[syslog-ng] Able to connect but not logging

kibirango moses kibsmoses at gmail.com
Fri Jul 27 10:31:05 CEST 2012 

Hullo Users;
I am using syslog-ng 3.3.4 and my client is able to connect but not logging
to the central logging server.
my syslog-ng.conf on server side is
@version: 3.3

# Default syslog-ng configuration for Slackware
# For info about the format of this file, see "man syslog-ng.conf"
# Converted from sysklogd (syslog.conf) by mario at slackverse.org

options {
        flush_lines (0);
        time_reopen (10);
        time_reap(360);
#       log_fifo_size (10240);
#       log_msg_size (8192);
        chain_hostnames (no);
        use_dns (no);
        use_fqdn (no);
        create_dirs (yes);
        keep_hostname (yes);
        owner("root");
        group("root");
        dir_owner(root);
#        dir_group(logs);
        dir_perm(0750);
        perm(0640);
        stats_freq (3600);
        check_hostname (yes);
        dns_cache (yes);
        threaded(yes);
        mark_freq(600);
};



source system { internal();
                  unix-stream("/dev/log");
                  udp();
                  tcp(max_connections(100)); };

filter f_messages { level(info,notice) and not
facility(authpriv,cron,mail,news); };
filter f_syslog { level(warn..emerg) and not
facility(authpriv,cron,mail,news); };
filter f_debug { level(debug); };
filter f_authpriv { facility(authpriv); };
filter f_cron { facility(cron); };
filter f_mail { facility(mail); };
filter f_emerg { level(emerg); };
filter f_uucp { facility(uucp); };

destination d_messages { file("/var/log/messages"); };
destination d_syslog { file("/var/log/syslog"); };
destination d_debug { file("/var/log/debug"); };
destination d_secure { file("/var/log/secure"); };
destination d_cron { file("/var/log/cron"); };
destination d_maillog { file("/var/log/maillog"); };
destination d_usertty { usertty("*"); };
destination d_spooler { file("/var/log/spooler"); };

# Log anything 'info' or higher, but lower than 'warn'.
# Exclude authpriv, cron, mail, and news.  These are logged elsewhere.
log { source(system); filter(f_messages); destination(d_messages); };

# Log anything 'warn' or higher.
# Exclude authpriv, cron, mail, and news.  These are logged elsewhere.
log { source(system); filter(f_syslog); destination(d_syslog); };

# Debugging information is logged here.
log { source(system); filter(f_debug); destination(d_debug); };

# Private authentication message logging:
log { source(system); filter(f_authpriv); destination(d_secure); };

# Cron related logs:
log { source(system); filter(f_cron); destination(d_cron); };

# Mail related logs:
log { source(system); filter(f_mail); destination(d_maillog); };

# Emergency level messages go to all users:
log { source(system); filter(f_emerg); destination(d_usertty); };

# This log is for news and uucp errors:
log { source(system); filter(f_uucp); destination(d_spooler); };

# Uncomment this to see kernel messages on the console.
#filter f_kern { facility(kern); };
#destination d_console { file("/dev/console"); };
#log { source(system); filter(f_kern); destination(d_console); };

# Uncomment these if you'd like INN to keep logs on everything.
# You won't need this if you don't run INN (the InterNetNews daemon).
#filter f_news_crit { facility(news) and level(crit); };
#filter f_news_err { facility(news) and level(err); };
#filter f_news_notice { facility(news) and level(notice); };
#destination d_news_crit { file("/var/log/news/news.crit"); };
#destination d_news_err { file("/var/log/news/news.err"); };
#destination d_news_notice { file("/var/log/news/news.notice"); };
#log { source(system); filter(f_news_crit); destination(d_news_crit); };
#log { source(system); filter(f_news_err); destination(d_news_err); };
#log { source(system); filter(f_news_notice); destination(f_news_notice); };


# Remote logging
source s_remote {
  tcp(ip(0.0.0.0) port(514));
  udp(ip(0.0.0.0) port(514));
};

  destination logpile {
  file("/var/log/$HOST/$YEAR/$MONTH/$FACILITY.$YEAR$MONTH$DAY"
        owner(root) group(root) perm(0600)
        create_dirs(yes) dir_perm(0700)); };

  log { source(system); destination(logpile); };



Cleint syslog-ng.conf

I just added the lines belo to the server file above

# Remote logging


  destination logpile {
  file("/var/log/$HOST/$YEAR/$MONTH/$FACILITY.$YEAR$MONTH$DAY"
        owner(root) group(root) perm(0600)
        create_dirs(yes) dir_perm(0700)); };

destination remote { tcp("196.43.133.98" port(514)); };


  log { source(system); destination(logpile); };
  log { source(system); destination(remote); };

testing for connection

root at client:/# lsof -i | grep syslog-ng
syslog-ng 18339    root    9u  IPv4 37485820      0t0  UDP *:syslog
syslog-ng 18339    root   10u  IPv4 37485822      0t0  TCP *:shell (LISTEN)
syslog-ng 18339    root   11u  IPv4 37485824      0t0  TCP client:48305->
syslog server:shell (ESTABLISHED)

I am not seeing any logging being registered . How can i solve this and
where have i gone wrong.

Thanx i  advance
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20120727/7c3f0ae8/attachment.htm

More information about the syslog-ng mailing list