[syslog-ng] client -> server logging.. filters?

Matt Wise mwise at netflix.com
Fri Apr 8 22:46:54 CEST 2011 

Solved the issue.. even though I upgraded to syslog-ng from sysklogd, the sysklod process was still running and one service (stunnel) was stuck logging to it. Essentially both services were writing to /var/log/messages. Yuck. Solved that in our config management system so it wont happen again. 

—Matt

On Apr 8, 2011, at 11:52 AM, Balazs Scheidler wrote:

> Hi,
> 
> On Fri, 2011-04-08 at 11:22 -0700, Matt Wise wrote:
>> I'm doing some logging from clients -> servers via syslog-ng over a TCP session with stunnel. On my client, I'm seeing some log messages come in that are not making it to the server.. reliably. I don't have any filtering setup I don't think — is there some default setting somewhere that I don't know about that only passes certain types of messages to the remote dest? Do I need to specify somewhere 'send all'?
> 
> Can I ask why you are using stunnel instead of the built-in SSL support
> in syslog-ng?
> 
>> 
>> Whats quite strange is that I have the hosts logging to 2 systems right now.. old syslog-ng server, and new one. The old one is getting all  of the messages, but the new one is ignoring messages like these:
>> 
>> Apr  8 18:21:43 xxx stunnel: LOG5[5459:1079724352]: Connection reset: 0 bytes sent to SSL, 0 bytes sent to socket
>> 
>> It seems to get all other messages.. but messages that have that LOG5 or LOG3 or LOG7 appended to them seem to get lost in translation... any ideas?
> 
> this sounds like a strange bug to me, if it is indeed a bug. can you
> check that:
> 
> 1) the messages in question really reach syslog-ng (running syslog-ng in
> foreground and in debug mode will tell you what it did receive)
> 
> 2) if they do, then it's probably with the configuration
> 
> 3) if they don't, then it's a client issue.
> 
> -- 
> Bazsi
> 
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.campin.net/syslog-ng/faq.html
>

More information about the syslog-ng mailing list