[syslog-ng] Syslog-ng not receiving messages

keshava V mv.keshava at gmail.com
Thu Nov 18 00:00:49 CET 2010 

Here is the syslog-stat if it helps in any way to debug this further.

Nov 17 13:20:23 s_all at aspsyslog syslog-ng[4460]: Log statistics;
processed='global(payload_reallocs)=0',
processed='src.internal(s_all#3)=91',
stamp='src.internal(s_all#3)=1290021623', processed='global(msg_clones)=0',
processed='source(s_all)=92', processed='global(sdata_updates)=0',
processed='destination(d_file_normal)=97', processed='center(received)=0',
processed='center(queued)=0'


On Wed, Nov 17, 2010 at 4:59 PM, keshava V <mv.keshava at gmail.com> wrote:

> Messages from kernel, syslog-ng are being written but not the ones coming
> on udp 514  to the destination file as seen below.
>
> [root at aspsyslog ~]# ls -ltr /var/log/messages_syslog-ng.log
> -rw-r--r-- 1 root root 24645 2010-11-17 15:32
> /var/log/messages_syslog-ng.log
>
> Nov 17 14:28:55 s_all at aspsyslog syslog-ng[4460]: Configuration reload
> request received, reloading configuration;
> Nov 17 14:29:40 s_all at aspsyslog syslog-ng[4460]: Configuration reload
> request received, reloading configuration;
> Nov 17 14:30:09 s_all at aspsyslog syslog-ng[4460]: Configuration reload
> request received, reloading configuration;
> Nov 17 14:36:33 s_all at aspsyslog syslog-ng[4460]: Termination requested via
> signal, terminating;
> Nov 17 14:36:33 s_all at aspsyslog syslog-ng[4460]: syslog-ng shutting down;
> version='3.1.2'
> Nov 17 14:36:40 s_all at aspsyslog syslog-ng[8051]: syslog-ng starting up;
> version='3.1.2'
> Nov 17 14:40:49 s_all at aspsyslog syslog-ng[8051]: Configuration reload
> request received, reloading configuration;
> Nov 17 14:47:07 s_all at aspsyslog syslog-ng[8051]: Termination requested via
> signal, terminating;
> Nov 17 14:47:07 s_all at aspsyslog syslog-ng[8051]: syslog-ng shutting down;
> version='3.1.2'
> Nov 17 14:55:43 s_all at aspsyslog kernel: device eth0 entered promiscuous
> mode
> Nov 17 14:56:09 s_all at aspsyslog kernel: device eth0 left promiscuous mode
> Nov 17 14:58:04 s_all at aspsyslog kernel: device eth0 entered promiscuous
> mode
> Nov 17 14:58:11 s_all at aspsyslog kernel: device eth0 left promiscuous mode
>
>
>
>
>
> On Wed, Nov 17, 2010 at 4:29 PM, Martin Holste <mcholste at gmail.com> wrote:
>
>> Hm, maybe a permissions issue with writing?  Try putting in
>> /tmp/somefile as the destination and see if that works.  Also, you
>> should verify that messages are in fact arriving on the server using
>> tcpdump.
>>
>> On Wed, Nov 17, 2010 at 3:44 PM, keshava Veerabhadraiah
>> <mv.keshava at gmail.com> wrote:
>> > Hi
>> > I am new to syslog-ng and I have gone through other post to see if  I
>> can
>> > get a resolution to my problem.
>> > Syslog is not writing to the destination file any messages received on
>> udp()
>> > or tcp().
>> > I have made sure that syslog server is receiving the syslog messages as
>> seen
>> > from the tcpdump
>> >
>> >
>> > 15:09:55.422423 IP 10.140.141.6.syslog >
>> aspsyslog.sungardebs.com.syslog:
>> > SYSLOG local4.warning, length: 153
>> > 15:09:55.434638 IP 10.140.141.6.syslog >
>> aspsyslog.sungardebs.com.syslog:
>> > SYSLOG local4.info, length: 184
>> > 15:09:55.470383 IP 10.140.141.6.syslog >
