogger);
> 	perm (0664);
> };
>
> source sys {
>     unix-stream("/dev/log" max-connections(256));
>     internal();
>     file("/proc/kmsg");
> };
>
> source net { udp(); };
>
> destination clients	{ file ("/var/log/fwlogs/netclients/$HOST"); };
> destination console_all { file ("/dev/tty12"); };
> destination authlog	{ file ("/var/log/authlog");   };
> destination messages	{ file ("/var/log/messages"); };
> destination maillog	{ file ("/var/log/maillog"); };
> destination ipflog	{ file ("/var/log/ipflog"); };
> destination imaplog	{ file ("/var/log/imaplog"); };
> destination console	{ file ("/dev/console"); };
> destination syslog	{ file ("/var/log/syslog"); };		 ### changed to _syslog
>   

> destination komm	{ file ("/var/log/fwlogs/kommunikasjon-context.log");
> };
> destination asa 	{ file ("/var/log/fwlogs/asa.log"); };
> destination edb 	{ file ("/var/log/fwlogs/edb-pix.log"); };
> destination gje 	{ file ("/var/log/fwlogs/gjerdrum.log"); };
> destination nes 	{ file ("/var/log/fwlogs/nes.log"); };
> destination ull 	{ file ("/var/log/fwlogs/ullensaker.log"); };
> destination hur 	{ file ("/var/log/fwlogs/hurdal.log"); };
> destination eid 	{ file ("/var/log/fwlogs/eidsvoll.log"); };
> destination nan 	{ file ("/var/log/fwlogs/nannestad.log"); };
> destination datas	{ file ("/var/log/fwlogs/datasenter-context.log"); };
>
> destination mgmt	{ file ("/var/log/fwlogs/management-context.log"); };
>
> destination wifi	{ file ("/var/log/fwlogs/wifi-context.log"); };
> destination aplog	{ file ("/var/log/aplog/aplog.txt"); };
>
> filter aplog	{ host	(10.20.);	};	### this line caused the
> syntax error (line 35)
> filter gje	{ host	(10.8.30.28);	};
> filter nes	{ host	(10.8.30.20);	};
> filter ull	{ host	(10.8.30.36);	};
> filter hur	{ host	(10.8.30.12);	};
> filter eid	{ host	(10.8.30.44);	};
> filter nan	{ host	(10.8.30.52);	};
> filter datas	{ host	(10.8.0.1);	};
> filter mgmt	{ host	(10.8.30.60);	};
> filter wifi	{ host	(10.8.30.92);	};
> filter asa	{ host	(ASA-R111);	};
> filter komm	{ host	(10.8.30.76);	};
> filter edb	{ host	(edb-pix);	};
>
> filter emerg	{ level (emerg);	};
> filter alert	{ level (alert .. emerg);   };
> filter crit	{ level (crit .. emerg);    };
> filter err	{ level (err .. emerg);     };
> filter warning	{ level (warning .. emerg); };
> filter notice	{ level (notice .. emerg);  };
> filter info	{ level (info .. emerg);    };
> filter debug	{ level (debug .. emerg);   };
> filter kern	{ facility (kern);	};
> filter user	{ facility (user);	};
> filter mail	{ facility (mail);	};
> filter daemon	{ facility (daemon);	};
> filter auth	{ facility (auth);	};
> filter syslog	{ facility (syslog);	};
> filter lpr	{ facility (lpr);	};
> filter news	{ facility (news);	};
> filter uucp	{ facility (uucp);	};
> filter cron	{ facility (cron);	};
> #filter local0	{ facility (local0);	};
> #filter local1	{ facility (local1);	};
> #filter local2	{ facility (local2);	};
> #filter local3	{ facility (local3);	};
> #filter local4	{ facility (local4);	};
> #filter local5	{ facility (local5);	};
> #filter local6	{ facility (local6);	};
> #filter local7	{ facility (local7);	};
> filter user_none     { not facility (user);			};
> filter kern_debug    { filter (kern) and filter (debug);	};
> filter daemon_notice { filter (daemon) and filter (notice);	};
> filter mail_crit     { filter (mail) and filter (crit); 	};
> filter mesg	     { filter (kern_debug) or
> 		       filter (daemon_notice) or
> 		       filter (mail_crit);			};
> filter authinfo      { filter (auth) or program (sudo); 	};
>
> log { source (sys);			destination(messages); };
> log { source (sys);			destination(console_all); };
> log { source (sys); filter (authinfo);	destination (authlog);	};
> log { source (sys); filter (mail);	destination (maillog);	};
> #log { source (sys); filter (local0);	 destination (ipflog);	 };
> #log { source (sys); filter (local1);	 destination (imaplog);  };
> log { source (sys); filter (syslog);	destination (syslog);	};
> log { source (sys); filter (emerg); filter (user_none);
> 					destination (console);	};
> log { source (sys); filter (mesg); filter (user_none);
> 					destination (messages); };
>
> log { source (net);			destination (clients); };
> log { source (net); filter (komm);	destination (komm);   };
> log { source (net); filter (asa);	destination (asa);    };
> log { source (net); filter (mgmt);	destination (mgmt);   };
> log { source (net); filter (wifi);	destination (wifi);   };
> log { source (net); filter (datas);	destination (datas);  };
> log { source (net); filter (wifi);	destination (wifi);   };
> log { source (net); filter (gje);	destination (gje);    };
> log { source (net); filter (nan);	destination (nan);    };
> log { source (net); filter (ull);	destination (ull);    };
> log { source (net); filter (hur);	destination (hur);    };
> log { source (net); filter (eid);	destination (eid);    };
> log { source (net); filter (nes);	destination (nes);    };
> log { source (net); filter (edb);	destination (edb);    };
> log { source (net); filter (aplog);	destination (aplog);  };
> #log { source (net); filter (komm); destination (komm); };
> ----------------------------------------------------------------------
> This is the error i got :
>
> syntax error in /etc/syslog-ng/syslog-ng.conf at line 35.
>
> syslog-ng documentation:
> http://www.balabit.com/support/documentation/?product=syslog-ng
> mailing list: https://lists.balabit.hu/mailman/listinfo/syslog-ng	     
> 	  
>  * Configuration error. Please fix your configfile
> (/etc/syslog-ng/syslog-ng.conf)
>
> It is not a very big deal at the moment, as i've reverted back to version
> 2.1.4, but i'd like to keep my system current, and somewhat up to date. this
> server's main function is as a syslogger for a few firewalls though, so i
> cannot leave it unable to log for long.
>
> hope someone can help.
>
> cheers
> andip
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.campin.net/syslog-ng/faq.html
>
>
>

More information about the syslog-ng mailing list