[syslog-ng] configuring different sources on the syslog-ng server

Mon Jul 19 08:14:56 CEST 2010

Still if I wanted to configure a different source on the syslog-server as
below    (I will eventually use filtering if I do not succeed in creating
another source)

source apache_access{tcp(ip("192.168.180.179") flags(no-parse));

};

destination d_apachemssql {

pipe("/tmp/apachepipe.pipe"

template("INSERT INTO
logapache(datetime,host,program,pid,message)VALUES('$R_DATE','$HOST','$PROGR
AM','$PID','$MSGONLY');\n")template-escape(yes) flags(no-multi-line));

};

log {

     source(apache_access);

     destination(d_apachemssql);

};

I get the following error when trying to start syslog-ng

Error binding socket; addr='AF_INET(192.168.180.179:3331)', error='Cannot
assign requested address (99)'

Error initializing source driver; source='apache_access',
id='apache_access#0'

Error initializing message pipeline;

From: syslog-ng-bounces at lists.balabit.hu
[mailto:syslog-ng-bounces at lists.balabit.hu] On Behalf Of Patrick H.
Sent: Monday, July 19, 2010 9:48 AM
To: Syslog-ng users' and develops' mailing list
Subject: Re: [syslog-ng] configuring different sources on the syslog-ng
server

Firstly the "ip()" option of "tcp()" in a "source()" is not required, it is
optional. It specifies the IP address which syslog-ng will listen on. If not
provided, syslog-ng will listen on all interfaces.
Seconly, you do not need a separate source for every client. You can use
filter rules to match on the client's hostname if you need to.

You might want to go through the administrator's guide, it is an extremely
good documentation source with lots of examples.
http://www.balabit.com/dl/guides/syslog-ng-ose-v3.1-guide-admin-en.pdf

Sent: Sunday, July 18, 2010 11:28:25 PM
From: Khaleelah Peerbocus  <mailto:systems2 at maccs.mu> <systems2 at maccs.mu>
To: 'Syslog-ng users' and developers' mailing list'
<mailto:syslog-ng at lists.balabit.hu> <syslog-ng at lists.balabit.hu> 
Subject: [syslog-ng] configuring different sources on the syslog-ng server 

Hello

I would like to get some clarification on the source tag in both syslog
client and server.

I have different clients hosting apache / weblogic

My Syslog-ng Server has ip 192.x.x.x

Apache (client) has ip 192.x.x.1

Weblogic (client) has ip 192.x.x.2

In all the clients syslog configuration files, i have added 

destination apacheaccesslog {

tcp("192.x.x.x " port(3331));

};

destination weblogiclog {

tcp("192.x.x.x " port(3332));

};

My issue is in the syslog-ng server configuration file, if i add 

source apache_access {tcp(ip(192.x.x.x) port(3331));

};

Should the ip be the server ip or the client ip (in this example, i have put
the syslog-ng server ip). Does the port number differentiate the different
sources we are receiving the log files ???

logo-emailsignature.jpgKhaleelah Peerbocus - Systems Analyst

Mauritius Cargo Community Services

Business Registration No.: C08077158

VAT Registration No.: VAT20427044

1st Floor, Trade and Marketing Centre, Mer Rouge

Port-Louis, Mauritius

Tel: +230 206 2970 - Cell: +230 498 7897 Fax: +230 216 8858

Email:  <mailto:HDagent6 at maccs.mu> systems2 at maccs.mu - Website:
<http://www.maccs.mu/> http://www.maccs.mu

  _____  

____________________________________________________________________________
__
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
Documentation:
http://www.balabit.com/support/documentation/?product=syslog-ng
FAQ: http://www.campin.net/syslog-ng/faq.html

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20100719/bc7ea906/attachment-0001.htm 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/jpeg
Size: 2176 bytes
Desc: not available
Url : http://lists.balabit.hu/pipermail/syslog-ng/attachments/20100719/bc7ea906/attachment-0001.jpeg 