>> aspsyslog.sungardebs.com.syslog:
>> > SYSLOG local4.info, length: 176
>> > 15:09:55.473519 IP 10.140.141.6.syslog >
>> aspsyslog.sungardebs.com.syslog:
>> > SYSLOG local4.info, length: 190
>> > 15:09:55.493361 IP 10.140.141.6.syslog >
>> aspsyslog.sungardebs.com.syslog:
>> > SYSLOG local4.info, length: 180
>> > 15:09:55.493748 IP aspsyslog.sungardebs.com.ssh >
>> nim.sungardebs.com.42703:
>> > P 128608:129696(1088) ack 289 win 461 <nop,nop,timestamp 88706531
>> > 1310848493>
>> > 15:09:55.495519 IP 10.140.141.9.syslog >
>> aspsyslog.sungardebs.com.syslog:
>> > SYSLOG local4.info, length: 188
>> > 15:09:55.495548 IP 10.140.141.9.syslog >
>> aspsyslog.sungardebs.com.syslog:
>> > SYSLOG local4.debug, length: 90
>> > 15:09:55.495556 IP 10.140.141.9.syslog >
>> aspsyslog.sungardebs.com.syslog:
>> > SYSLOG local4.debug, length: 85
>> > 15:09:55.521115 IP 10.140.141.6.syslog >
>> aspsyslog.sungardebs.com.syslog:
>> > SYSLOG local4.debug, length: 87
>> > 15:09:55.521188 IP 10.140.141.6.syslog >
>> aspsyslog.sungardebs.com.syslog:
>> > SYSLOG local4.info, length: 188
>> > 15:09:55.522041 IP 10.140.141.6.syslog >
>> aspsyslog.sungardebs.com.syslog:
>> > SYSLOG local4.info, length: 175
>> > 15:09:55.522212 IP 10.140.141.7.syslog >
>> aspsyslog.sungardebs.com.syslog:
>> > SYSLOG local4.info, length: 164
>> >
>> >
>> >
>> > Here is how my syslog-ng config looks.
>> >
>> > @version: 3.0
>> > #Default configuration file for syslog-ng.
>> > #
>> > # For a description of syslog-ng configuration file directives, please
>> read
>> > # the syslog-ng Administrator's guide at:
>> > #
>> > #
>> http://www.balabit.com/dl/html/syslog-ng-admin-guide_en.html/bk01-toc.html
>> > #
>> >
>> > options {
>> >     chain_hostnames(no);
>> >     create_dirs (no);
>> >     dir_perm(0755);
>> >     dns_cache(no);
>> >     keep_hostname(yes);
>> >     log_fifo_size(2048);
>> >     log_msg_size(1024);
>> >     log_iw_size (500);
>> >     long_hostnames(on);
>> >     perm(0644);
>> >     stats_freq(3600);
>> >     flush_lines(100);
>> >     time_reopen (10);
>> >     use_dns(no);
>> >     use_fqdn(yes);
>> > #    max_connections(100);
>> >
>> > };
>> >
>> > source s_all {
>> > udp(so_rcvbuf(2048576));
>> > tcp();
>> > unix-stream("/dev/log");
>> > internal();
>> > file("/proc/kmsg");
>> > };
>> >
>> > destination d_file_normal {file("/var/log/messages_syslog-ng.log"); };
>> >
>> > log { source(s_all); destination (d_file_normal); };
>> >
>> >
>> > Any help would be greatly appreciated.
>> >
>> > Thanks
>> >
>> >
>> >
>> >
>> >
>> >
>> >
>> ______________________________________________________________________________
>> > Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>> > Documentation:
>> > http://www.balabit.com/support/documentation/?product=syslog-ng
>> > FAQ: http://www.campin.net/syslog-ng/faq.html
>> >
>> >
>> >
>>
>> ______________________________________________________________________________
>> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>> Documentation:
>> http://www.balabit.com/support/documentation/?product=syslog-ng
>> FAQ: http://www.campin.net/syslog-ng/faq.html
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20101117/36bc9671/attachment.htm

More information about the syslog-ng mailing list