[syslog-ng] Redirecting logs and UDP issues
Aldrich, Jamie S
JSAldrich at pier1.com
Thu Sep 1 17:42:39 CEST 2011
Maybe I am misunderstanding the messages. Is it possible to redirect a symlink log file to a server? This is the section in syslog-ng.conf that should be handling this, but does not appear to work.
# Setup for PeopleSoft logs to transmit to Loglogic
source s_file {
file("/tmp/APPSRV_current.LOG" flags(no-parse));
};
destination d_messages{
udp("10.13.33.11" port(514) log_fifo_size(900000000));
};
log {
source(s_file);
destination(d_messages);
};
Jamie
-----Original Message-----
From: syslog-ng-bounces at lists.balabit.hu [mailto:syslog-ng-bounces at lists.balabit.hu] On Behalf Of Sandor Geller
Sent: Wednesday, August 31, 2011 9:08 AM
To: Syslog-ng users' and developers' mailing list
Subject: Re: [syslog-ng] Redirecting logs and UDP issues
Hi,
On Wed, Aug 31, 2011 at 3:33 PM, Aldrich, Jamie S <JSAldrich at pier1.com> wrote:
> All,
>
>
>
> I am trying to redirect a log file from an NFS mount (AIX server = source
> and Redhat server = target). The redirect is going to a LogLogic device
> over UDP, and I am seeing quite a few dropped packets in /var/log/messages.
> Samples below:
>
>
>
> Aug 31 07:34:16 lxfwossecp3 syslog-ng[30574]: syslog-ng starting up;
> version='2.1.4'
>
> Aug 31 07:44:16 lxfwossecp3 syslog-ng[30574]: Log statistics;
> dropped='udp(10.13.33.11:514)=0', processed='center(queued)=15',
> processed='center(received)=15', processed='destination(d_messages)=11',
> processed='destination(d_boot)=0', processed='destination(d_auth)=2', processed='destination(d_cron)=1',
> processed='destination(d_mlal)=0', processed='destination(d_kern)=0',
> processed='destination(d_mesg)=1', processed='destination(d_cons)=0',
> processed='destination(d_spol)= 0', processed='destination(d_mail)=0', processed='source(s_sys)=4',
> processed='source(s_file)=11', suppressed='udp(10.13.33.11:514)=0'
May I ask the *second* time why do you think there were dropped
messages at all? Do you have any evidence or you just misunderstood
the meaning of the above statistical message?
Regards,
Sandor
______________________________________________________________________________
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
FAQ: http://www.balabit.com/wiki/syslog-ng-faq
More information about the syslog-ng
mailing list