[syslog-ng] Syslog-ng not receiving messages

Clayton Dukes cdukes at gmail.com
Thu Nov 18 00:08:52 CET 2010 

Also try:
tcpdump udp port 514
to make sure udp is being received - not being blocked by a firewall or
something.

______________________________________________________________

Clayton Dukes
______________________________________________________________


On Wed, Nov 17, 2010 at 6:02 PM, Worsham, Michael <mworsham at scires.com>wrote:

>  Try running the syslog-ng application in debug mode: “syslog-ng –d –v”
> and see what the output is to the screen for the UDP connection and
> destination attempts.
>
>
>
>
>
> *From:* syslog-ng-bounces at lists.balabit.hu [mailto:
> syslog-ng-bounces at lists.balabit.hu] *On Behalf Of *keshava V
> *Sent:* Wednesday, November 17, 2010 5:59 PM
> *To:* Syslog-ng users' and developers' mailing list
> *Subject:* Re: [syslog-ng] Syslog-ng not receiving messages
>
>
>
> Messages from kernel, syslog-ng are being written but not the ones coming
> on udp 514  to the destination file as seen below.
>
> [root at aspsyslog ~]# ls -ltr /var/log/messages_syslog-ng.log
> -rw-r--r-- 1 root root 24645 2010-11-17 15:32
> /var/log/messages_syslog-ng.log
>
> Nov 17 14:28:55 s_all at aspsyslog syslog-ng[4460]: Configuration reload
> request received, reloading configuration;
> Nov 17 14:29:40 s_all at aspsyslog syslog-ng[4460]: Configuration reload
> request received, reloading configuration;
> Nov 17 14:30:09 s_all at aspsyslog syslog-ng[4460]: Configuration reload
> request received, reloading configuration;
> Nov 17 14:36:33 s_all at aspsyslog syslog-ng[4460]: Termination requested via
> signal, terminating;
> Nov 17 14:36:33 s_all at aspsyslog syslog-ng[4460]: syslog-ng shutting down;
> version='3.1.2'
> Nov 17 14:36:40 s_all at aspsyslog syslog-ng[8051]: syslog-ng starting up;
> version='3.1.2'
> Nov 17 14:40:49 s_all at aspsyslog syslog-ng[8051]: Configuration reload
> request received, reloading configuration;
> Nov 17 14:47:07 s_all at aspsyslog syslog-ng[8051]: Termination requested via
> signal, terminating;
> Nov 17 14:47:07 s_all at aspsyslog syslog-ng[8051]: syslog-ng shutting down;
> version='3.1.2'
> Nov 17 14:55:43 s_all at aspsyslog kernel: device eth0 entered promiscuous
> mode
> Nov 17 14:56:09 s_all at aspsyslog kernel: device eth0 left promiscuous mode
> Nov 17 14:58:04 s_all at aspsyslog kernel: device eth0 entered promiscuous
> mode
> Nov 17 14:58:11 s_all at aspsyslog kernel: device eth0 left promiscuous mode
>
>
>
>  On Wed, Nov 17, 2010 at 4:29 PM, Martin Holste <mcholste at gmail.com>
> wrote:
>
> Hm, maybe a permissions issue with writing?  Try putting in
> /tmp/somefile as the destination and see if that works.  Also, you
> should verify that messages are in fact arriving on the server using
> tcpdump.
>
>
> On Wed, Nov 17, 2010 at 3:44 PM, keshava Veerabhadraiah
> <mv.keshava at gmail.com> wrote:
> > Hi
> > I am new to syslog-ng and I have gone through other post to see if  I can
> > get a resolution to my problem.
> > Syslog is not writing to the destination file any messages received on
> udp()
> > or tcp().
> > I have made sure that syslog server is receiving the syslog messages as
> seen
> > from the tcpdump
> >
> >
> > 15:09:55.422423 IP 10.140.141.6.syslog > aspsyslog.sungardebs.com.syslog:
> > SYSLOG local4.warning, length: 153
> > 15:09:55.434638 IP 10.140.141.6.syslog > aspsyslog.sungardebs.com.syslog:
> > SYSLOG local4.info, length: 184
> > 15:09:55.470383 IP 10.140.141.6.syslog > aspsyslog.sungardebs.com.syslog:
> > SYSLOG local4.info, length: 176
> > 15:09:55.473519 IP 10.140.141.6.syslog > aspsyslog.sungardebs.com.syslog:
> > SYSLOG local4.info, length: 190
> > 15:09:55.493361 IP 10.140.141.6.syslog > aspsyslog.sungardebs.com.syslog:
> > SYSLOG local4.info, length: 180
> > 15:09:55.493748 IP aspsyslog.sungardebs.com.ssh >
> nim.sungardebs.com.42703:
> > P 128608:129696(1088) ack 289 win 461 <nop,nop,timestamp 88706531
> > 1310848493>
> > 15:09:55.495519 IP 10.140.141.9.syslog > aspsyslog.sungardebs.com.syslog:
> > SYSLOG local4.info, length: 188
