[syslog-ng] Not able to recive all syslog messages

add gy addyg420 at yahoo.com
Thu Nov 11 07:00:40 CET 2010


Dear All,
 
i am still suffring form the issue in syslog-ng can anyone please review my config file.
 
And tell me where excatly i need to make changes.
 
Regards,
Add 

--- On Wed, 10/11/10, Fekete Robert <frobert at balabit.hu> wrote:


From: Fekete Robert <frobert at balabit.hu>
Subject: Re: [syslog-ng] Not able to recive all syslog messages
To: "Syslog-ng users' and developers' mailing list" <syslog-ng at lists.balabit.hu>
Date: Wednesday, 10 November, 2010, 2:52 PM


Hi, you might have to increase your UDP receive buffer (so_recvbuf() option in 
syslog-ng) and the net.core.rmem_max option on your host, see

http://www.balabit.com/sites/default/files/documents/syslog-ng-ose-v3.2-guide-admin-en.html/reference_source_tcpudp.html

Others have reported similar problems recently with the default UDP settings of 
RHEL, you might have run into the same issue.

Regards,
Robert



add gy wrote:

> Hi,
>  
> I have installed syslog-ng on RHEL server as log host server for 250 
> router , switches but some time i recive messages some times i dont , 
> when i check it on other syslog server on windows i revice syslog 
> messages with any problem.
>  
> Request to please review syslog-ng config file and give some suggetion.
>  
> config file
> -------------------------------------------------------------------------------------------------------------------------
>  
> # configuration file for syslog-ng, customized for remote logging
> #
> source s_internal { internal(); };
> destination d_syslognglog { file("/var/log/syslog-ng.log"); };
> log { source(s_internal); destination(d_syslognglog); };
> # Local sources, filters and destinations are commented out
> # If you want to replace sysklogd simply uncomment the following
> # parts and disable sysklogd
> #
> # Local sources
> #
> #source s_local {
> #       unix-dgram("/dev/log");
> #       file("/proc/kmsg" log_prefix("kernel:"));
> #};
> #
> # Local filters
> #
> #filter f_messages { level(info..emerg); };
> #filter f_secure { facility(authpriv); };
> #filter f_mail { facility(mail); };
> #filter f_cron { facility(cron); };
> #filter f_emerg { level(emerg); };
> #filter f_spooler { level(crit..emerg) and facility(uucp, news); };
> #filter f_local7 { facility(local7); };
> #
> # Local destinations
> #
> #destination d_messages { file("/var/log/messages"); };
> #destination d_secure { file("/var/log/secure"); };
> #destination d_maillog { file("/var/log/maillog"); };
> #destination d_cron { file("/var/log/cron"); };
> #destination d_console { usertty("root"); };
> #destination d_spooler { file("/var/log/spooler"); };
> #destination d_bootlog { file("/var/log/boot.log"); };
> #
> # Local logs - order DOES matter !
> #
> #log { source(s_local); filter(f_emerg); destination(d_console); };
> #log { source(s_local); filter(f_secure); destination(d_secure); 
> flags(final); };
> #log { source(s_local); filter(f_mail); destination(d_maillog); 
> flags(final); };
> #log { source(s_local); filter(f_cron); destination(d_cron); 
> flags(final); };
> #log { source(s_local); filter(f_spooler); destination(d_spooler); };
> #log { source(s_local); filter(f_local7); destination(d_bootlog); };
> #log { source(s_local); filter(f_messages); destination(d_messages); };
> 
> # Remote logging
> source s_remote {
>         tcp(ip(0.0.0.0) port(514));
>         udp(ip(0.0.0.0) port(514));
> };
> destination d_separatedbyhosts {
>         file("/var/log/syslog-ng/$HOST/messages" owner("root") 
> group("root") perm(0655) dir_perm(0744) create_dirs(yes));
> };
> log { source(s_remote); destination(d_separatedbyhosts); };
> ------------------------------------------------------------------------------------------------------------------------
>  
> Regards,
> Add
> 
> 
> 
> ------------------------------------------------------------------------
> 
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.campin.net/syslog-ng/faq.html
> 

______________________________________________________________________________
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
FAQ: http://www.campin.net/syslog-ng/faq.html



-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20101110/3a464955/attachment.htm 


More information about the syslog-ng mailing list