[syslog-ng] syntax error in config-file

andip andip at syndig.com
Tue Dec 15 12:31:46 CET 2009 

Hi,

You're right i got the syslog filter, but not destination. i changed that to
_syslog, and as i started syslog-ng again, i got syntax-errors on different
lines. i fixed the lines one after the other (see comments in config file in
original mail). the last error that i could not get past was on line 35,
which is the first filter-line in my config-file.

so since syslog-ng exited with syntax-error, and it reports it being line 35,
i felt sure it had to do with that line, though ofc i can be wrong as i'm an
amateur. i am ofc aware there are/might be errors further down in the
config-file.
i'd very much like to be certain though, before i re-install version 3.0.4
again.

could you please confirm for me that you're aware of this before i try out
your suggested solution?

cheers
andip

----- Original Message -----
From: Pallagi Zoltán <pzolee at balabit.hu>
To: Syslog-ng users' and developers' mailing list
<syslog-ng at lists.balabit.hu>, andip at syndig.com
Sent: Tue, 15 Dec 2009 10:43:10 +0100
Subject: Re: [syslog-ng] syntax error in config-file

> Hi,
> 
> In syslog-ng 3.0, "syslog" became a reserved word and you have a 
> destination and a filter called "syslog" in your config.
> Please rename them and it will work
> 
> andip írta:
> > Hi folks,
> >
> > I just tried updating syslog-ng to version 3.0.4, from 2.1.4. i use the
> > gentoo linux-distro, and the new version came into "stable" gentoo a few
> days
> > ago.
> >
> > I'm no syslog-ng expert, but i use it to log quite a few things, so my
> > config-file it not default.
> > I've read a bit in the admin-guide, but did not find any reason to my
> > problem.
> >
> > i've tried converting my 2.1.4 config-file to the new 3.0.4 version, with

> no
> > success. this is parts of my old config-file. ### are comments made to
> > reflect changes i made for v2 -> v3 conversion
> >
>
----------------------------------------------------------------------------
> > options {
> >	chain_hostnames(off);		 ### changed this to "no"
> >	sync(0);			 ### changed this to "flush_lines"
> >	time_sleep(20);
> >	log_fifo_size (2048);
> >	create_dirs (yes);
> >	perm (0640);
> >	dir_perm (0750);
> >	stats(43200);			 ### changed this to "stats_freq"
> >	owner (syslogger);
> >	group (syslogger);
> >	perm (0664);
> > };
> >
> > source sys {
> >	unix-stream("/dev/log" max-connections(256));
> >	internal();
> >	file("/proc/kmsg");
> > };
> >
> > source net { udp(); };
> >
> > destination clients { file ("/var/log/fwlogs/netclients/$HOST"); };
> > destination console_all { file ("/dev/tty12"); };
> > destination authlog { file ("/var/log/authlog");   };
> > destination messages	{ file ("/var/log/messages"); };
> > destination maillog { file ("/var/log/maillog"); };
> > destination ipflog	{ file ("/var/log/ipflog"); };
> > destination imaplog { file ("/var/log/imaplog"); };
> > destination console { file ("/dev/console"); };
> > destination syslog	{ file ("/var/log/syslog"); };		 ### changed
> to _syslog
> >   
> 
> > destination komm	{ file ("/var/log/fwlogs/kommunikasjon-context.log");

> 
> > };
> > destination asa	{ file ("/var/log/fwlogs/asa.log"); };
> > destination edb	{ file ("/var/log/fwlogs/edb-pix.log"); };
> > destination gje	{ file ("/var/log/fwlogs/gjerdrum.log"); };
> > destination nes	{ file ("/var/log/fwlogs/nes.log"); };
> > destination ull	{ file ("/var/log/fwlogs/ullensaker.log"); };
> > destination hur	{ file ("/var/log/fwlogs/hurdal.log"); };
> > destination eid	{ file ("/var/log/fwlogs/eidsvoll.log"); };
> > destination nan	{ file ("/var/log/fwlogs/nannestad.log"); };
> > destination datas	{ file ("/var/log/fwlogs/datasenter-context.log"); };

> 
> >
> > destination mgmt	{ file ("/var/log/fwlogs/management-context.log"); };

