[syslog-ng] Messages Not Getting Logged
Patrick H.
syslogng at feystorm.net
Wed Jul 21 19:42:06 CEST 2010
Are you sure there's not something else going on? Try removing the
filter just to test and make sure its getting anything
processed='source(s_streams)=*26*'
Sent: Wednesday, July 21, 2010 11:35:13 AM
From: Me <infosec at gmail.com>
To: chuck.carson at gmail.com, Syslog-ng users' and developers' mailing
list <syslog-ng at lists.balabit.hu>
Subject: Re: [syslog-ng] Messages Not Getting Logged
> I use a local source like this:
>
> source local {
> sun-streams("/dev/log");
> udp(ip(0.0.0.0) port(514));
> internal();
> };
>
> Seems that at some point I started leaving off the "door" part. My
> version control logs don't specify why, bummer. Give it a shot like
> that.
>
> I don't know if I ever got my solaris boxes onto syslog-ng version 3.x
> though. Give this a quick shot and see if it makes things any better
> with your version.
>
>
> On Wed, Jul 21, 2010 at 10:28 AM, Chuck <chuck.carson at gmail.com> wrote:
>
>> Thanks for pointing that out.. I did find the correct door file:
>> Drw-r--r-- 1 root root 0 Jul 21 09:36 /var/run/syslog_door
>>
>> I fixed the config and bounced syslog-ng but still not getting any log
>> messages.. Looking at the stats I do see where there are logs coming from
>> the internal() source:
>> 'source(s_internal)=6', processed='center(queued)=0',
>> processed='destination(l_internal)=6'
>> Jul 21 09:34:56 asglogpup01 syslog-ng[8865]: Log statistics;
>> processed='center(received)=0', processed='destination(l_messages)=0',
>> processed='source(s_streams)=26', processed='src.internal(s_internal#0)=8',
>> stamp='src.internal(s_internal#0)=1279729796',
>> processed='source(s_internal)=8', processed='center(queued)=0',
>> processed='destination(l_internal)=8'
>>
>> Anyone have any ideas?
>>
>> Thx,
>> CC
>>
>> On Wed, Jul 21, 2010 at 9:29 AM, Patrick H. <syslogng at feystorm.net> wrote:
>>
>>> I had to set up some solaris boxes several months ago with syslog and had
>>> trouble getting the exact config as well. Unfortunately those boxes are now
>>> gone so I cant pull the configuration off them, but I do know that
>>> /etc/.syslog_door was not the door file. I believe it was
>>> /var/run/syslog_door
>>>
>>> Sent: Wednesday, July 21, 2010 10:11:41 AM
>>> From: Chuck <chuck.carson at gmail.com>
>>> To: Syslog-ng users' and developers' mailing list
>>> <syslog-ng at lists.balabit.hu>
>>> Subject: [syslog-ng] Messages Not Getting Logged
>>>
>>> Hello,
>>>
>>> I am using the sunfreeware build of syslog-ng 3.04 on a Solaris 10 Update
>>> 8 system:
>>> syslog-ng 3.0.4
>>> Revision:
>>> ssh+git://bazsi@git.balabit//var/scm/git/syslog-ng/syslog-ng-ose--mainline--3.0#master#1b5d618e301ad94aa20e692ffba16469dece8d10
>>> Compile-Date: Sep 2 2009 05:14:23
>>> Enable-Threads: off
>>> Enable-Debug: off
>>> Enable-GProf: off
>>> Enable-Memtrace: off
>>> Enable-Sun-STREAMS: on
>>> Enable-Sun-Door: on
>>> Enable-IPv6: on
>>> Enable-Spoof-Source: on
>>> Enable-TCP-Wrapper: off
>>> Enable-SSL: on
>>> Enable-SQL: off
>>> Enable-Linux-Caps: off
>>> Enable-Pcre: on
>>>
>>> My internal() source is working but the sun-streams source is not.
