[syslog-ng] syslog-ng 3.0.8, 3.0.9 not sending logs to centralized log host

Jarrett Lee jarrett.lee at oversightsystems.com
Tue Dec 21 23:03:25 CET 2010 

This is the client side that I'm having issues with, not the syslog server, or loghost, side. Does it really need network configuration information in the source statement? I thought that was on the server side to show it which interface/port to listen on for clients.

On Dec 21, 2010, at 16:59, Clayton Dukes wrote:

> Looks like you need to define UDP or TCP (or both) in your src statement.
> 
> Here's a short (hopefully helpful) link to a video for syslog-ng configuration:
> http://www.logzilla.info/SearchResults.asp?Cat=49
> 
> Full disclosure, LogZilla is my log analysis software, but hopefully the video helps.
> 
> 
> ______________________________________________________________ 
> 
> Clayton Dukes
> ______________________________________________________________
> 
> 
> On Tue, Dec 21, 2010 at 4:43 PM, Jarrett Lee <jarrett.lee at oversightsystems.com> wrote:
> I have syslog-ng 3.0.9 (also tried 3.0.8) on a CentOS 5.5 system, firewall (iptables) turned off, and SELinux disabled. For some reason it refuses to send logs to my log host, though it will put them in my messages file. I've even broken out tcpdump to monitor the port while generating logs to see if I can see any network traffic generated, but it's crickets on the wire.
> 
> Anybody have this problem? Is there something I'm missing, perhaps I've been looking at it for too long and need fresh eyes? I've had this working before on other platforms, Solaris and other distros of Linux, but this time it's kicking my butt...
> 
> Here's my syslog-ng.conf (with IP and port redacted):
> #### BEGIN syslog-ng.conf ####
> @version: 3.0
> 
> options {
> };
> 
> source src {
> internal();
> unix-stream("/dev/log");
> file("/proc/kmsg" program_override("kernel: "));
> };
> 
> destination local {
> file("/var/log/messages");
> };
> destination loghost {
> tcp("IPADDR" port(PORT));
> };
> 
> log {
> source(src);
> destination(local);
> };
> log {
> source(src);
> destination(loghost);
> };
> #### END syslog-ng.conf ####
> 
> 
> Thanks,
> Jarrett
> 
> Jarrett Lee, UNIX Administrator
> OVERSIGHT SYSTEMS | www.oversightsystems.com
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.campin.net/syslog-ng/faq.html
> 
> 
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.campin.net/syslog-ng/faq.html
> 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20101221/655e91cb/attachment.htm

More information about the syslog-ng mailing list