[syslog-ng] Syslog-ng beginners guide

Cosmin Neagu cosmin.neagu at omnilogic.ro
Wed Jul 1 09:22:32 CEST 2009 

    Thanks allot Ulrich, that site contains great documentation, i'm 
starting to understand how syslog-ng works.
But, let me tell you the problem with wich i'm stuck right now.

    A router is sending syslog messages to a linux box (Fedora) from 
10.0.0.1. I can see the messages arriving at the server.
/[root at monitorizare1 ~]# tcpdump -v src 10.0.0.1
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 96 
bytes
10:09:07.941254 IP (tos 0x0, ttl 255, id 80, offset 0, flags [none], 
proto UDP (17), length 115) 10.0.0.1.65150 > 192.168.53.248.syslog: 
SYSLOG, length: 87
        Facility local7 (23), Severity error (3)
        Msg: 81: *Jul  1 10:09:10.027: %LINK-3-UPDOWN: Interfa[|syslog]
10:09:08.760267 IP (tos 0x0, ttl 255, id 81, offset 0, flags [none], 
proto UDP (17), length 138) 10.0.0.1.65150 > 192.168.53.248.syslog: 
SYSLOG, length: 110
        Facility local7 (23), Severity info (6)
        Msg: 82: *Jul  1 10:09:10.031: %ENTITY_ALARM-6-INFO: C[|syslog]
10:09:09.755868 IP (tos 0x0, ttl 255, id 82, offset 0, flags [none], 
proto UDP (17), length 137) 10.0.0.1.65150 > 192.168.53.248.syslog: 
SYSLOG, length: 109
        Facility local7 (23), Severity notice (5)/


I have configured syslog-ng.conf like this:
/source s_router_udp {
        internal();
        file ("/proc/kmsg" log_prefix("kernel: "));
        udp (ip(0.0.0.0) port ( 514 ) );
        #unix-stream ("/dev/log");
};
destination d_localfile {
file ("/root/testlog");
};
log {
        source (s_router_udp);
        destination (d_localfile);
};/

The problem is that in /root/testlog i can't see any log, except those 
internal generated by syslog-ng:
/Jul  1 09:31:36 monitorizare1 syslog-ng[17787]: syslog-ng starting up; 
version='2.0.10'
Jul  1 09:32:49 monitorizare1 syslog-ng[17787]: Termination requested 
via signal, terminating;
Jul  1 09:32:50 monitorizare1 syslog-ng[17812]: syslog-ng starting up; 
version='2.0.10'
Jul  1 09:42:50 monitorizare1 syslog-ng[17812]: Log statistics; 
processed='center(queued)=6', processed='center(received)=6', 
processed='destination(d_boot)=0', processed='destination(d_auth)=2', 
processed='des
tination(d_cron)=2', processed='destination(d_mlal)=0', 
processed='destination(d_localfile)=1', 
processed='destination(d_mesg)=1', processed='destination(d_cons)=0', 
processed='destination(d_spol)=0', processed
='destination(d_mail)=0', processed='source(s_sys)=5', 
processed='source(s_router_udp)=1'
Jul  1 09:45:11 monitorizare1 syslog-ng[17812]: Termination requested 
via signal, terminating;
Jul  1 09:45:11 monitorizare1 syslog-ng[18840]: syslog-ng starting up; 
version='2.0.10'
Jul  1 09:47:43 monitorizare1 syslog-ng[18840]: Termination requested 
via signal, terminating;
Jul  1 09:47:43 monitorizare1 syslog-ng[19009]: syslog-ng starting up; 
version='2.0.10'/

I can't find anything in the syslog-ng guide admin about how can 
messages received from remote hosts can be inserted into files.

Can anyone help me? I feel that i'm close to a solution.



Ulrich.Wiemers at t-systems.com wrote:
> Hi,
> I was in a similar situation some weeks ago.
> Admin Guide found at http://www.balabit.com/support/documentation/?product=syslog-ng was of great help to me.
> And, of course, Google ,-)
>
> hth
>
> Ulli
>
> -----Ursprüngliche Nachricht-----
> Von: syslog-ng-bounces at lists.balabit.hu [mailto:syslog-ng-bounces at lists.balabit.hu] Im Auftrag von Cosmin Neagu
> Gesendet: Dienstag, 30. Juni 2009 14:49
> An: syslog-ng at lists.balabit.hu
> Betreff: [syslog-ng] Syslog-ng beginners guide
>
> Hello everybody,
> Sorry for bothering you with a beginners question.
> I have a cacti implementation in my network and a want to integrate it with syslog-ng. I have mostly cisco routers, all configured to sent syslog messages to two linux boxes (Ubuntu 9.04 and FedoraCore 10) where i have installed syslog-ng.
>
> I'm not able to find where the logs are kept, so this drives me crazy.
> Do you know any site or resource where i can find some beginners guide about using syslog-ng with cisco routers? I mean, a guide for someone who never used syslog-ng before.
> Thanks.
>
> --
> Cosmin Neagu
> NOC Team Leader
> Str. I. G. Duca nr 36
> Otopeni, Judetul Ilfov, 075100 Romania
> Tel: 021 303 3159 / 0732 669 193
> www.omnilogic.ro
>
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.campin.net/syslog-ng/faq.html
>
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.campin.net/syslog-ng/faq.html
>
>   
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20090701/487efa0c/attachment-0001.htm

More information about the syslog-ng mailing list