[syslog-ng] Syslog-ng not receiving messages
Worsham, Michael
mworsham at SCIRES.COM
Thu Nov 18 00:02:34 CET 2010
Try running the syslog-ng application in debug mode: "syslog-ng -d -v" and see what the output is to the screen for the UDP connection and destination attempts.
From: syslog-ng-bounces at lists.balabit.hu [mailto:syslog-ng-bounces at lists.balabit.hu] On Behalf Of keshava V
Sent: Wednesday, November 17, 2010 5:59 PM
To: Syslog-ng users' and developers' mailing list
Subject: Re: [syslog-ng] Syslog-ng not receiving messages
Messages from kernel, syslog-ng are being written but not the ones coming on udp 514 to the destination file as seen below.
[root at aspsyslog ~]# ls -ltr /var/log/messages_syslog-ng.log
-rw-r--r-- 1 root root 24645 2010-11-17 15:32 /var/log/messages_syslog-ng.log
Nov 17 14:28:55 s_all at aspsyslog syslog-ng[4460]: Configuration reload request received, reloading configuration;
Nov 17 14:29:40 s_all at aspsyslog syslog-ng[4460]: Configuration reload request received, reloading configuration;
Nov 17 14:30:09 s_all at aspsyslog syslog-ng[4460]: Configuration reload request received, reloading configuration;
Nov 17 14:36:33 s_all at aspsyslog syslog-ng[4460]: Termination requested via signal, terminating;
Nov 17 14:36:33 s_all at aspsyslog syslog-ng[4460]: syslog-ng shutting down; version='3.1.2'
Nov 17 14:36:40 s_all at aspsyslog syslog-ng[8051]: syslog-ng starting up; version='3.1.2'
Nov 17 14:40:49 s_all at aspsyslog syslog-ng[8051]: Configuration reload request received, reloading configuration;
Nov 17 14:47:07 s_all at aspsyslog syslog-ng[8051]: Termination requested via signal, terminating;
Nov 17 14:47:07 s_all at aspsyslog syslog-ng[8051]: syslog-ng shutting down; version='3.1.2'
Nov 17 14:55:43 s_all at aspsyslog kernel: device eth0 entered promiscuous mode
Nov 17 14:56:09 s_all at aspsyslog kernel: device eth0 left promiscuous mode
Nov 17 14:58:04 s_all at aspsyslog kernel: device eth0 entered promiscuous mode
Nov 17 14:58:11 s_all at aspsyslog kernel: device eth0 left promiscuous mode
On Wed, Nov 17, 2010 at 4:29 PM, Martin Holste <mcholste at gmail.com<mailto:mcholste at gmail.com>> wrote:
Hm, maybe a permissions issue with writing? Try putting in
/tmp/somefile as the destination and see if that works. Also, you
should verify that messages are in fact arriving on the server using
tcpdump.
On Wed, Nov 17, 2010 at 3:44 PM, keshava Veerabhadraiah
<mv.keshava at gmail.com<mailto:mv.keshava at gmail.com>> wrote:
> Hi
> I am new to syslog-ng and I have gone through other post to see if I can
> get a resolution to my problem.
> Syslog is not writing to the destination file any messages received on udp()
> or tcp().
