[syslog-ng] Server conf for syslog-ng.conf

[Lozada, Agustin T]

I got that part fixed thanks Zoltan. My next question is I set up this box (AIX 5.3) to be the central server and configure a client to forward syslog and it looks like the client is doing it:

# /usr/sbin/syslogd -d
0821-600 /usr/sbin/syslogd: continuing without SRC support
syslogd: bind: errno = 67
logmsg: pri 53, flags 8, from t01labax08, msg syslogd: bind: errno = 67
off & running....
init
cfline(*.debug  @10.13.6.83)
cfline(*.debug;mail.none        @10.13.6.83)
cfline(*.crit   @10.13.6.83)
cfline(mail.debug       @10.13.6.83     )
7 7 7 7 7 7 7 7 7 7 7 7 7 7 7 7 7 7 7 7 7 7 7 7 X FORW: 10.13.6.83
7 7 X 7 7 7 7 7 7 7 7 7 7 7 7 7 7 7 7 7 7 7 7 7 X FORW: 10.13.6.83
2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 X FORW: 10.13.6.83
X X 7 X X X X X X X X X X X X X X X X X X X X X X FORW: 10.13.6.83
logmsg: pri 56, flags 8, from t01labax08, msg syslogd: restart
Logging to FORW 10.13.6.83
Logging to FORW 10.13.6.83
syslogd: restarted
readfds = 0x10
got a message (-1, 0x10)
readfds = 0x10
got a message (-1, 0x10)

10.13.6.83 is my designated server and its seems it is not getting the forwarded log messages, here is how my syslog.conf for remote logging:

source s_tcp {
#       syslog(transport(tcp));
        udp(ip(10.13.6.83) port(514));
        tcp(ip(10.13.6.83) port(5149) max-connections(333));
};

destination d_tcp {
        file("/var/log/messages_tcp" owner("root") group("adm") perm(0640));
};

I do not see any traffic coming to my client t01labax08 going to my syslog server and /var/log/messages_tcp not even been created. Again what am I missing here? Sorry I'm syslog-ng newbie here....


Thanks and regards,

Agustin Lozada
UNIX System Admin
713-207-2474

From: Zoltán Pallagi [mailto:pzolee at balabit.hu]
Sent: Thursday, March 18, 2010 1:42 PM
To: Syslog-ng users' and developers' mailing list; Lozada, Agustin T
Subject: Re: [syslog-ng] Server conf for syslog-ng.conf

Hi,
replace this line:
source s_network { syslog(transport(tcp))};
with this one(missing semicolon at the end of last bracket):
source s_network { syslog(transport(tcp));};
2010.03.18. 19:29 keltezéssel, Lozada, Agustin T írta:
@version:3.0
options {
time_reap(30);
mark_freq(10);
keep_hostname(yes);
};
source s_local { unix-stream("/dev/log"); internal();};
source s_network { syslog(transport(tcp))};
destination d_logs {
file(
"/var/log/syslog-ng/logs.txt"
owner("root")
group("root")
perm(0777)
); };
log { source(s_local); source(s_network); destination(d_logs); };


--
pzolee
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20100318/336f92d8/attachment-0001.htm