[syslog-ng] Error parsing source

Jesus M Diaz jesusm.diazperez at gmail.com
Fri Feb 28 21:58:43 CET 2014 

yes, thanks! finally I saw it, the brackets!!!

as I said ... a silly mistake!

Thanks a lot!!!!

2014-02-28 21:56 GMT+01:00 Evan Rempel <erempel at uvic.ca>:
>
> log { source{s_router}; destination{d_router}; };
>
> this needs to be
>
>
> log { source(s_router); destination(d_router); };
>
> note the different braces around s_router and d_router
>
>
> On 02/28/2014 11:52 AM, Jesus M Diaz wrote:
>> Hello,
>>
>> I have just came  to 'syslog-ng' and I am having some troubles to setting it up.
>>
>> I am using the "syslog-ng.conf" provided by "slackbuilds.org", and I
>> have add just few lines. Well, those lines make the daemon not to run.
>>
>> the error:
>>
>> ++++++++++++
>> Starting syslog-ng daemon:  /usr/sbin/syslog-ng
>> Error parsing source, source plugin s_router not found in
>> /etc/syslog-ng/syslog-ng.conf at line 59, column 14:
>>
>> log { source{s_router}; destination{d_router}; };
>>               ^^^^^^^^
>>
>> syslog-ng documentation:
>> http://www.balabit.com/support/documentation/?product=syslog-ng
>> mailing list: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>> *******************
>>
>> the release:
>> ++++++++++++
>> root at liet:/etc/syslog-ng# syslog-ng -V
>> syslog-ng 3.5.2
>> Installer-Version: 3.5.2
>> Revision: ssh+git://algernon@git.balabit/var/scm/git/syslog-ng/syslog-ng-ose--mainline--3.5#master#a31bdb7a7f57382a90305bd033753b2762469854
>> Compile-Date: Feb 28 2014 19:53:40
>> Available-Modules:
>> afsocket-notls,afamqp,linux-kmsg-format,basicfuncs,affile,dbparser,afsocket-tls,csvparser,afsocket,afstomp,system-source,afmongodb,cryptofuncs,afprog,syslogformat,afuser,confgen
>> Enable-Debug: off
>> Enable-GProf: off
>> Enable-Memtrace: off
>> Enable-IPv6: on
>> Enable-Spoof-Source: off
>> Enable-TCP-Wrapper: off
>> Enable-Linux-Caps: on
>> Enable-Pcre: on
>> *******************
>>
>> And the config file (my lines remarked with <<<<<<):
>>
>>
>> +++++++++++++++++
>> @version: 3.5
>>
>> # Drop-in replacement for a stock Slackware syslog.conf
>> # For info about the format of this file, see "man syslog-ng.conf"
>> # Written by Mario Preksavec <mario at slackware.hr>
>>
>> options {
>> flush_lines(0);
>> time_reopen(60);
>> log_fifo_size(10240);
>> log_msg_size(8192);
>> chain_hostnames(no);
>> use_dns(no);
>> use_fqdn(no);
>> create_dirs(yes);
>> keep_hostname(yes);
>> owner("root");
>> group("root");
>> perm(0640);
>> dir_perm(0755);
>> stats_freq(0);
>> check_hostname(yes);
>> dns_cache(no);
>> };
>>
>> source s_router { udp(ip(192.168.1.1) port(514)); }; <<<<<<<<<<<<<
>>
>> source s_system {
>> internal();
>> unix-dgram("/dev/log");
>> file("/proc/kmsg" program_override("kernel"));
>> };
>>
>> filter f_messages { level(info,notice) and not
>> facility(authpriv,cron,mail,news); };
>> filter f_syslog { level(warn..emerg) and not
>> facility(authpriv,cron,mail,news); };
>> filter f_debug { level(debug); };
>> filter f_authpriv { facility(authpriv); };
>> filter f_cron { facility(cron); };
>> filter f_mail { facility(mail); };
>> filter f_emerg { level(emerg); };
>> filter f_uucp { facility(uucp); };
>>
>> destination d_messages { file("/var/log/messages"); };
>> destination d_syslog { file("/var/log/syslog"); };
>> destination d_debug { file("/var/log/debug"); };
>> destination d_secure { file("/var/log/secure"); };
>> destination d_cron { file("/var/log/cron"); };
>> destination d_maillog { file("/var/log/maillog"); };
>> destination d_usertty { usertty("*"); };
>> destination d_spooler { file("/var/log/spooler"); };
>>
>> destination d_router { file("/var/log/router"); }; <<<<<<<<<<<<<
>>
>> ############
>> ## Router
>> ###########################
>> log { source{s_router}; destination{d_router}; }; <<<<<<<<<<<<<
>>
>> # Log anything 'info' or higher, but lower than 'warn'.
>> # Exclude authpriv, cron, mail, and news.  These are logged elsewhere.
>> log { source(s_system); filter(f_messages); destination(d_messages); };
>>
>> # Log anything 'warn' or higher.
>> # Exclude authpriv, cron, mail, and news.  These are logged elsewhere.
>> log { source(s_system); filter(f_syslog); destination(d_syslog); };
>>
>> # Debugging information is logged here.
>> log { source(s_system); filter(f_debug); destination(d_debug); };
>>
>> # Private authentication message logging:
>> log { source(s_system); filter(f_authpriv); destination(d_secure); };
>>
>> # Cron related logs:
>> log { source(s_system); filter(f_cron); destination(d_cron); };
>>
>> # Mail related logs:
>> log { source(s_system); filter(f_mail); destination(d_maillog); };
>>
>> # Emergency level messages go to all users:
>> log { source(s_system); filter(f_emerg); destination(d_usertty); };
>>
>> # This log is for news and uucp errors:
>> log { source(s_system); filter(f_uucp); destination(d_spooler); };
>>
>> # Uncomment this to see kernel messages on the console.
>> #filter f_kern { facility(kern); };
>> #destination d_console { file("/dev/console"); };
>> #log { source(s_system); filter(f_kern); destination(d_console); };
>>
>> # Uncomment these if you'd like INN to keep logs on everything.
>> # You won't need this if you don't run INN (the InterNetNews daemon).
>> #filter f_news_crit { facility(news) and level(crit); };
>> #filter f_news_err { facility(news) and level(err); };
>> #filter f_news_notice { facility(news) and level(notice); };
>> #destination d_news_crit { file("/var/log/news/news.crit"); };
>> #destination d_news_err { file("/var/log/news/news.err"); };
>> #destination d_news_notice { file("/var/log/news/news.notice"); };
>> #log { source(s_system); filter(f_news_crit); destination(d_news_crit); };
>> #log { source(s_system); filter(f_news_err); destination(d_news_err); };
>> #log { source(s_system); filter(f_news_notice); destination(f_news_notice); };
>> ***************************
>>
>> If I comment my "log" line, it works fine, but if I use it, it
>> complains about the "source" entry.
>>
>> Surely it is a silly mistake, but I can't see it, so if any of you
>> could help me I really would be very gratefull
>>
>> thanks a lot!
>>
>> JM Diaz
>> ______________________________________________________________________________
>> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>> Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
>> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>>
>
>
> --
> Evan Rempel                                      erempel at uvic.ca
> Senior Systems Administrator                        250.721.7691
> Data Centre Services, University Systems, University of Victoria
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>

More information about the syslog-ng mailing list