[syslog-ng] Error when starting syslog-ng 3.0.1

Ngim, Hyrum CTR ADCF/Arrowpoint hyrum.ngim.ctr at awps.army.mil
Fri May 1 22:15:10 CEST 2009

At the very top of your config file, it will need to have:

@version: 3.0

You'll just need to remove the # sign.

-----Original Message-----
From: syslog-ng-bounces at lists.balabit.hu
[mailto:syslog-ng-bounces at lists.balabit.hu] On Behalf Of Bristol, Gary L.
Sent: Friday, May 01, 2009 12:52 PM
To: syslog-ng at lists.balabit.hu
Subject: [syslog-ng] Error when starting syslog-ng 3.0.1

I'm getting the following error when I start the syslog-ng process.

I'm running version 3.0.1

I have tried several different formats for getting it to recognize that fact
that I'm running or attempting to run a version 3.0 config.
The other problem I'm having is that I'm not getting any local logs.
The directory creation and the forwarding of the syslog to the remote system
works just fine.

Starting system logger: Configuration file has no version number, assuming
syslog-ng 2.1 format. Please add @version: maj.min to the beginning of the
WARNING: global: the default value of chain_hostnames is changing to 'no' in
version 3.0, please update your configuration accordingly; Error resolving
group; group='log'
WARNING: template: the default value for template-escape is changing to 'no'
in version 3.0, please update your configuration file accordingly;
WARNING: input: sources do not remove new-line characters from messages by
default in version 3.0, please add 'no-multi-line' flag to your
configuration if you want to retain this functionality;
WARNING: file source: default value of follow_freq in file sources is
changing in 3.0 to '1' for all files except /proc/kmsg;
WARNING: filters do not store matches in macros by default in 3.0, please
update your configuration by using an explicit 'store-matches' flag to
achieve that;
WARNING: template: the meaning of the $MSG/$MESSAGE macros is changing in
version 3.0, please prepend a $MSGHDR when upgrading to 3.0 config format;
Error resolving user; user='root'

Here is the configuration file at /etc/syslog-ng/syslog0ng.conf

# syslog-ng configuration file.
#@version: 3.0
# This should behave pretty much like the original syslog on RedHat. But #
it could be configured a lot smarter.
# See syslog-ng(8) and syslog-ng.conf(5) for more information.
# 20000925 gb at sysfive.com
# configuration file for syslog-ng, customized for remote logging # #options
{ flush_lines (0);
#          time_reopen (10);
#          log_fifo_size (1000);
#          long_hostnames (off);
#          use_dns (no);
#          use_fqdn (no);
#          keep_hostname (yes);
#        };
options {
  stats_freq (0);
  chain_hostnames (no);
  flush_lines (0);
  time_reopen (10);
  log_fifo_size (1000);
  use_dns (no);
  use_fqdn (no);
  create_dirs (yes);
  keep_hostname (yes);

source s_internal { internal(); };
destination d_syslognglog { file("/var/log/syslog-ng.log"); }; log {
source(s_internal); destination(d_syslognglog); };

# Local sources, filters and destinations are commented out # If you want to
replace sysklogd simply uncomment the following # parts and disable sysklogd
# # Local sources # #source s_local {
#       unix-dgram("/dev/log");
#       file("/proc/kmsg" log_prefix("kernel:"));

source s_sys { file ("/proc/kmsg" program_override("kernel: ")); unix-stream
("/dev/log"); internal();
 udp(ip( port(514));
# network logs come from the local network source src {
unix-stream("/dev/log"); internal(); }; source remote { udp(ip (""));
}; source remote_tcp { tcp(ip ("xxx.xx.xx.xxx")); }; source kernsrc {
file("/proc/kmsg"); };

## Local filters

filter f_filter1     { facility(kern); };
filter f_filter2     { level(info) and not (facility(mail) or
facility(authpriv) or facility(cron)); };
filter f_filter3     { facility(authpriv); };
filter f_filter4     { facility(mail); };
filter f_filter5     { level(emerg); };
filter f_filter6     { facility(uucp) or (facility(news) and level(crit));
filter f_filter7     { facility(local7); };
filter f_filter8     { facility(cron); };

