[syslog-ng] New to syslog-ng, basic setup help reuqested

lance raymond lance.raymond at gmail.com
Fri Jun 5 19:35:31 CEST 2009

Yea, I got a bunch;
apache2   692 www-data   35w   REG    8,1 100778670 2089232

as just an example, and now that I am looking at it, I think I see the
obvious.  I haven't changed apache to stop writing local (I didn't think I
had to) as I thought I could have the local and the remote (in case the
remote failed).  But that might not be the case.

So I would assume the first step is to remove the vhost access log line.
But now that I am thinking, the setup said what file was the local file in
which it would be the /var/log/apache2/....  right?  So if I tell apache not
to write that access file how do you setup the client ?

As I said, really new at this, so sorry if this seems basic, but the webmin
module made it kinda easier, but still ... not easy enough!


On Fri, Jun 5, 2009 at 10:53 AM, Fegan, Joe <Joe.Fegan at hp.com> wrote:

>  That looks like a bind() error message which suggests that another
> process is already listening on the socket in question. Use lsof to find out
> which process that is.
> # lsof /var/log/apache2/ws8.mydomain.com-access_log
>  ------------------------------
> *From:* syslog-ng-bounces at lists.balabit.hu [mailto:
> syslog-ng-bounces at lists.balabit.hu] *On Behalf Of *lance raymond
> *Sent:* 04 June 2009 18:11
> *To:* syslog-ng at lists.balabit.hu
> *Subject:* [syslog-ng] New to syslog-ng, basic setup help reuqested
> Afternoon, looking to do some real basic logging for our webservers.  They
> are all running ubuntu-server 8.10, and I have a standalone box which will
> act as the 'log server'.  They have webmin installed, so I setup using that
> as it seemed pretty straight forward.
> So the server is running and when I start one of the webservers which I
> configured, I recive the following error;
>  * Starting system logging syslog-ng Error binding socket;
> addr='AF_UNIX(/var/log/apache2/ws8.mydomain.com-access_log)', error='Address
> already in use (98)'
> I thought it might be due to apache running, so stopped that, but still the
> same error.
> the conf file is HUGE, and 95% is a stock install, so I will just put what
> the client / server has that is specific to this item I wish to remote log.
> Client:
> destination WFLogger {
>   udp(;
>   };
> source domain_access {
>   unix-stream("/var/log/apache2/ws8.domain.com-access_log");
>   };
> log {
>   source(domain_access);
>   destination(WFLogger);
>   flags(catchall);
>   };
> On the server, I don't see anything that stands out that say's "accept
> connections" so not sure if there is anything special that has to be done,
> but the error on the client is immediate so that part seems to be a local
> issue.
> Thanks
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation:
> http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.campin.net/syslog-ng/faq.html
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20090605/5ca7ded6/attachment-0001.htm 

More information about the syslog-ng mailing list