[syslog-ng] Not able to recive all syslog messages
add gy
addyg420 at yahoo.com
Thu Nov 11 11:09:25 CET 2010
HI,
Thanks for replay Fekete,
I tryied it but no use i still only recive INFO and WARNING messages not able to recive debug and others.
Regards,
Add
--- On Thu, 11/11/10, Fekete Robert <frobert at balabit.hu> wrote:
From: Fekete Robert <frobert at balabit.hu>
Subject: Re: [syslog-ng] Not able to recive all syslog messages
To: "Syslog-ng users' and developers' mailing list" <syslog-ng at lists.balabit.hu>
Date: Thursday, 11 November, 2010, 2:30 PM
Hi,
Try:
source s_remote {
tcp(ip(0.0.0.0) port(514));
udp(ip(0.0.0.0) port(514));
so_recvbuf(2097152);
};
and see if it improves your situation.
But you should also:
- use tcpdump to verify that the messages actually arrive to your logserver
- probably increase the net.core.rmem_max parameter of your logserver (for
example, to 1024000). See the redhat manuals for details on how to do this on
your platform.
Robert
add gy wrote:
> Hi,
>
> I have also noted that i am only able to recive Info and warnning
> message i want to recive all messages from devices.
>
> Please can any one help , review syslog config file.
>
> Regards,
> Add
>
> --- On *Wed, 10/11/10, add gy /<addyg420 at yahoo.com>/* wrote:
>
>
> From: add gy <addyg420 at yahoo.com>
> Subject: [syslog-ng] Not able to recive all syslog messages
> To: syslog-ng at lists.balabit.hu
> Date: Wednesday, 10 November, 2010, 1:34 PM
>
> Hi,
>
> I have installed syslog-ng on RHEL server as log host server for 250
> router , switches but some time i recive messages some times i dont
> , when i check it on other syslog server on windows i revice syslog
> messages with any problem.
>
> Request to please review syslog-ng config file and give some suggetion.
>
> config file
> -------------------------------------------------------------------------------------------------------------------------
>
> # configuration file for syslog-ng, customized for remote logging
> #
> source s_internal { internal(); };
> destination d_syslognglog { file("/var/log/syslog-ng.log"); };
> log { source(s_internal); destination(d_syslognglog); };
> # Local sources, filters and destinations are commented out
> # If you want to replace sysklogd simply uncomment the following
> # parts and disable sysklogd
> #
> # Local sources
> #
> #source s_local {
> # unix-dgram("/dev/log");
> # file("/proc/kmsg" log_prefix("kernel:"));
> #};
> #
> # Local filters
> #
> #filter f_messages { level(info..emerg); };
> #filter f_secure { facility(authpriv); };
> #filter f_mail { facility(mail); };
> #filter f_cron { facility(cron); };
> #filter f_emerg { level(emerg); };
> #filter f_spooler { level(crit..emerg) and facility(uucp, news); };
> #filter f_local7 { facility(local7); };
> #
> # Local destinations
> #
> #destination d_messages { file("/var/log/messages"); };
> #destination d_secure { file("/var/log/secure"); };
> #destination d_maillog { file("/var/log/maillog"); };
> #destination d_cron { file("/var/log/cron"); };
> #destination d_console { usertty("root"); };
> #destination d_spooler { file("/var/log/spooler"); };
> #destination d_bootlog { file("/var/log/boot.log"); };
> #
> # Local logs - order DOES matter !
> #
> #log { source(s_local); filter(f_emerg); destination(d_console); };
> #log { source(s_local); filter(f_secure); destination(d_secure);
> flags(final); };
> #log { source(s_local); filter(f_mail); destination(d_maillog);
> flags(final); };
> #log { source(s_local); filter(f_cron); destination(d_cron);
> flags(final); };
> #log { source(s_local); filter(f_spooler); destination(d_spooler); };
> #log { source(s_local); filter(f_local7); destination(d_bootlog); };
> #log { source(s_local); filter(f_messages); destination(d_messages); };
>
> # Remote logging
> source s_remote {
> tcp(ip(0.0.0.0) port(514));
> udp(ip(0.0.0.0) port(514));
> };
> destination d_separatedbyhosts {
> file("/var/log/syslog-ng/$HOST/messages" owner("root")
> group("root") perm(0655) dir_perm(0744) create_dirs(yes));
> };
> log { source(s_remote); destination(d_separatedbyhosts); };
> ------------------------------------------------------------------------------------------------------------------------
>
> Regards,
> Add
>
>
>
> -----Inline Attachment Follows-----
>
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation:
> http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.campin.net/syslog-ng/faq.html
>
>
>
> ------------------------------------------------------------------------
>
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.campin.net/syslog-ng/faq.html
>
______________________________________________________________________________
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
FAQ: http://www.campin.net/syslog-ng/faq.html
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20101111/660470af/attachment.htm
More information about the syslog-ng
mailing list