[syslog-ng] Not able to recive all syslog messages

add gy addyg420 at yahoo.com
Sat Nov 13 11:47:42 CET 2010


Hi,
 
So what syslog-ng config changes should i make ???
 
Regards,
Add

--- On Wed, 10/11/10, add gy <addyg420 at yahoo.com> wrote:


From: add gy <addyg420 at yahoo.com>
Subject: [syslog-ng] Not able to recive all syslog messages
To: syslog-ng at lists.balabit.hu
Date: Wednesday, 10 November, 2010, 1:34 PM







Hi,
 
I have installed syslog-ng on RHEL server as log host server for 250 router , switches but some time i recive messages some times i dont , when i check it on other syslog server on windows i revice syslog messages with any problem. 
 
Request to please review syslog-ng config file and give some suggetion.
 
config file
-------------------------------------------------------------------------------------------------------------------------
 
# configuration file for syslog-ng, customized for remote logging
#
source s_internal { internal(); };
destination d_syslognglog { file("/var/log/syslog-ng.log"); };
log { source(s_internal); destination(d_syslognglog); };
# Local sources, filters and destinations are commented out
# If you want to replace sysklogd simply uncomment the following
# parts and disable sysklogd
#
# Local sources
#
#source s_local {
#       unix-dgram("/dev/log");
#       file("/proc/kmsg" log_prefix("kernel:"));
#};
#
# Local filters
#
#filter f_messages { level(info..emerg); };
#filter f_secure { facility(authpriv); };
#filter f_mail { facility(mail); };
#filter f_cron { facility(cron); };
#filter f_emerg { level(emerg); };
#filter f_spooler { level(crit..emerg) and facility(uucp, news); };
#filter f_local7 { facility(local7); };
#
# Local destinations
#
#destination d_messages { file("/var/log/messages"); };
#destination d_secure { file("/var/log/secure"); };
#destination d_maillog { file("/var/log/maillog"); };
#destination d_cron { file("/var/log/cron"); };
#destination d_console { usertty("root"); };
#destination d_spooler { file("/var/log/spooler"); };
#destination d_bootlog { file("/var/log/boot.log"); };
#
# Local logs - order DOES matter !
#
#log { source(s_local); filter(f_emerg); destination(d_console); };
#log { source(s_local); filter(f_secure); destination(d_secure); flags(final); };
#log { source(s_local); filter(f_mail); destination(d_maillog); flags(final); };
#log { source(s_local); filter(f_cron); destination(d_cron); flags(final); };
#log { source(s_local); filter(f_spooler); destination(d_spooler); };
#log { source(s_local); filter(f_local7); destination(d_bootlog); };
#log { source(s_local); filter(f_messages); destination(d_messages); };

# Remote logging
source s_remote {
        tcp(ip(0.0.0.0) port(514));
        udp(ip(0.0.0.0) port(514));
};
destination d_separatedbyhosts {
        file("/var/log/syslog-ng/$HOST/messages" owner("root") group("root") perm(0655) dir_perm(0744) create_dirs(yes));
};
log { source(s_remote); destination(d_separatedbyhosts); };

------------------------------------------------------------------------------------------------------------------------
 
Regards,
Add

-----Inline Attachment Follows-----


______________________________________________________________________________
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
FAQ: http://www.campin.net/syslog-ng/faq.html



-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20101113/5a5a1d64/attachment-0001.htm 


More information about the syslog-ng mailing list