[syslog-ng] syslog-ng 3.0.8, 3.0.9 not sending logs to centralized log host
Clayton Dukes
cdukes at gmail.com
Tue Dec 21 23:31:20 CET 2010
That's how I've always done it...give 'er a shot :-)
If not that, also make sure that annoying Apparmor isn't running...
______________________________________________________________
Clayton Dukes
______________________________________________________________
On Tue, Dec 21, 2010 at 5:03 PM, Jarrett Lee <
jarrett.lee at oversightsystems.com> wrote:
> This is the client side that I'm having issues with, not the syslog server,
> or loghost, side. Does it really need network configuration information in
> the source statement? I thought that was on the server side to show it which
> interface/port to listen on for clients.
>
>
> On Dec 21, 2010, at 16:59, Clayton Dukes wrote:
>
> Looks like you need to define UDP or TCP (or both) in your src statement.
>
> Here's a short (hopefully helpful) link to a video for syslog-ng
> configuration:
> http://www.logzilla.info/SearchResults.asp?Cat=49
>
> <http://www.logzilla.info/SearchResults.asp?Cat=49>Full disclosure,
> LogZilla is my log analysis software, but hopefully the video helps.
>
>
> ______________________________________________________________
>
> Clayton Dukes
> ______________________________________________________________
>
>
> On Tue, Dec 21, 2010 at 4:43 PM, Jarrett Lee <
> jarrett.lee at oversightsystems.com> wrote:
>
>> I have syslog-ng 3.0.9 (also tried 3.0.8) on a CentOS 5.5 system, firewall
>> (iptables) turned off, and SELinux disabled. For some reason it refuses to
>> send logs to my log host, though it will put them in my messages file. I've
>> even broken out tcpdump to monitor the port while generating logs to see if
>> I can see any network traffic generated, but it's crickets on the wire.
>>
>> Anybody have this problem? Is there something I'm missing, perhaps I've
>> been looking at it for too long and need fresh eyes? I've had this working
>> before on other platforms, Solaris and other distros of Linux, but this time
>> it's kicking my butt...
>>
>> Here's my syslog-ng.conf (with IP and port redacted):
>> #### BEGIN syslog-ng.conf ####
>> @version: 3.0
>>
>> options {
>> };
>>
>> source src {
>> internal();
>> unix-stream("/dev/log");
>> file("/proc/kmsg" program_override("kernel: "));
>> };
>>
>> destination local {
>> file("/var/log/messages");
>> };
>> destination loghost {
>> tcp("IPADDR" port(PORT));
>> };
>>
>> log {
>> source(src);
>> destination(local);
>> };
>> log {
>> source(src);
>> destination(loghost);
>> };
>> #### END syslog-ng.conf ####
>>
>>
>> Thanks,
>> Jarrett
>>
>> Jarrett Lee, UNIX Administrator
>> OVERSIGHT SYSTEMS | www.oversightsystems.com
>>
>> ______________________________________________________________________________
>> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>> Documentation:
>> http://www.balabit.com/support/documentation/?product=syslog-ng
>> FAQ: http://www.campin.net/syslog-ng/faq.html
>>
>>
>
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation:
> http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.campin.net/syslog-ng/faq.html
>
>
>
>
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation:
> http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.campin.net/syslog-ng/faq.html
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20101221/3c6363f3/attachment-0001.htm
More information about the syslog-ng
mailing list