[syslog-ng] Not able to recive all syslog messages
Sandor Geller
Sandor.Geller at morganstanley.com
Thu Nov 11 11:22:15 CET 2010
You should really provide proof that the messages actually reach your server.
1. run tcpdump/wireshark/snoop/whatever_else_you_prefer and show a few
packets in decoded form
2. show the output of 'lsof -n -P -p <syslogngpid>' or 'netstat -l -n
-p' so we could see that syslog-ng is listening on the right ports
3. run strace / truss syslog-ng to see what logs are arriving
Without these information nobody can help you.
On Thu, Nov 11, 2010 at 11:09 AM, add gy <addyg420 at yahoo.com> wrote:
>
> HI,
>
> Thanks for replay Fekete,
>
> I tryied it but no use i still only recive INFO and WARNING messages not able to recive debug and others.
>
> Regards,
> Add
>
> --- On Thu, 11/11/10, Fekete Robert <frobert at balabit.hu> wrote:
>
> From: Fekete Robert <frobert at balabit.hu>
> Subject: Re: [syslog-ng] Not able to recive all syslog messages
> To: "Syslog-ng users' and developers' mailing list" <syslog-ng at lists.balabit.hu>
> Date: Thursday, 11 November, 2010, 2:30 PM
>
> Hi,
> Try:
> source s_remote {
> tcp(ip(0.0.0.0) port(514));
> udp(ip(0.0.0.0) port(514));
> so_recvbuf(2097152);
> };
> and see if it improves your situation.
>
> But you should also:
> - use tcpdump to verify that the messages actually arrive to your logserver
> - probably increase the net.core.rmem_max parameter of your logserver (for
> example, to 1024000). See the redhat manuals for details on how to do this on
> your platform.
>
> Robert
>
>
> add gy wrote:
>
> > Hi,
> >
> > I have also noted that i am only able to recive Info and warnning
> > message i want to recive all messages from devices.
> >
> > Please can any one help , review syslog config file.
> >
> > Regards,
> > Add
> >
> > --- On *Wed, 10/11/10, add gy /<addyg420 at yahoo.com>/* wrote:
> >
> >
> > From: add gy <addyg420 at yahoo.com>
> > Subject: [syslog-ng] Not able to recive all syslog messages
> > To: syslog-ng at lists.balabit.hu
> > Date: Wednesday, 10 November, 2010, 1:34 PM
> >
> > Hi,
> >
> > I have installed syslog-ng on RHEL server as log host server for 250
> > router , switches but some time i recive messages some times i dont
> > , when i check it on other syslog server on windows i revice syslog
> > messages with any problem.
> >
> > Request to please review syslog-ng config file and give some suggetion.
> >
> > config file
> > -------------------------------------------------------------------------------------------------------------------------
> >
> > # configuration file for syslog-ng, customized for remote logging
> > #
> > source s_internal { internal(); };
> > destination d_syslognglog { file("/var/log/syslog-ng.log"); };
> > log { source(s_internal); destination(d_syslognglog); };
> > # Local sources, filters and destinations are commented out
> > # If you want to replace sysklogd simply uncomment the following
> > # parts and disable sysklogd
> > #
> > # Local sources
> > #
> > #source s_local {
> > # unix-dgram("/dev/log");
> > # file("/proc/kmsg" log_prefix("kernel:"));
> > #};
> > #
> > # Local filters
> > #
> > #filter f_messages { level(info..emerg); };
> > #filter f_secure { facility(authpriv); };
> > #filter f_mail { facility(mail); };
> > #filter f_cron { facility(cron); };
> > #filter f_emerg { level(emerg); };
> > #filter f_spooler { level(crit..emerg) and facility(uucp, news); };
> > #filter f_local7 { facility(local7); };
> > #
> > # Local destinations
> > #
> > #destination d_messages { file("/var/log/messages"); };
> > #destination d_secure { file("/var/log/secure"); };
> > #destination d_maillog { file("/var/log/maillog"); };
> > #destination d_cron { file("/var/log/cron"); };
> > #destination d_console { usertty("root"); };
> > #destination d_spooler { file("/var/log/spooler"); };
> > #destination d_bootlog { file("/var/log/boot.log"); };
> > #
> > # Local logs - order DOES matter !
> > #
> > #log { source(s_local); filter(f_emerg); destination(d_console); };
> > #log { source(s_local); filter(f_secure); destination(d_secure);
> > flags(final); };
> > #log { source(s_local); filter(f_mail); destination(d_maillog);
> > flags(final); };
> > #log { source(s_local); filter(f_cron); destination(d_cron);
> > flags(final); };
> > #log { source(s_local); filter(f_spooler); destination(d_spooler); };
> > #log { source(s_local); filter(f_local7); destination(d_bootlog); };
> > #log { source(s_local); filter(f_messages); destination(d_messages); };
> >
> > # Remote logging
> > source s_remote {
> > tcp(ip(0.0.0.0) port(514));
> > udp(ip(0.0.0.0) port(514));
> > };
> > destination d_separatedbyhosts {
> > file("/var/log/syslog-ng/$HOST/messages" owner("root")
> > group("root") perm(0655) dir_perm(0744) create_dirs(yes));
> > };
> > log { source(s_remote); destination(d_separatedbyhosts); };
> > ------------------------------------------------------------------------------------------------------------------------
> >
> > Regards,
> > Add
> >
> >
> >
> > -----Inline Attachment Follows-----
> >
> > ______________________________________________________________________________
> > Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> > Documentation:
> > http://www.balabit.com/support/documentation/?product=syslog-ng
> > FAQ: http://www.campin.net/syslog-ng/faq.html
> >
> >
> >
> > ------------------------------------------------------------------------
> >
> > ______________________________________________________________________________
> > Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> > Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
> > FAQ: http://www.campin.net/syslog-ng/faq.html
> >
>
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.campin.net/syslog-ng/faq.html
>
>
>
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.campin.net/syslog-ng/faq.html
>
>
More information about the syslog-ng
mailing list