[syslog-ng] syslog-ng 3.0.8, 3.0.9 not sending logs to centralized log host

Clayton Dukes cdukes at gmail.com
Tue Dec 21 22:59:30 CET 2010 

Looks like you need to define UDP or TCP (or both) in your src statement.

Here's a short (hopefully helpful) link to a video for syslog-ng
configuration:
http://www.logzilla.info/SearchResults.asp?Cat=49

<http://www.logzilla.info/SearchResults.asp?Cat=49>Full disclosure, LogZilla
is my log analysis software, but hopefully the video helps.


______________________________________________________________

Clayton Dukes
______________________________________________________________


On Tue, Dec 21, 2010 at 4:43 PM, Jarrett Lee <
jarrett.lee at oversightsystems.com> wrote:

> I have syslog-ng 3.0.9 (also tried 3.0.8) on a CentOS 5.5 system, firewall
> (iptables) turned off, and SELinux disabled. For some reason it refuses to
> send logs to my log host, though it will put them in my messages file. I've
> even broken out tcpdump to monitor the port while generating logs to see if
> I can see any network traffic generated, but it's crickets on the wire.
>
> Anybody have this problem? Is there something I'm missing, perhaps I've
> been looking at it for too long and need fresh eyes? I've had this working
> before on other platforms, Solaris and other distros of Linux, but this time
> it's kicking my butt...
>
> Here's my syslog-ng.conf (with IP and port redacted):
> #### BEGIN syslog-ng.conf ####
> @version: 3.0
>
> options {
> };
>
> source src {
> internal();
> unix-stream("/dev/log");
> file("/proc/kmsg" program_override("kernel: "));
> };
>
> destination local {
> file("/var/log/messages");
> };
> destination loghost {
> tcp("IPADDR" port(PORT));
> };
>
> log {
> source(src);
> destination(local);
> };
> log {
> source(src);
> destination(loghost);
> };
> #### END syslog-ng.conf ####
>
>
> Thanks,
> Jarrett
>
> Jarrett Lee, UNIX Administrator
> OVERSIGHT SYSTEMS | www.oversightsystems.com
>
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation:
> http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.campin.net/syslog-ng/faq.html
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20101221/4b102c8f/attachment.htm

More information about the syslog-ng mailing list