[syslog-ng] Error parsing source

Evan Rempel erempel at uvic.ca
Fri Feb 28 21:56:53 CET 2014


log { source{s_router}; destination{d_router}; };

this needs to be


log { source(s_router); destination(d_router); };

note the different braces around s_router and d_router


On 02/28/2014 11:52 AM, Jesus M Diaz wrote:
> Hello,
>
> I have just came  to 'syslog-ng' and I am having some troubles to setting it up.
>
> I am using the "syslog-ng.conf" provided by "slackbuilds.org", and I
> have add just few lines. Well, those lines make the daemon not to run.
>
> the error:
>
> ++++++++++++
> Starting syslog-ng daemon:  /usr/sbin/syslog-ng
> Error parsing source, source plugin s_router not found in
> /etc/syslog-ng/syslog-ng.conf at line 59, column 14:
>
> log { source{s_router}; destination{d_router}; };
>               ^^^^^^^^
>
> syslog-ng documentation:
> http://www.balabit.com/support/documentation/?product=syslog-ng
> mailing list: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> *******************
>
> the release:
> ++++++++++++
> root at liet:/etc/syslog-ng# syslog-ng -V
> syslog-ng 3.5.2
> Installer-Version: 3.5.2
> Revision: ssh+git://algernon@git.balabit/var/scm/git/syslog-ng/syslog-ng-ose--mainline--3.5#master#a31bdb7a7f57382a90305bd033753b2762469854
> Compile-Date: Feb 28 2014 19:53:40
> Available-Modules:
> afsocket-notls,afamqp,linux-kmsg-format,basicfuncs,affile,dbparser,afsocket-tls,csvparser,afsocket,afstomp,system-source,afmongodb,cryptofuncs,afprog,syslogformat,afuser,confgen
> Enable-Debug: off
> Enable-GProf: off
> Enable-Memtrace: off
> Enable-IPv6: on
> Enable-Spoof-Source: off
> Enable-TCP-Wrapper: off
> Enable-Linux-Caps: on
> Enable-Pcre: on
> *******************
>
> And the config file (my lines remarked with <<<<<<):
>
>
> +++++++++++++++++
> @version: 3.5
>
> # Drop-in replacement for a stock Slackware syslog.conf
> # For info about the format of this file, see "man syslog-ng.conf"
> # Written by Mario Preksavec <mario at slackware.hr>
>
> options {
> flush_lines(0);
> time_reopen(60);
> log_fifo_size(10240);
> log_msg_size(8192);
> chain_hostnames(no);
> use_dns(no);
> use_fqdn(no);
> create_dirs(yes);
> keep_hostname(yes);
> owner("root");
> group("root");
> perm(0640);
> dir_perm(0755);
> stats_freq(0);
> check_hostname(yes);
> dns_cache(no);
> };
>
> source s_router { udp(ip(192.168.1.1) port(514)); }; <<<<<<<<<<<<<
>
> source s_system {
> internal();
> unix-dgram("/dev/log");
> file("/proc/kmsg" program_override("kernel"));
> };
>
> filter f_messages { level(info,notice) and not
> facility(authpriv,cron,mail,news); };
> filter f_syslog { level(warn..emerg) and not
> facility(authpriv,cron,mail,news); };
> filter f_debug { level(debug); };
> filter f_authpriv { facility(authpriv); };
> filter f_cron { facility(cron); };
> filter f_mail { facility(mail); };
> filter f_emerg { level(emerg); };
> filter f_uucp { facility(uucp); };
>
> destination d_messages { file("/var/log/messages"); };
> destination d_syslog { file("/var/log/syslog"); };
> destination d_debug { file("/var/log/debug"); };
> destination d_secure { file("/var/log/secure"); };
> destination d_cron { file("/var/log/cron"); };
> destination d_maillog { file("/var/log/maillog"); };
> destination d_usertty { usertty("*"); };
> destination d_spooler { file("/var/log/spooler"); };
>
> destination d_router { file("/var/log/router"); }; <<<<<<<<<<<<<
>
> ############
> ## Router
> ###########################
> log { source{s_router}; destination{d_router}; }; <<<<<<<<<<<<<
>
> # Log anything 'info' or higher, but lower than 'warn'.
> # Exclude authpriv, cron, mail, and news.  These are logged elsewhere.
> log { source(s_system); filter(f_messages); destination(d_messages); };
>
> # Log anything 'warn' or higher.
> # Exclude authpriv, cron, mail, and news.  These are logged elsewhere.
> log { source(s_system); filter(f_syslog); destination(d_syslog); };
>
> # Debugging information is logged here.
> log { source(s_system); filter(f_debug); destination(d_debug); };
>
> # Private authentication message logging:
> log { source(s_system); filter(f_authpriv); destination(d_secure); };
>
> # Cron related logs:
> log { source(s_system); filter(f_cron); destination(d_cron); };
>
> # Mail related logs:
> log { source(s_system); filter(f_mail); destination(d_maillog); };
>
> # Emergency level messages go to all users:
> log { source(s_system); filter(f_emerg); destination(d_usertty); };
>
> # This log is for news and uucp errors:
> log { source(s_system); filter(f_uucp); destination(d_spooler); };
>
> # Uncomment this to see kernel messages on the console.
> #filter f_kern { facility(kern); };
> #destination d_console { file("/dev/console"); };
> #log { source(s_system); filter(f_kern); destination(d_console); };
>
> # Uncomment these if you'd like INN to keep logs on everything.
> # You won't need this if you don't run INN (the InterNetNews daemon).
> #filter f_news_crit { facility(news) and level(crit); };
> #filter f_news_err { facility(news) and level(err); };
> #filter f_news_notice { facility(news) and level(notice); };
> #destination d_news_crit { file("/var/log/news/news.crit"); };
> #destination d_news_err { file("/var/log/news/news.err"); };
> #destination d_news_notice { file("/var/log/news/news.notice"); };
> #log { source(s_system); filter(f_news_crit); destination(d_news_crit); };
> #log { source(s_system); filter(f_news_err); destination(d_news_err); };
> #log { source(s_system); filter(f_news_notice); destination(f_news_notice); };
> ***************************
>
> If I comment my "log" line, it works fine, but if I use it, it
> complains about the "source" entry.
>
> Surely it is a silly mistake, but I can't see it, so if any of you
> could help me I really would be very gratefull
>
> thanks a lot!
>
> JM Diaz
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>


-- 
Evan Rempel                                      erempel at uvic.ca
Senior Systems Administrator                        250.721.7691
Data Centre Services, University Systems, University of Victoria


More information about the syslog-ng mailing list