[syslog-ng] syntax error in config-file

Pallagi Zoltán pzolee at balabit.hu
Tue Dec 15 13:30:03 CET 2009 

andip írta:
> Hi,
>
> You're right i got the syslog filter, but not destination. i changed that to
> _syslog, and as i started syslog-ng again, i got syntax-errors on different
> lines. i fixed the lines one after the other (see comments in config file in
> original mail). the last error that i could not get past was on line 35,
> which is the first filter-line in my config-file.
>   
double quote is missing from filter:
- filter aplog    { host  (10.20.);     };
+ filter aplog    { host  ("10.20.");     };

> so since syslog-ng exited with syntax-error, and it reports it being line 35,
> i felt sure it had to do with that line, though ofc i can be wrong as i'm an
> amateur. i am ofc aware there are/might be errors further down in the
> config-file.
> i'd very much like to be certain though, before i re-install version 3.0.4
> again.
>
> could you please confirm for me that you're aware of this before i try out
> your suggested solution?
>   
There is my solution, it worked for me:

@@ -28,8 +28,7 @@
 destination ipflog    { file ("/var/log/ipflog"); };
 destination imaplog    { file ("/var/log/imaplog"); };
 destination console    { file ("/dev/console"); };
-destination syslog    { file ("/var/log/syslog"); };         ### changed
-to _syslog
+destination _syslog    { file ("/var/log/syslog"); };         ### 
changedto _syslog
 destination komm    { file ("/var/log/fwlogs/kommunikasjon-context.log");
 };
 destination asa     { file ("/var/log/fwlogs/asa.log"); };
@@ -47,8 +46,7 @@
 destination wifi    { file ("/var/log/fwlogs/wifi-context.log"); };
 destination aplog    { file ("/var/log/aplog/aplog.txt"); };
 
-filter aplog    { host    (10.20.);    };    ### this line caused the
-syntax error (line 35)
+filter aplog    { host    ("10.20.");    };  
 filter gje    { host    (10.8.30.28);    };
 filter nes    { host    (10.8.30.20);    };
 filter ull    { host    (10.8.30.36);    };
@@ -75,7 +73,7 @@
 filter mail    { facility (mail);    };
 filter daemon    { facility (daemon);    };
 filter auth    { facility (auth);    };
-filter syslog    { facility (syslog);    };
+filter _syslog    { facility (syslog);    };
 filter lpr    { facility (lpr);    };
 filter news    { facility (news);    };
 filter uucp    { facility (uucp);    };
@@ -103,7 +101,7 @@
 log { source (sys); filter (mail);    destination (maillog);    };
 #log { source (sys); filter (local0);     destination (ipflog);     };
 #log { source (sys); filter (local1);     destination (imaplog);  };
-log { source (sys); filter (syslog);    destination (syslog);    };
+log { source (sys); filter (_syslog);    destination (_syslog);    };
 log { source (sys); filter (emerg); filter (user_none);
                     destination (console);    };
 log { source (sys); filter (mesg); filter (user_none);