> 
> >
> > destination wifi	{ file ("/var/log/fwlogs/wifi-context.log"); };
> > destination aplog	{ file ("/var/log/aplog/aplog.txt"); };
> >
> > filter aplog	{ host	(10.20.);	};	### this line caused
the
> > syntax error (line 35)
> > filter gje	{ host	(10.8.30.28);	};
> > filter nes	{ host	(10.8.30.20);	};
> > filter ull	{ host	(10.8.30.36);	};
> > filter hur	{ host	(10.8.30.12);	};
> > filter eid	{ host	(10.8.30.44);	};
> > filter nan	{ host	(10.8.30.52);	};
> > filter datas	{ host	(10.8.0.1);	};
> > filter mgmt { host	(10.8.30.60);	};
> > filter wifi { host	(10.8.30.92);	};
> > filter asa	{ host	(ASA-R111);	};
> > filter komm { host	(10.8.30.76);	};
> > filter edb	{ host	(edb-pix);	};
> >
> > filter emerg	{ level (emerg);	};
> > filter alert	{ level (alert .. emerg);   };
> > filter crit { level (crit .. emerg);    };
> > filter err	{ level (err .. emerg);     };
> > filter warning	{ level (warning .. emerg); };
> > filter notice { level (notice .. emerg);  };
> > filter info { level (info .. emerg);    };
> > filter debug	{ level (debug .. emerg);   };
> > filter kern { facility (kern);	};
> > filter user { facility (user);	};
> > filter mail { facility (mail);	};
> > filter daemon { facility (daemon);	};
> > filter auth { facility (auth);	};
> > filter syslog { facility (syslog);	};
> > filter lpr	{ facility (lpr);	};
> > filter news { facility (news);	};
> > filter uucp { facility (uucp);	};
> > filter cron { facility (cron);	};
> > #filter local0	{ facility (local0);	};
> > #filter local1	{ facility (local1);	};
> > #filter local2	{ facility (local2);	};
> > #filter local3	{ facility (local3);	};
> > #filter local4	{ facility (local4);	};
> > #filter local5	{ facility (local5);	};
> > #filter local6	{ facility (local6);	};
> > #filter local7	{ facility (local7);	};
> > filter user_none	 { not facility (user); 		};
> > filter kern_debug	 { filter (kern) and filter (debug);	};
> > filter daemon_notice { filter (daemon) and filter (notice); };
> > filter mail_crit	 { filter (mail) and filter (crit);	};
> > filter mesg      { filter (kern_debug) or
> >		       filter (daemon_notice) or
> >		       filter (mail_crit);			};
> > filter authinfo	 { filter (auth) or program (sudo);	};
> >
> > log { source (sys); 		destination(messages); };
> > log { source (sys); 		destination(console_all); };
> > log { source (sys); filter (authinfo);	destination (authlog);	};
> > log { source (sys); filter (mail);	destination (maillog);	};
> > #log { source (sys); filter (local0);  destination (ipflog);	 };
> > #log { source (sys); filter (local1);  destination (imaplog);  };
> > log { source (sys); filter (syslog);	destination (syslog);	};
> > log { source (sys); filter (emerg); filter (user_none);
> >					destination (console);	};
> > log { source (sys); filter (mesg); filter (user_none);
> >					destination (messages); };
> >
> > log { source (net); 		destination (clients); };
> > log { source (net); filter (komm);	destination (komm);   };
> > log { source (net); filter (asa);	destination (asa);    };
> > log { source (net); filter (mgmt);	destination (mgmt);   };
> > log { source (net); filter (wifi);	destination (wifi);   };
> > log { source (net); filter (datas); destination (datas);  };
> > log { source (net); filter (wifi);	destination (wifi);   };
> > log { source (net); filter (gje);	destination (gje);    };
> > log { source (net); filter (nan);	destination (nan);    };
> > log { source (net); filter (ull);	destination (ull);    };
> > log { source (net); filter (hur);	destination (hur);    };
> > log { source (net); filter (eid);	destination (eid);    };
> > log { source (net); filter (nes);	destination (nes);    };
> > log { source (net); filter (edb);	destination (edb);    };
> > log { source (net); filter (aplog); destination (aplog);  };
> > #log { source (net); filter (komm); destination (komm); };
> > ----------------------------------------------------------------------
> > This is the error i got :
> >
> > syntax error in /etc/syslog-ng/syslog-ng.conf at line 35.
> >
> > syslog-ng documentation:
> > http://www.balabit.com/support/documentation/?product=syslog-ng
> > mailing list: https://lists.balabit.hu/mailman/listinfo/syslog-ng	     

> 
> >	  
> >  * Configuration error. Please fix your configfile
> > (/etc/syslog-ng/syslog-ng.conf)
> >
> > It is not a very big deal at the moment, as i've reverted back to version

> > 2.1.4, but i'd like to keep my system current, and somewhat up to date.
> this
> > server's main function is as a syslogger for a few firewalls though, so i

> > cannot leave it unable to log for long.
> >
> > hope someone can help.
> >
> > cheers
> > andip
> >
>
_____________________________________________________________________________

> _
> > Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> > Documentation:
> http://www.balabit.com/support/documentation/?product=syslog-ng
> > FAQ: http://www.campin.net/syslog-ng/faq.html
> >
> >
> >

More information about the syslog-ng mailing list