[syslog-ng] Two instances of syslog-ng on the same host?
Patrick H.
syslogng at feystorm.net
Sun Jun 27 03:33:10 CEST 2010
Yes, that should work just fine. I run a box with 4 syslog instances and
they all place nice together. My setup isnt exactly the same, but I have
no problems which you are experiencing. My setup: I have a master
syslog-ng process that does nothing but accept connections from remote
hosts and from the local system. That process then relays the messages
to other local syslog-ng processes which do the actual work (lots and
lots of parsing).
I only included the options and source sections as theyre the only ones
that matter.
Master syslog-ng process that accepts from local & remote & forwards to
other local processes
@version: 3.0
# syslog-ng configuration file.
#
# This should behave pretty much like the original syslog on RedHat. But
# it could be configured a lot smarter.
#
# See syslog-ng(8) and syslog-ng.conf(5) for more information.
#
options {
time_reopen(1);
use_dns(no);
use_fqdn(yes);
keep_hostname(yes);
create_dirs(yes);
perm(0644);
dir_perm(0755);
log_iw_size(50000);
log_fifo_size(100000);
#time_sleep(1);
};
source s_sys {
file("/proc/kmsg" program-override("kernel"));
unix-stream ("/dev/log");
internal();
};
source s_net {
tcp(ip(0.0.0.0) port(514) max-connections(1000));
udp(ip(0.0.0.0) port(514));
};
syslog-ng that accepts the forwarded messages
@version: 3.0
# syslog-ng configuration file.
#
# This should behave pretty much like the original syslog on RedHat. But
# it could be configured a lot smarter.
#
# See syslog-ng(8) and syslog-ng.conf(5) for more information.
#
options {
time_reopen(1);
long_hostnames(off);
use_dns(no);
use_fqdn(no);
keep_hostname(yes);
create_dirs(yes);
perm(0644);
dir_perm(0755);
#log_fetch_limit(100000);
#log_iw_size(200000);
#log_fifo_size(400000);
flush_lines(50);
flush_timeout(5000);
#stats_freq(10);
#stats_level(2);
#time_sleep(1);
};
source s_master {
#syslog(ip(127.0.0.1) port(515) transport('tcp') so_keepalive(yes)
log_iw_size(1000));
tcp(ip(127.0.0.1) port(515) flags('syslog-protocol'));
};
source s_syslog {
internal();
};
Sent: Saturday, June 26, 2010 6:08:42 PM
From: John R. Dunning <jrd at jrd.org>
To: syslog-ng at lists.balabit.hu
Subject: [syslog-ng] Two instances of syslog-ng on the same host?
> Hi wizards. Apologies if this is an FAQ or something, but I've dug
> all around and failed to find the answer.
>
> I have a system on which, for reasons I'd rather not go into here, it
> makes sense to run two instances of syslog-ng, one for standard
> logging of local events, the other acting as a proxy for a flock of
> other systems.
>
> The proxy starts first, very early in the init sequence, the regular
> one starts later.
>
> This all worked great with syslog-ng 2, but I recently upgraded to
> version 3.1.1 and I can't get it to work correctly. The proxy
> instance is supposed to only be listening on a tcp socket, but it
> seems to also be opening the AF_UNIX socket to /dev/log. This causes
> the launch of the main instance to fail.
>
> I've been through the docs, but it's not obvious to me how to get
> syslog-ng to start without opening the socket to /dev/log. Hints?
> Thanks in advance...
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.campin.net/syslog-ng/faq.html
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20100626/7f23e72d/attachment.htm
More information about the syslog-ng
mailing list