[syslog-ng] why i have to restart syslog to have the new apache log??
Sandor Geller (IT)
Sandor.Geller at morganstanley.com
Thu Mar 19 09:49:28 CET 2009
Hi,
2009/3/18 gatfi sami <pfegatfi.sami at gmail.com>:
> now when i use the TCP CONNECTION I CAN RECIVE NOTHING
> ******************syslog server**************** syslog 2.0.9
> source my_tcp {
> tcp(ip(0.0.0.0) port (415)); // they saied 0.0.0.0 means recive from any ip
> adress i also tried tcp ( port(514));
> same thing};
To correction your comment: listening on 0.0.0.0 (INADDR_ANY) means
that syslog-ng will listen ON every IP addresses the host has.
You have to ensure that the receiver and the sender are using the same
port and protocol. You can verify with netstat, lsof which port(s)
syslog-ng is listening on. Then the next debugging step would be
capturing network traffic, whether the logs actually leave the sending
side, and running another capture on the receiver side to see that
logs reach that host. When the network seems to be OK then trace the
receiver syslog-ng process to see what's going on.
> destination my_dest{ file("/var/log/Sami/$HOST/messages" owner("root")
> group("root") perm(0640) dir_perm(0750) create_dirs(yes));
> };
> log { source(my_tcp); #filter(my_filter);
> destination(my_dest); };
> ************************************************************
>
> ******************syslog client***************2syslog 2.0.10
>
> source my_src { file("/var/log/apache2/error_log" follow_freq(1) ); };
> #filter my_filter { };
> destination my_dest{ tcp("192.168.1.64) port(514); };
> log { source(my_src); #filter(my_filter);
> destination(my_dest); };
> **********************************************************************************
Are you sure apache still writes to that file? Is the same inode used
by apache to write logs which inode syslog-ng is reading?
hth,
Sandor
More information about the syslog-ng
mailing list