and of course you also have to check the warnings after starting. If 
everything is all right put "@version: 3.0" line on the top of your config.
> cheers
> andip
>
> ----- Original Message -----
> From: Pallagi Zoltán <pzolee at balabit.hu>
> To: Syslog-ng users' and developers' mailing list
> <syslog-ng at lists.balabit.hu>, andip at syndig.com
> Sent: Tue, 15 Dec 2009 10:43:10 +0100
> Subject: Re: [syslog-ng] syntax error in config-file
>
>   
>> Hi,
>>
>> In syslog-ng 3.0, "syslog" became a reserved word and you have a 
>> destination and a filter called "syslog" in your config.
>> Please rename them and it will work
>>
>> andip írta:
>>     
>>> Hi folks,
>>>
>>> I just tried updating syslog-ng to version 3.0.4, from 2.1.4. i use the
>>> gentoo linux-distro, and the new version came into "stable" gentoo a few
>>>       
>> days
>>     
>>> ago.
>>>
>>> I'm no syslog-ng expert, but i use it to log quite a few things, so my
>>> config-file it not default.
>>> I've read a bit in the admin-guide, but did not find any reason to my
>>> problem.
>>>
>>> i've tried converting my 2.1.4 config-file to the new 3.0.4 version, with
>>>       
>
>   
>> no
>>     
>>> success. this is parts of my old config-file. ### are comments made to
>>> reflect changes i made for v2 -> v3 conversion
>>>
>>>       
> ----------------------------------------------------------------------------
>   
>>> options {
>>> 	chain_hostnames(off);		 ### changed this to "no"
>>> 	sync(0);			 ### changed this to "flush_lines"
>>> 	time_sleep(20);
>>> 	log_fifo_size (2048);
>>> 	create_dirs (yes);
>>> 	perm (0640);
>>> 	dir_perm (0750);
>>> 	stats(43200);			 ### changed this to "stats_freq"
>>> 	owner (syslogger);
>>> 	group (syslogger);
>>> 	perm (0664);
>>> };
>>>
>>> source sys {
>>> 	unix-stream("/dev/log" max-connections(256));
>>> 	internal();
>>> 	file("/proc/kmsg");
>>> };
>>>
>>> source net { udp(); };
>>>
>>> destination clients { file ("/var/log/fwlogs/netclients/$HOST"); };
>>> destination console_all { file ("/dev/tty12"); };
>>> destination authlog { file ("/var/log/authlog");   };
>>> destination messages	{ file ("/var/log/messages"); };
>>> destination maillog { file ("/var/log/maillog"); };
>>> destination ipflog	{ file ("/var/log/ipflog"); };
>>> destination imaplog { file ("/var/log/imaplog"); };
>>> destination console { file ("/dev/console"); };
>>> destination syslog	{ file ("/var/log/syslog"); };		 ### changed
>>>       
>> to _syslog
>>     
>>>   
>>>       
>>> destination komm	{ file ("/var/log/fwlogs/kommunikasjon-context.log");
>>>       
>
>   
>>> };
>>> destination asa	{ file ("/var/log/fwlogs/asa.log"); };
>>> destination edb	{ file ("/var/log/fwlogs/edb-pix.log"); };
>>> destination gje	{ file ("/var/log/fwlogs/gjerdrum.log"); };
>>> destination nes	{ file ("/var/log/fwlogs/nes.log"); };
>>> destination ull	{ file ("/var/log/fwlogs/ullensaker.log"); };
>>> destination hur	{ file ("/var/log/fwlogs/hurdal.log"); };
>>> destination eid	{ file ("/var/log/fwlogs/eidsvoll.log"); };
>>> destination nan	{ file ("/var/log/fwlogs/nannestad.log"); };
>>> destination datas	{ file ("/var/log/fwlogs/datasenter-context.log"); };
>>>       
>
>   
>>> destination mgmt	{ file ("/var/log/fwlogs/management-context.log"); };
>>>       
>
>   
>>> destination wifi	{ file ("/var/log/fwlogs/wifi-context.log"); };
>>> destination aplog	{ file ("/var/log/aplog/aplog.txt"); };
>>>
>>> filter aplog	{ host	(10.20.);	};	### this line caused
>>>       
> the
>   
>>> syntax error (line 35)
>>> filter gje	{ host	(10.8.30.28);	};
>>> filter nes	{ host	(10.8.30.20);	};
>>> filter ull	{ host	(10.8.30.36);	};
>>> filter hur	{ host	(10.8.30.12);	};
>>> filter eid	{ host	(10.8.30.44);	};
>>> filter nan	{ host	(10.8.30.52);	};
>>> filter datas	{ host	(10.8.0.1);	};
>>> filter mgmt { host	(10.8.30.60);	};
>>> filter wifi { host	(10.8.30.92);	};
>>> filter asa	{ host	(ASA-R111);	};
>>> filter komm { host	(10.8.30.76);	};
>>> filter edb	{ host	(edb-pix);	};
>>>
>>> filter emerg	{ level (emerg);	};
>>> filter alert	{ level (alert .. emerg);   };
>>> filter crit { level (crit .. emerg);    };
>>> filter err	{ level (err .. emerg);     };
>>> filter warning	{ level (warning .. emerg); };
>>> filter notice { level (notice .. emerg);  };