# Filters for remote logs added for RSA

filter f_paygate { host ("xxx.xxx.xxx.xxx");}; filter f_payweb { host
("xxx.xxx.xxx.xxx");}; filter f_paymarket1 { host ("xxx.xxx.xxx.xxx");};
filter f_paymarket2 { host ("xxx.xxx.xxx.xxx");}; filter f_roomview { host
("xxx.xxx.xxx.xxx");}; filter f_paymarket1a { host ("xxx.xxx.xxx.xxx");};
filter f_paymarket2a { host ("xxx.xxx.xxx.xxx");}; #filter f_dc { host

# Local logs - order DOES matter !
#log { source(s_sys); filter(f_filter1); destination(d_cons); }; log {
source(s_sys); filter(f_filter2); destination(d_mesg); }; log {
source(s_sys); filter(f_filter3); destination(d_auth); }; log {
source(s_sys); filter(f_filter4); destination(d_mail); }; log {
source(s_sys); filter(f_filter5); destination(d_mlal); }; log {
source(s_sys); filter(f_filter6); destination(d_spol); }; log {
source(s_sys); filter(f_filter7); destination(d_boot); }; log {
source(s_sys); filter(f_filter8); destination(d_cron); };

# Remote logs for RSA Appliance

log { source(remote); filter(f_paygate); destination(d_rsa); }; log {
source(remote); filter(f_payweb); destination(d_rsa); }; log {
source(remote); filter(f_paymarket1); destination(d_rsa); }; log {
source(remote); filter(f_paymarket2); destination(d_rsa); }; log {
source(remote); filter(f_roomview); destination(d_rsa); }; log {
source(remote); filter(f_paymarket1a); destination(d_rsa); }; log {
source(remote); filter(f_paymarket2a); destination(d_rsa); }; #log {
source(remote); filter(f_dc); destination(d_rsa); };

# log by host
  log { source(remote); destination(hosts); };
  log { source(remote_tcp); destination(hosts); };

# Local destinations
destination d_cons { file("/dev/console"); }; destination d_mesg {
file("/var/log/messages"); }; destination d_auth { file("/var/log/secure");
}; destination d_mail { file("/var/log/maillog"); }; destination d_spol {
file("/var/log/spooler"); }; destination d_boot { file("/var/log/boot.log");
}; destination d_cron { file("/var/log/cron"); }; destination d_mlal {
usertty("*"); };

# added for re-direct to RSA Appliance

destination d_rsa      { udp("xxx.xxx.xxx.xxx" port (514) template("<$PRI>

# automatic host sorting
# by current year, month, day, host
# files created are also by year, month, day, host, facility # set it up
  destination hosts {
ILITY.log" owner(root) group(root) perm(0655) dir_perm(0
755) create_dirs(yes)); };

Gary L. Bristol
University of Oklahoma
200 Felgar St., Suite 226
Norman, OK 73019
+ Ranked 10th in PC Magazine's 2007 Top 20 Wired Campuses Computerworld 
+ 2006 100 Best Places to Work in IT
This transmission may contain information that is privileged, confidential
and/or exempt from disclosure under applicable law. If you are not the
intended recipient, you are hereby notified that any disclosure, copying,
distribution, or use of the information contained herein (including any
reliance thereon) is STRICTLY PROHIBITED. If you received this transmission
in error, please immediately contact the sender and destroy the material in
its entirety, whether in electronic or hard copy format. Thank you

-------------- next part --------------
A non-text attachment was scrubbed...
Name: winmail.dat
Type: application/ms-tnef
Size: 23673 bytes
Desc: not available
Url : http://lists.balabit.hu/pipermail/syslog-ng/attachments/20090501/8e599b30/attachment-0001.bin 

More information about the syslog-ng mailing list