[syslog-ng] Solaris 10_x86 server.
Zoltán Pallagi
pzolee at balabit.hu
Wed Apr 27 10:27:23 CEST 2011
Hi,
If you start syslog-ng in debug mode (syslog-ng -Fevd) it will complain
about the problems.
I've fixed your configuration, the problems were the following:
-sun-stream -> sun-streams
-created_dirs was given for destinations, it's only a global option
Also, you shouldn't declare the same source twice
(sun-streams("dev/log")), you can use a source in several log path. E.g.:
log {
source(s_ext);
source(s_sys);
destination(d_ext); };
--------------------------------------------
Fixed config:
@version: 4.0
options {
sync (0);
time_reopen (10);
log_fifo_size (1000);
long_hostnames (off);
use_dns (no);
use_fqdn (no);
create_dirs (yes);
keep_hostname (yes);
};
source s_sys {
file ("/proc/kmsg" log_prefix("kernel: "));
sun-streams ("/dev/log");
internal();
};
# External Source
source s_ext
{
# Standard Syslog
udp(); # All interfaces
tcp(); # All interfaces on tcp port
sun-streams("/dev/log"); # you should remove it and use the s_sys source
in the proper log path
};
destination d_cons { file("/dev/console"); };
destination d_mesg { file("/var/adm/messages"); };
destination d_mail { file("/var/log/syslog"); };
destination d_auth { file("/var/log/authlog"); };
destination d_mlop { usertty("operator"); };
destination d_mlrt { usertty("root"); };
destination d_mlal { usertty("*"); };
destination d_ext
{
file("/syslog-ng/$HOST/$YEAR/$MONTH/$DAY/$FACILITY$YEAR$MONTH$DAY" \
owner(root) group(root) perm(0650) dir_perm(0750));
};
filter f_filter1 { level(err) or
(level(notice) and facility (auth, kern)); };
filter f_filter2 { level(err) or
(facility(kern) and level(notice)) or
(facility(daemon) and level(notice)) or
(facility(mail) and level(crit)); };
filter f_filter3 { level(alert) or
(facility(kern) and level(err)) or
(facility(daemon) and level(err)); };
filter f_filter4 { level(alert); };
filter f_filter5 { level(emerg); };
filter f_filter6 { facility(kern) and level(notice); };
filter f_filter7 { facility(mail) and level(debug); };
filter f_filter8 { facility(user) and level(err); };
filter f_filter9 { facility(user) and level(alert); };
log { source(s_sys); filter(f_filter1); destination(d_cons); };
log { source(s_sys); filter(f_filter2); destination(d_mesg); };
log { source(s_sys); filter(f_filter3); destination(d_mlop); };
log { source(s_sys); filter(f_filter4); destination(d_mlrt); };
log { source(s_sys); filter(f_filter5); destination(d_mlal); };
log { source(s_sys); filter(f_filter6); destination(d_auth); };
log { source(s_sys); filter(f_filter7); destination(d_mail); };
log { source(s_sys); filter(f_filter8); destination(d_cons);
destination(d_mesg); };
log { source(s_ext); destination(d_ext); };
On 2011-04-27 10:06, sramesh.kumar at wipro.com wrote:
>
> Hi All,
>
> Can any body help me. Please?????
>
> I hve configured syslog-ng in X86 server. Bellow is the configuration.
>
> But Logs are not coming under /syslog-ng folder.....if I am wrong in
>
> bellow configuration, can you Please Provide step by step configuration
>
> Procedure to configure the same...
