[syslog-ng] Error parsing source

Jesus M Diaz jesusm.diazperez at gmail.com
Fri Feb 28 20:52:59 CET 2014 

Hello,

I have just came  to 'syslog-ng' and I am having some troubles to setting it up.

I am using the "syslog-ng.conf" provided by "slackbuilds.org", and I
have add just few lines. Well, those lines make the daemon not to run.

the error:

++++++++++++
Starting syslog-ng daemon:  /usr/sbin/syslog-ng
Error parsing source, source plugin s_router not found in
/etc/syslog-ng/syslog-ng.conf at line 59, column 14:

log { source{s_router}; destination{d_router}; };
             ^^^^^^^^

syslog-ng documentation:
http://www.balabit.com/support/documentation/?product=syslog-ng
mailing list: https://lists.balabit.hu/mailman/listinfo/syslog-ng
*******************

the release:
++++++++++++
root at liet:/etc/syslog-ng# syslog-ng -V
syslog-ng 3.5.2
Installer-Version: 3.5.2
Revision: ssh+git://algernon@git.balabit/var/scm/git/syslog-ng/syslog-ng-ose--mainline--3.5#master#a31bdb7a7f57382a90305bd033753b2762469854
Compile-Date: Feb 28 2014 19:53:40
Available-Modules:
afsocket-notls,afamqp,linux-kmsg-format,basicfuncs,affile,dbparser,afsocket-tls,csvparser,afsocket,afstomp,system-source,afmongodb,cryptofuncs,afprog,syslogformat,afuser,confgen
Enable-Debug: off
Enable-GProf: off
Enable-Memtrace: off
Enable-IPv6: on
Enable-Spoof-Source: off
Enable-TCP-Wrapper: off
Enable-Linux-Caps: on
Enable-Pcre: on
*******************

And the config file (my lines remarked with <<<<<<):


+++++++++++++++++
@version: 3.5

# Drop-in replacement for a stock Slackware syslog.conf
# For info about the format of this file, see "man syslog-ng.conf"
# Written by Mario Preksavec <mario at slackware.hr>

options {
flush_lines(0);
time_reopen(60);
log_fifo_size(10240);
log_msg_size(8192);
chain_hostnames(no);
use_dns(no);
use_fqdn(no);
create_dirs(yes);
keep_hostname(yes);
owner("root");
group("root");
perm(0640);
dir_perm(0755);
stats_freq(0);
check_hostname(yes);
dns_cache(no);
};

source s_router { udp(ip(192.168.1.1) port(514)); }; <<<<<<<<<<<<<

source s_system {
internal();
unix-dgram("/dev/log");
file("/proc/kmsg" program_override("kernel"));
};

filter f_messages { level(info,notice) and not
facility(authpriv,cron,mail,news); };
filter f_syslog { level(warn..emerg) and not
facility(authpriv,cron,mail,news); };
filter f_debug { level(debug); };
filter f_authpriv { facility(authpriv); };
filter f_cron { facility(cron); };
filter f_mail { facility(mail); };
filter f_emerg { level(emerg); };
filter f_uucp { facility(uucp); };

destination d_messages { file("/var/log/messages"); };
destination d_syslog { file("/var/log/syslog"); };
destination d_debug { file("/var/log/debug"); };
destination d_secure { file("/var/log/secure"); };
destination d_cron { file("/var/log/cron"); };
destination d_maillog { file("/var/log/maillog"); };
destination d_usertty { usertty("*"); };
destination d_spooler { file("/var/log/spooler"); };

destination d_router { file("/var/log/router"); }; <<<<<<<<<<<<<

############
## Router
###########################
log { source{s_router}; destination{d_router}; }; <<<<<<<<<<<<<

# Log anything 'info' or higher, but lower than 'warn'.
# Exclude authpriv, cron, mail, and news.  These are logged elsewhere.
log { source(s_system); filter(f_messages); destination(d_messages); };

# Log anything 'warn' or higher.
# Exclude authpriv, cron, mail, and news.  These are logged elsewhere.
log { source(s_system); filter(f_syslog); destination(d_syslog); };

# Debugging information is logged here.
log { source(s_system); filter(f_debug); destination(d_debug); };

# Private authentication message logging:
log { source(s_system); filter(f_authpriv); destination(d_secure); };

# Cron related logs:
log { source(s_system); filter(f_cron); destination(d_cron); };

# Mail related logs:
log { source(s_system); filter(f_mail); destination(d_maillog); };

# Emergency level messages go to all users:
log { source(s_system); filter(f_emerg); destination(d_usertty); };

# This log is for news and uucp errors:
log { source(s_system); filter(f_uucp); destination(d_spooler); };

# Uncomment this to see kernel messages on the console.
#filter f_kern { facility(kern); };
#destination d_console { file("/dev/console"); };
#log { source(s_system); filter(f_kern); destination(d_console); };

# Uncomment these if you'd like INN to keep logs on everything.
# You won't need this if you don't run INN (the InterNetNews daemon).
#filter f_news_crit { facility(news) and level(crit); };
#filter f_news_err { facility(news) and level(err); };
#filter f_news_notice { facility(news) and level(notice); };
#destination d_news_crit { file("/var/log/news/news.crit"); };
#destination d_news_err { file("/var/log/news/news.err"); };
#destination d_news_notice { file("/var/log/news/news.notice"); };
#log { source(s_system); filter(f_news_crit); destination(d_news_crit); };
#log { source(s_system); filter(f_news_err); destination(d_news_err); };
#log { source(s_system); filter(f_news_notice); destination(f_news_notice); };
***************************

If I comment my "log" line, it works fine, but if I use it, it
complains about the "source" entry.

Surely it is a silly mistake, but I can't see it, so if any of you
could help me I really would be very gratefull

thanks a lot!

JM Diaz

More information about the syslog-ng mailing list