> I have made sure that syslog server is receiving the syslog messages as seen
> from the tcpdump
>
>
> 15:09:55.422423 IP 10.140.141.6.syslog > aspsyslog.sungardebs.com.syslog:
> SYSLOG local4.warning, length: 153
> 15:09:55.434638 IP 10.140.141.6.syslog > aspsyslog.sungardebs.com.syslog:
> SYSLOG local4.info<http://local4.info>, length: 184
> 15:09:55.470383 IP 10.140.141.6.syslog > aspsyslog.sungardebs.com.syslog:
> SYSLOG local4.info<http://local4.info>, length: 176
> 15:09:55.473519 IP 10.140.141.6.syslog > aspsyslog.sungardebs.com.syslog:
> SYSLOG local4.info<http://local4.info>, length: 190
> 15:09:55.493361 IP 10.140.141.6.syslog > aspsyslog.sungardebs.com.syslog:
> SYSLOG local4.info<http://local4.info>, length: 180
> 15:09:55.493748 IP aspsyslog.sungardebs.com.ssh > nim.sungardebs.com.42703:
> P 128608:129696(1088) ack 289 win 461 <nop,nop,timestamp 88706531
> 1310848493>
> 15:09:55.495519 IP 10.140.141.9.syslog > aspsyslog.sungardebs.com.syslog:
> SYSLOG local4.info<http://local4.info>, length: 188
> 15:09:55.495548 IP 10.140.141.9.syslog > aspsyslog.sungardebs.com.syslog:
> SYSLOG local4.debug, length: 90
> 15:09:55.495556 IP 10.140.141.9.syslog > aspsyslog.sungardebs.com.syslog:
> SYSLOG local4.debug, length: 85
> 15:09:55.521115 IP 10.140.141.6.syslog > aspsyslog.sungardebs.com.syslog:
> SYSLOG local4.debug, length: 87
> 15:09:55.521188 IP 10.140.141.6.syslog > aspsyslog.sungardebs.com.syslog:
> SYSLOG local4.info<http://local4.info>, length: 188
> 15:09:55.522041 IP 10.140.141.6.syslog > aspsyslog.sungardebs.com.syslog:
> SYSLOG local4.info<http://local4.info>, length: 175
> 15:09:55.522212 IP 10.140.141.7.syslog > aspsyslog.sungardebs.com.syslog:
> SYSLOG local4.info<http://local4.info>, length: 164
>
>
>
> Here is how my syslog-ng config looks.
>
> @version: 3.0
> #Default configuration file for syslog-ng.
> #
> # For a description of syslog-ng configuration file directives, please read
> # the syslog-ng Administrator's guide at:
> #
> # http://www.balabit.com/dl/html/syslog-ng-admin-guide_en.html/bk01-toc.html
> #
>
> options {
> chain_hostnames(no);
> create_dirs (no);
> dir_perm(0755);
> dns_cache(no);
> keep_hostname(yes);
> log_fifo_size(2048);
> log_msg_size(1024);
> log_iw_size (500);
> long_hostnames(on);
> perm(0644);
> stats_freq(3600);
> flush_lines(100);
> time_reopen (10);
> use_dns(no);
> use_fqdn(yes);
> # max_connections(100);
>
> };
>
> source s_all {
> udp(so_rcvbuf(2048576));
> tcp();
> unix-stream("/dev/log");
> internal();
> file("/proc/kmsg");
> };
>
> destination d_file_normal {file("/var/log/messages_syslog-ng.log"); };
>
> log { source(s_all); destination (d_file_normal); };
>
>
> Any help would be greatly appreciated.
>
> Thanks
>
>
>
>
>
>
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation:
> http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.campin.net/syslog-ng/faq.html
>
>
>
______________________________________________________________________________
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
FAQ: http://www.campin.net/syslog-ng/faq.html
________________________________
CONFIDENTIALITY NOTICE: This email and any attachments are intended solely for the use of the named recipient(s). This email may contain confidential and/or proprietary information of Scientific Research Corporation. If you are not a named recipient, you are prohibited from reviewing, copying, using, disclosing or distributing to others the information in this email and attachments. If you believe you have received this email in error, please notify the sender immediately and permanently delete the email, any attachments, and all copies thereof from any drives or storage media and destroy any printouts of the email or attachments.
EXPORT COMPLIANCE NOTICE: This email and any attachments may contain technical data subject to U.S export restrictions under the International Traffic in Arms Regulations (ITAR) or the Export Administration Regulations (EAR). Export or transfer of this technical data and/or related information to any foreign person(s) or entity(ies), either within the U.S. or outside of the U.S., may require advance export authorization by the appropriate U.S. Government agency prior to export or transfer. In addition, technical data may not be exported or transferred to certain countries or specified designated nationals identified by U.S. embargo controls without prior export authorization. By accepting this email and any attachments, all recipients confirm that they understand and will comply with all applicable ITAR, EAR and embargo compliance requirements.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20101117/f6ac3e28/attachment-0001.htm
More information about the syslog-ng
mailing list