>>> filter info { level (info .. emerg);    };
>>> filter debug	{ level (debug .. emerg);   };
>>> filter kern { facility (kern);	};
>>> filter user { facility (user);	};
>>> filter mail { facility (mail);	};
>>> filter daemon { facility (daemon);	};
>>> filter auth { facility (auth);	};
>>> filter syslog { facility (syslog);	};
>>> filter lpr	{ facility (lpr);	};
>>> filter news { facility (news);	};
>>> filter uucp { facility (uucp);	};
>>> filter cron { facility (cron);	};
>>> #filter local0	{ facility (local0);	};
>>> #filter local1	{ facility (local1);	};
>>> #filter local2	{ facility (local2);	};
>>> #filter local3	{ facility (local3);	};
>>> #filter local4	{ facility (local4);	};
>>> #filter local5	{ facility (local5);	};
>>> #filter local6	{ facility (local6);	};
>>> #filter local7	{ facility (local7);	};
>>> filter user_none	 { not facility (user); 		};
>>> filter kern_debug	 { filter (kern) and filter (debug);	};
>>> filter daemon_notice { filter (daemon) and filter (notice); };
>>> filter mail_crit	 { filter (mail) and filter (crit);	};
>>> filter mesg      { filter (kern_debug) or
>>> 		       filter (daemon_notice) or
>>> 		       filter (mail_crit);			};
>>> filter authinfo	 { filter (auth) or program (sudo);	};
>>>
>>> log { source (sys); 		destination(messages); };
>>> log { source (sys); 		destination(console_all); };
>>> log { source (sys); filter (authinfo);	destination (authlog);	};
>>> log { source (sys); filter (mail);	destination (maillog);	};
>>> #log { source (sys); filter (local0);  destination (ipflog);	 };
>>> #log { source (sys); filter (local1);  destination (imaplog);  };
>>> log { source (sys); filter (syslog);	destination (syslog);	};
>>> log { source (sys); filter (emerg); filter (user_none);
>>> 					destination (console);	};
>>> log { source (sys); filter (mesg); filter (user_none);
>>> 					destination (messages); };
>>>
>>> log { source (net); 		destination (clients); };
>>> log { source (net); filter (komm);	destination (komm);   };
>>> log { source (net); filter (asa);	destination (asa);    };
>>> log { source (net); filter (mgmt);	destination (mgmt);   };
>>> log { source (net); filter (wifi);	destination (wifi);   };
>>> log { source (net); filter (datas); destination (datas);  };
>>> log { source (net); filter (wifi);	destination (wifi);   };
>>> log { source (net); filter (gje);	destination (gje);    };
>>> log { source (net); filter (nan);	destination (nan);    };
>>> log { source (net); filter (ull);	destination (ull);    };
>>> log { source (net); filter (hur);	destination (hur);    };
>>> log { source (net); filter (eid);	destination (eid);    };
>>> log { source (net); filter (nes);	destination (nes);    };
>>> log { source (net); filter (edb);	destination (edb);    };
>>> log { source (net); filter (aplog); destination (aplog);  };
>>> #log { source (net); filter (komm); destination (komm); };
>>> ----------------------------------------------------------------------
>>> This is the error i got :
>>>
>>> syntax error in /etc/syslog-ng/syslog-ng.conf at line 35.
>>>
>>> syslog-ng documentation:
>>> http://www.balabit.com/support/documentation/?product=syslog-ng
>>> mailing list: https://lists.balabit.hu/mailman/listinfo/syslog-ng	     
>>>       
>
>   
>>> 	  
>>>  * Configuration error. Please fix your configfile
>>> (/etc/syslog-ng/syslog-ng.conf)
>>>
>>> It is not a very big deal at the moment, as i've reverted back to version
>>>       
>
>   
>>> 2.1.4, but i'd like to keep my system current, and somewhat up to date.
>>>       
>> this
>>     
>>> server's main function is as a syslogger for a few firewalls though, so i
>>>       
>
>   
>>> cannot leave it unable to log for long.
>>>
>>> hope someone can help.
>>>
>>> cheers
>>> andip
>>>
>>>       
> _____________________________________________________________________________
>
>   
>> _
>>     
>>> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>>> Documentation:
>>>       
>> http://www.balabit.com/support/documentation/?product=syslog-ng
>>     
>>> FAQ: http://www.campin.net/syslog-ng/faq.html
>>>
>>>
>>>   
>>>       

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20091215/a29152d2/attachment-0001.htm

More information about the syslog-ng mailing list