> > 15:09:55.495548 IP 10.140.141.9.syslog > aspsyslog.sungardebs.com.syslog:
> > SYSLOG local4.debug, length: 90
> > 15:09:55.495556 IP 10.140.141.9.syslog > aspsyslog.sungardebs.com.syslog:
> > SYSLOG local4.debug, length: 85
> > 15:09:55.521115 IP 10.140.141.6.syslog > aspsyslog.sungardebs.com.syslog:
> > SYSLOG local4.debug, length: 87
> > 15:09:55.521188 IP 10.140.141.6.syslog > aspsyslog.sungardebs.com.syslog:
> > SYSLOG local4.info, length: 188
> > 15:09:55.522041 IP 10.140.141.6.syslog > aspsyslog.sungardebs.com.syslog:
> > SYSLOG local4.info, length: 175
> > 15:09:55.522212 IP 10.140.141.7.syslog > aspsyslog.sungardebs.com.syslog:
> > SYSLOG local4.info, length: 164
> >
> >
> >
> > Here is how my syslog-ng config looks.
> >
> > @version: 3.0
> > #Default configuration file for syslog-ng.
> > #
> > # For a description of syslog-ng configuration file directives, please
> read
> > # the syslog-ng Administrator's guide at:
> > #
> > #
> http://www.balabit.com/dl/html/syslog-ng-admin-guide_en.html/bk01-toc.html
> > #
> >
> > options {
> >     chain_hostnames(no);
> >     create_dirs (no);
> >     dir_perm(0755);
> >     dns_cache(no);
> >     keep_hostname(yes);
> >     log_fifo_size(2048);
> >     log_msg_size(1024);
> >     log_iw_size (500);
> >     long_hostnames(on);
> >     perm(0644);
> >     stats_freq(3600);
> >     flush_lines(100);
> >     time_reopen (10);
> >     use_dns(no);
> >     use_fqdn(yes);
> > #    max_connections(100);
> >
> > };
> >
> > source s_all {
> > udp(so_rcvbuf(2048576));
> > tcp();
> > unix-stream("/dev/log");
> > internal();
> > file("/proc/kmsg");
> > };
> >
> > destination d_file_normal {file("/var/log/messages_syslog-ng.log"); };
> >
> > log { source(s_all); destination (d_file_normal); };
> >
> >
> > Any help would be greatly appreciated.
> >
> > Thanks
> >
> >
> >
> >
> >
> >
>
> >
> ______________________________________________________________________________
> > Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> > Documentation:
> > http://www.balabit.com/support/documentation/?product=syslog-ng
> > FAQ: http://www.campin.net/syslog-ng/faq.html
> >
> >
> >
>
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation:
> http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.campin.net/syslog-ng/faq.html
>
>
>
> ------------------------------
> CONFIDENTIALITY NOTICE: This email and any attachments are intended solely
> for the use of the named recipient(s). This email may contain confidential
> and/or proprietary information of Scientific Research Corporation. If you
> are not a named recipient, you are prohibited from reviewing, copying,
> using, disclosing or distributing to others the information in this email
> and attachments. If you believe you have received this email in error,
> please notify the sender immediately and permanently delete the email, any
> attachments, and all copies thereof from any drives or storage media and
> destroy any printouts of the email or attachments.
>
> EXPORT COMPLIANCE NOTICE: This email and any attachments may contain
> technical data subject to U.S export restrictions under the International
> Traffic in Arms Regulations (ITAR) or the Export Administration Regulations
> (EAR). Export or transfer of this technical data and/or related information
> to any foreign person(s) or entity(ies), either within the U.S. or outside
> of the U.S., may require advance export authorization by the appropriate
> U.S. Government agency prior to export or transfer. In addition, technical
> data may not be exported or transferred to certain countries or specified
> designated nationals identified by U.S. embargo controls without prior
> export authorization. By accepting this email and any attachments, all
> recipients confirm that they understand and will comply with all applicable
> ITAR, EAR and embargo compliance requirements.
>
>
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation:
> http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.campin.net/syslog-ng/faq.html
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20101117/33c7b421/attachment.htm

More information about the syslog-ng mailing list