[syslog-ng] Not able to recive all syslog messages

add gy addyg420 at yahoo.com
Thu Nov 11 11:09:25 CET 2010


HI,
 
Thanks for replay Fekete,
 
I tryied it but no use i still only recive INFO and WARNING messages not able to recive debug and others.
 
Regards,
Add

--- On Thu, 11/11/10, Fekete Robert <frobert at balabit.hu> wrote:


From: Fekete Robert <frobert at balabit.hu>
Subject: Re: [syslog-ng] Not able to recive all syslog messages
To: "Syslog-ng users' and developers' mailing list" <syslog-ng at lists.balabit.hu>
Date: Thursday, 11 November, 2010, 2:30 PM


Hi,
Try:
source s_remote {
              tcp(ip(0.0.0.0) port(514));
              udp(ip(0.0.0.0) port(514));
         so_recvbuf(2097152);
      };
and see if it improves your situation.

But you should also:
- use tcpdump to verify that the messages actually arrive to your logserver
- probably increase the net.core.rmem_max parameter of your logserver (for 
example, to 1024000). See the redhat manuals for details on how to do this on 
your platform.

Robert


add gy wrote:

> Hi,
>  
> I have also noted that i am only able to recive Info and warnning 
> message i want to recive all messages from devices.
>  
> Please can any one help , review syslog config file.
>  
> Regards,
> Add
> 
> --- On *Wed, 10/11/10, add gy /<addyg420 at yahoo.com>/* wrote:
> 
> 
>     From: add gy <addyg420 at yahoo.com>
>     Subject: [syslog-ng] Not able to recive all syslog messages
>     To: syslog-ng at lists.balabit.hu
>     Date: Wednesday, 10 November, 2010, 1:34 PM
> 
>     Hi,
>      
>     I have installed syslog-ng on RHEL server as log host server for 250
>     router , switches but some time i recive messages some times i dont
>     , when i check it on other syslog server on windows i revice syslog
>     messages with any problem.
>      
>     Request to please review syslog-ng config file and give some suggetion.
>      
>     config file
>     -------------------------------------------------------------------------------------------------------------------------
>      
>     # configuration file for syslog-ng, customized for remote logging
>     #
>     source s_internal { internal(); };
>     destination d_syslognglog { file("/var/log/syslog-ng.log"); };
>     log { source(s_internal); destination(d_syslognglog); };
>     # Local sources, filters and destinations are commented out
>     # If you want to replace sysklogd simply uncomment the following
>     # parts and disable sysklogd
>     #
>     # Local sources
>     #
>     #source s_local {
>     #       unix-dgram("/dev/log");
>     #       file("/proc/kmsg" log_prefix("kernel:"));
>     #};
>     #
>     # Local filters
>     #
>     #filter f_messages { level(info..emerg); };
>     #filter f_secure { facility(authpriv); };
>     #filter f_mail { facility(mail); };
>     #filter f_cron { facility(cron); };
>     #filter f_emerg { level(emerg); };
>     #filter f_spooler { level(crit..emerg) and facility(uucp, news); };
>     #filter f_local7 { facility(local7); };
>     #
>     # Local destinations
>     #
>     #destination d_messages { file("/var/log/messages"); };
>     #destination d_secure { file("/var/log/secure"); };
>     #destination d_maillog { file("/var/log/maillog"); };
>     #destination d_cron { file("/var/log/cron"); };
>     #destination d_console { usertty("root"); };
>     #destination d_spooler { file("/var/log/spooler"); };
>     #destination d_bootlog { file("/var/log/boot.log"); };
>     #
>     # Local logs - order DOES matter !
>     #
>     #log { source(s_local); filter(f_emerg); destination(d_console); };
>     #log { source(s_local); filter(f_secure); destination(d_secure);
>     flags(final); };
>     #log { source(s_local); filter(f_mail); destination(d_maillog);
>     flags(final); };
>     #log { source(s_local); filter(f_cron); destination(d_cron);
>     flags(final); };
>     #log { source(s_local); filter(f_spooler); destination(d_spooler); };
>     #log { source(s_local); filter(f_local7); destination(d_bootlog); };
>     #log { source(s_local); filter(f_messages); destination(d_messages); };
> 
>     # Remote logging
>     source s_remote {
>             tcp(ip(0.0.0.0) port(514));
>             udp(ip(0.0.0.0) port(514));
>     };
>     destination d_separatedbyhosts {
>             file("/var/log/syslog-ng/$HOST/messages" owner("root")
>     group("root") perm(0655) dir_perm(0744) create_dirs(yes));
>     };
>     log { source(s_remote); destination(d_separatedbyhosts); };
>     ------------------------------------------------------------------------------------------------------------------------
>      
>     Regards,
>     Add
> 
> 
> 
>     -----Inline Attachment Follows-----
> 
>     ______________________________________________________________________________
>     Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>     Documentation:
>     http://www.balabit.com/support/documentation/?product=syslog-ng
>     FAQ: http://www.campin.net/syslog-ng/faq.html
> 
> 
> 
> ------------------------------------------------------------------------
> 
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.campin.net/syslog-ng/faq.html
> 

______________________________________________________________________________
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
FAQ: http://www.campin.net/syslog-ng/faq.html



-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20101111/660470af/attachment.htm 


More information about the syslog-ng mailing list