[syslog-ng] FW: Syslog Problem

Evan Rempel erempel at uvic.ca
Wed Aug 6 17:08:10 CEST 2014 

Wow, I should have looked more closely at your config before I added my comments.

You don't need a fallback because you are not filtering your s_network source.
You are using a mysql database as your back end. This complicates things greatly.

I recommend using a file destination to ensure you are getting everything that you expect.
Only then would I  (not me actually) be comfortable with storing the data into mysql.

Under load I have seen mysql silently drop records. No errors of any kind in front or backend
of the database services. you couldn't pay me to use mysql :-(



On 08/06/2014 07:57 AM, Riyas Ahamed wrote:
> Hi,
>
> Could you please tell me how to check fallback destination?
>
> I have attached in this mail configuration file of syslog-ng.
>
> Please help me to come from this problem.
>
> Thanks
> Riaz Ahmed
>
> ________________________________________
> From: syslog-ng-bounces at lists.balabit.hu [syslog-ng-bounces at lists.balabit.hu] on behalf of Evan Rempel [erempel at uvic.ca]
> Sent: Wednesday, August 06, 2014 7:00 PM
> To: syslog-ng at lists.balabit.hu
> Subject: Re: [syslog-ng] FW: Syslog Problem
>
> Do you have a fallback destination defined? (flags(fallback))
>
> I had a case where I couldn't find my log lines and it turnted out to be that the source was sending some weird
> facility that never matched any of my filters.
>
>
> On 08/06/2014 05:58 AM, Riyas Ahamed wrote:
>> Hi Team,
>>
>> Iam sure packet filter accepts that kind of traffic because iptables and selinux are in disabled mode but still I cannot find the network device in syslogng front end.
>>
>> Please help me.
>>
>>
>> Thanks
>> Riaz Ahmed
>> <mailto:7581178|manimaran.sundaresan at csscorp.com>
>> --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
>> *From:* syslog-ng-bounces at lists.balabit.hu [syslog-ng-bounces at lists.balabit.hu] on behalf of Balazs Scheidler [bazsi77 at gmail.com]
>> *Sent:* Tuesday, August 05, 2014 7:29 PM
>> *To:* Syslog-ng users' and developers' mailing list
>> *Subject:* Re: [syslog-ng] FW: Syslog Problem
>>
>> are you sure the packet filter accepts that kind of traffic? your configuration seems to treat all such hosts equivalently.
>>
>>
>>
>>
>> On Tue, Aug 5, 2014 at 8:21 AM, Riyas Ahamed <Riyas.Ahamed at csscorp.com <mailto:Riyas.Ahamed at csscorp.com>> wrote:
>>
>>      Hi,____
>>
>>      __ __
>>
>>      I have configured a syslog-ng server to capture network logs. I can able to fetch network logs of three devices. ____
>>
>>      __ __
>>
>>      But in fourth network device I can able to see packets are get polling into the syslog server in port 514 by using tcpdump command but I cannot find the network device in syslogng front end. ____
>>
>>      __ __
>>
>>      Syslog OS   : CentOS release 6.5 (Final)____
>>
>>      __ __
>>
>>      Syslog Version  : syslog-ng 3.2.5____
>>
>>      __ __
>>
>>      Along with this mail I have attached configuration file of syslogng server.____
>>
>>      __ __
>>
>>      Please help me to resolve this issue.____
>>
>>      __ __
>>
>>      Regards,____
>>
>>      *N.B.RIAZ AHMED____*
>>
>>      *(9047166496 <tel:%289047166496>)____*
>>
>>      __ __
>>
>>      __ __
>>
>>      https://www.csscorp.com/email-disclaimer
>>
>>      ______________________________________________________________________________
>>      Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>>      Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
>>      FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>>
>>
>>
>>
>>
>> --
>> Bazsi
>> https://www.csscorp.com/email-disclaimer
>>
>>
>> ______________________________________________________________________________
>> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>> Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
>> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>>
>
>
> --
> Evan Rempel                                      erempel at uvic.ca
> Senior Systems Administrator                        250.721.7691
> Data Centre Services, University Systems, University of Victoria
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>
> https://www.csscorp.com/email-disclaimer
>
>
>
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>


-- 
Evan Rempel                                      erempel at uvic.ca
Senior Systems Administrator                        250.721.7691
Data Centre Services, University Systems, University of Victoria

More information about the syslog-ng mailing list