[syslog-ng] Messages Not Getting Logged
Chuck
chuck.carson at gmail.com
Wed Jul 21 19:44:07 CEST 2010
Yea I created a catch all log statement and it turns out even though Im
specifying kern.crit to logger is coming accross as user.crit.. Looking into
this now.
Thx,
CC
On Wed, Jul 21, 2010 at 10:42 AM, Patrick H. <syslogng at feystorm.net> wrote:
> Are you sure there's not something else going on? Try removing the filter
> just to test and make sure its getting anything
> processed='source(s_streams)=*26*'
>
> Sent: Wednesday, July 21, 2010 11:35:13 AM
> From: Me <infosec at gmail.com> <infosec at gmail.com>
> To: chuck.carson at gmail.com, Syslog-ng users' and developers' mailing list
> <syslog-ng at lists.balabit.hu> <syslog-ng at lists.balabit.hu>
> Subject: Re: [syslog-ng] Messages Not Getting Logged
>
> I use a local source like this:
>
> source local {
> sun-streams("/dev/log");
> udp(ip(0.0.0.0) port(514));
> internal();
> };
>
> Seems that at some point I started leaving off the "door" part. My
> version control logs don't specify why, bummer. Give it a shot like
> that.
>
> I don't know if I ever got my solaris boxes onto syslog-ng version 3.x
> though. Give this a quick shot and see if it makes things any better
> with your version.
>
>
> On Wed, Jul 21, 2010 at 10:28 AM, Chuck <chuck.carson at gmail.com> <chuck.carson at gmail.com> wrote:
>
>
> Thanks for pointing that out.. I did find the correct door file:
> Drw-r--r-- 1 root root 0 Jul 21 09:36 /var/run/syslog_door
>
> I fixed the config and bounced syslog-ng but still not getting any log
> messages.. Looking at the stats I do see where there are logs coming from
> the internal() source:
> 'source(s_internal)=6', processed='center(queued)=0',
> processed='destination(l_internal)=6'
> Jul 21 09:34:56 asglogpup01 syslog-ng[8865]: Log statistics;
> processed='center(received)=0', processed='destination(l_messages)=0',
> processed='source(s_streams)=26', processed='src.internal(s_internal#0)=8',
> stamp='src.internal(s_internal#0)=1279729796',
> processed='source(s_internal)=8', processed='center(queued)=0',
> processed='destination(l_internal)=8'
>
> Anyone have any ideas?
>
> Thx,
> CC
>
> On Wed, Jul 21, 2010 at 9:29 AM, Patrick H. <syslogng at feystorm.net> <syslogng at feystorm.net> wrote:
>
>
> I had to set up some solaris boxes several months ago with syslog and had
> trouble getting the exact config as well. Unfortunately those boxes are now
> gone so I cant pull the configuration off them, but I do know that
> /etc/.syslog_door was not the door file. I believe it was
> /var/run/syslog_door
>
> Sent: Wednesday, July 21, 2010 10:11:41 AM
> From: Chuck <chuck.carson at gmail.com> <chuck.carson at gmail.com>
> To: Syslog-ng users' and developers' mailing list<syslog-ng at lists.balabit.hu> <syslog-ng at lists.balabit.hu>
> Subject: [syslog-ng] Messages Not Getting Logged
>
> Hello,
>
> I am using the sunfreeware build of syslog-ng 3.04 on a Solaris 10 Update
> 8 system:
> syslog-ng 3.0.4
> Revision:ssh+git://bazsi@git.balabit//var/scm/git/syslog-ng/syslog-ng-ose--mainline--3.0#master#1b5d618e301ad94aa20e692ffba16469dece8d10 <ssh+git://bazsi@git.balabit//var/scm/git/syslog-ng/syslog-ng-ose--mainline--3.0#master%231b5d618e301ad94aa20e692ffba16469dece8d10>
> Compile-Date: Sep 2 2009 05:14:23
> Enable-Threads: off
> Enable-Debug: off
> Enable-GProf: off
> Enable-Memtrace: off
> Enable-Sun-STREAMS: on
> Enable-Sun-Door: on
> Enable-IPv6: on
> Enable-Spoof-Source: on
> Enable-TCP-Wrapper: off
> Enable-SSL: on
> Enable-SQL: off
> Enable-Linux-Caps: off
> Enable-Pcre: on
>
> My internal() source is working but the sun-streams source is not.
>
>
> Here are my options:
> options {
> use_fqdn(no);
> flush_lines(0);
> dir_perm(0755);
> dir_group(sysadmin);
> dir_owner(root);
> perm(0644);
> stats_freq(300);
> use_dns(no);
> create_dirs(yes);
> time_reopen(10);
> };
>
> Here are my sources:
>
> source s_internal { internal(); };
> source s_udp { udp(); };
> source s_tcp { tcp(); };
> source s_streams { sun-streams ("/dev/log"
> door("/etc/.syslog_door")); };
>
> Here are my filters so far:
> # Level Filters
> filter f_emerg { level (emerg); };
> filter f_alert { level (alert .. emerg); };
> filter f_crit { level (crit .. emerg); };
> filter f_err { level (err .. emerg); };
> filter f_warning { level (warning .. emerg); };
> filter f_notice { level (notice .. emerg); };
> filter f_info { level (info .. emerg); };
> filter f_debug { level (debug .. emerg); };
>
> # Facility Filters
> filter f_kern { facility (kern); };
> filter f_user { facility (user); };
> filter f_mail { facility (mail); };
> filter f_daemon { facility (daemon); };
> filter f_auth { facility (auth); };
> filter f_syslog { facility (syslog); };
> filter f_lpr { facility (lpr); };
> filter f_news { facility (news); };
> filter f_uucp { facility (uucp); };
> filter f_cron { facility (cron); };
> filter f_local0 { facility (local0); };
> filter f_local1 { facility (local1); };
> filter f_local2 { facility (local2); };
> filter f_local3 { facility (local3); };
> filter f_local4 { facility (local4); };
> filter f_local5 { facility (local5); };
> filter f_local6 { facility (local6); };
> filter f_local7 { facility (local7); };
>
> Here are my destinations so far:
> # Destinations: local files, the console, and the client files
> destination l_internal { file ("/var/adm/syslog-ng"); };
> destination l_authlog { file ("/var/log/authlog"); };
> destination l_messages { file ("/var/log/messages"); };
> destination l_maillog { file ("/var/log/maillog"); };
> destination l_ipflog { file ("/var/log/ipflog"); };
> destination l_imaplog { file ("/var/log/imaplog"); };
> destination l_syslog { file ("/var/log/syslog"); };
>
> destination l_console { file ("/dev/console"); };
>
> Here are my log statements:
>
> log { source (s_internal); destination (l_internal); }; # <==== this
> one is working
> log { source (s_streams); filter (f_kern); filter (f_debug);
> destination (l_messages); }; #<====== this on is not working
>
> I have tried the following logger tests and am not getting anything
> logged:
> logger -p kern.debug "some message"
> logger -p kern.crit "some message"
> logger -p kern.info "some message"
>
> I have restarted syslog-ng and ensured that it is using my most recent
> syslog-ng.conf file.
>
>
> Thanks for any help,
> CC
>
> ________________________________
>
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation:http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.campin.net/syslog-ng/faq.html
>
>
>
>
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation:http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.campin.net/syslog-ng/faq.html
>
>
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation:http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.campin.net/syslog-ng/faq.html
>
>
>
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.campin.net/syslog-ng/faq.html
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20100721/ebaea57b/attachment-0001.htm
More information about the syslog-ng
mailing list