>>>
>>>
>>> Here are my options:
>>> options {
>>> use_fqdn(no);
>>> flush_lines(0);
>>> dir_perm(0755);
>>> dir_group(sysadmin);
>>> dir_owner(root);
>>> perm(0644);
>>> stats_freq(300);
>>> use_dns(no);
>>> create_dirs(yes);
>>> time_reopen(10);
>>> };
>>>
>>> Here are my sources:
>>>
>>> source s_internal { internal(); };
>>> source s_udp { udp(); };
>>> source s_tcp { tcp(); };
>>> source s_streams { sun-streams ("/dev/log"
>>> door("/etc/.syslog_door")); };
>>>
>>> Here are my filters so far:
>>> # Level Filters
>>> filter f_emerg { level (emerg); };
>>> filter f_alert { level (alert .. emerg); };
>>> filter f_crit { level (crit .. emerg); };
>>> filter f_err { level (err .. emerg); };
>>> filter f_warning { level (warning .. emerg); };
>>> filter f_notice { level (notice .. emerg); };
>>> filter f_info { level (info .. emerg); };
>>> filter f_debug { level (debug .. emerg); };
>>>
>>> # Facility Filters
>>> filter f_kern { facility (kern); };
>>> filter f_user { facility (user); };
>>> filter f_mail { facility (mail); };
>>> filter f_daemon { facility (daemon); };
>>> filter f_auth { facility (auth); };
>>> filter f_syslog { facility (syslog); };
>>> filter f_lpr { facility (lpr); };
>>> filter f_news { facility (news); };
>>> filter f_uucp { facility (uucp); };
>>> filter f_cron { facility (cron); };
>>> filter f_local0 { facility (local0); };
>>> filter f_local1 { facility (local1); };
>>> filter f_local2 { facility (local2); };
>>> filter f_local3 { facility (local3); };
>>> filter f_local4 { facility (local4); };
>>> filter f_local5 { facility (local5); };
>>> filter f_local6 { facility (local6); };
>>> filter f_local7 { facility (local7); };
>>>
>>> Here are my destinations so far:
>>> # Destinations: local files, the console, and the client files
>>> destination l_internal { file ("/var/adm/syslog-ng"); };
>>> destination l_authlog { file ("/var/log/authlog"); };
>>> destination l_messages { file ("/var/log/messages"); };
>>> destination l_maillog { file ("/var/log/maillog"); };
>>> destination l_ipflog { file ("/var/log/ipflog"); };
>>> destination l_imaplog { file ("/var/log/imaplog"); };
>>> destination l_syslog { file ("/var/log/syslog"); };
>>>
>>> destination l_console { file ("/dev/console"); };
>>>
>>> Here are my log statements:
>>>
>>> log { source (s_internal); destination (l_internal); }; # <==== this
>>> one is working
>>> log { source (s_streams); filter (f_kern); filter (f_debug);
>>> destination (l_messages); }; #<====== this on is not working
>>>
>>> I have tried the following logger tests and am not getting anything
>>> logged:
>>> logger -p kern.debug "some message"
>>> logger -p kern.crit "some message"
>>> logger -p kern.info "some message"
>>>
>>> I have restarted syslog-ng and ensured that it is using my most recent
>>> syslog-ng.conf file.
>>>
>>>
>>> Thanks for any help,
>>> CC
>>>
>>> ________________________________
>>>
>>> ______________________________________________________________________________
>>> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>>> Documentation:
>>> http://www.balabit.com/support/documentation/?product=syslog-ng
>>> FAQ: http://www.campin.net/syslog-ng/faq.html
>>>
>>>
>>>
>>>
>>> ______________________________________________________________________________
>>> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>>> Documentation:
>>> http://www.balabit.com/support/documentation/?product=syslog-ng
>>> FAQ: http://www.campin.net/syslog-ng/faq.html
>>>
>>>
>>>
>> ______________________________________________________________________________
>> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>> Documentation:
>> http://www.balabit.com/support/documentation/?product=syslog-ng
>> FAQ: http://www.campin.net/syslog-ng/faq.html
>>
>>
>>
>>
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.campin.net/syslog-ng/faq.html
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20100721/f2dec53b/attachment.htm
More information about the syslog-ng
mailing list