>
> # cat /etc/syslog-ng/syslog-ng.conf
>
> options {
>
> sync (0);
>
> time_reopen (10);
>
> log_fifo_size (1000);
>
> long_hostnames (off);
>
> use_dns (no);
>
> use_fqdn (no);
>
> create_dirs (yes);
>
> keep_hostname (yes);
>
> };
>
> source s_sys {
>
> file ("/proc/kmsg" log_prefix("kernel: "));
>
> sun-stream ("/dev/log");
>
> internal();
>
> };
>
> # External Source
>
> source s_ext
>
> {
>
> # Standard Syslog
>
> udp(); # All interfaces
>
> tcp(); # All interfaces on tcp port
>
> sun-stream("/dev/log");
>
> };
>
> destination d_cons { file("/dev/console"); };
>
> destination d_mesg { file("/var/adm/messages"); };
>
> destination d_mail { file("/var/log/syslog"); };
>
> destination d_auth { file("/var/log/authlog"); };
>
> destination d_mlop { usertty("operator"); };
>
> destination d_mlrt { usertty("root"); };
>
> destination d_mlal { usertty("*"); };
>
> destination d_ext
>
> {
>
> file("/syslog-ng/$HOST/$YEAR/$MONTH/$DAY/$FACILITY$YEAR$MONTH$DAY" \
>
> owner(root) group(root) perm(0650) dir_perm(0750) create_dirs(yes));
>
> create_dirs(yes));
>
> };
>
> filter f_filter1 { level(err) or
>
> (level(notice) and facility (auth, kern)); };
>
> filter f_filter2 { level(err) or
>
> (facility(kern) and level(notice)) or
>
> (facility(daemon) and level(notice)) or
>
> (facility(mail) and level(crit)); };
>
> filter f_filter3 { level(alert) or
>
> (facility(kern) and level(err)) or
>
> (facility(daemon) and level(err)); };
>
> filter f_filter4 { level(alert); };
>
> filter f_filter5 { level(emerg); };
>
> filter f_filter6 { facility(kern) and level(notice); };
>
> filter f_filter7 { facility(mail) and level(debug); };
>
> filter f_filter8 { facility(user) and level(err); };
>
> filter f_filter9 { facility(user) and level(alert); };
>
> log { source(s_sys); filter(f_filter1); destination(d_cons); };
>
> log { source(s_sys); filter(f_filter2); destination(d_mesg); };
>
> log { source(s_sys); filter(f_filter3); destination(d_mlop); };
>
> log { source(s_sys); filter(f_filter4); destination(d_mlrt); };
>
> log { source(s_sys); filter(f_filter5); destination(d_mlal); };
>
> log { source(s_sys); filter(f_filter6); destination(d_auth); };
>
> log { source(s_sys); filter(f_filter7); destination(d_mail); };
>
> log { source(s_sys); filter(f_filter8); destination(d_cons);
>
> destination(d_mesg); };
>
> log { source(s_ext); destination(d_ext); };
>
> # isainfo -kv
>
> 64-bit amd64 kernel modules
>
> # cat /etc/release
>
> Solaris 10 10/08 s10x_u6wos_07b X86
>
> Copyright 2008 Sun Microsystems, Inc. All Rights Reserved.
>
> Use is subject to license terms.
>
> Assembled 27 October 2008
>
> # pkginfo -l SMCsyslng
>
> PKGINST: SMCsyslng
>
> NAME: syslogng
>
> CATEGORY: application
>
> ARCH: x86
>
> VERSION: 2.0.5
>
> BASEDIR: /usr/local
>
> VENDOR: BalaBit IT Ltd
>
> PSTAMP: Steve Christensen
>
> INSTDATE: Apr 20 2011 16:24
>
> EMAIL: steve at smc.vnet.net
>
> STATUS: completely installed
>
> FILES: 64 installed pathnames
>
> 3 shared pathnames
>
> 15 directories
>
> 2 executables
>
> 2163 blocks used (approx)
>
> /Thanks & Regards,/
>
> /Ramesh Kumar,/
>
> /Wipro Infotech Hyderabad,/
>
> /Mobile: +91 905 221 3330/
>
> */*/**//**/: sramesh.kumar at wipro.com
> <mailto:sramesh.kumar at wipro.com>/**//*
>
> */Intensity to Win/**/Act with Sensitivity/**/Unyielding Integrity/*
>
> *Please do not print this email unless it is absolutely necessary. *
>
> The information contained in this electronic message and any
> attachments to this message are intended for the exclusive use of the
> addressee(s) and may contain proprietary, confidential or privileged
> information. If you are not the intended recipient, you should not
> disseminate, distribute or copy this e-mail. Please notify the sender
> immediately and destroy all copies of this message and any attachments.
>
> WARNING: Computer viruses can be transmitted via email. The recipient
> should check this email and any attachments for the presence of
> viruses. The company accepts no liability for any damage caused by any
> virus transmitted by this email.
>
> www.wipro.com
>
>
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.campin.net/syslog-ng/faq.html
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20110427/f7fd844f/attachment-0001.htm
More information about the syslog-ng
mailing list