[syslog-ng] Error resolving reference; content='source', name='src', location='/etc/syslog-ng/syslog-ng.conf:26:7

Tibor Benke ihrwein at gmail.com
Tue May 12 19:47:47 CEST 2015


It depends on..

If you want to listen to /dev/log, your kernel logs and syslog-ng's own
internal logs you should uncomment the s_src definition and use
source(s_src).

If you want to listen to network logs, you should use source(s_net). It is
already defined in your config you just have to use it.

You may find more information in syslog-ng's manual:

https://www.balabit.com/sites/default/files/documents/syslog-ng-ose-latest-guides/en/syslog-ng-ose-guide-admin/html-single/index.html#chapter-sources

2015-05-12 19:42 GMT+02:00 Rick Silacci <rick at velociter.net>:

> *Hi,*
>
>
>
> *Is source going to be a file, directory or IP address?*
>
>
>
>
>
> *From:* syslog-ng-bounces at lists.balabit.hu [mailto:
> syslog-ng-bounces at lists.balabit.hu] *On Behalf Of *Tibor Benke
> *Sent:* Tuesday, May 12, 2015 10:34 AM
> *To:* Syslog-ng users' and developers' mailing list
> *Subject:* Re: [syslog-ng] Error resolving reference; content='source',
> name='src', location='/etc/syslog-ng/syslog-ng.conf:26:7
>
>
>
> Hi,
>
>
>
> The problem is with this line:
>
>
>
> *log { source(); destination(mongodb); };*
>
>
>
> There is nothing in source().
>
>
>
> This should be right:
>
>
>
> *log { source(s_src); destination(mongodb); };*
>
>
>
> Cheers,
>
> Tibor
>
>
>
> 2015-05-12 19:29 GMT+02:00 Rick Silacci <rick at velociter.net>:
>
>
>
>
>
> *I can’t figure out why I’m getting this message.  Keep in mind, I just
> started using syslog.  Here’s the cfg:*
>
>
>
> @version: 3.5
>
> @include "scl.conf"
>
> @include "`scl-root`/system/tty10.conf"
>
>
>
> # Syslog-ng configuration file, compatible with default Debian syslogd #
> installation.
>
>
>
> # First, set some global options.
>
> options { chain_hostnames(off); flush_lines(0); use_dns(no); use_fqdn(no);
>
>               owner("root"); group("adm"); perm(0640); stats_freq(0);
>
>               bad_hostname("^gconfd$");
>
> };
>
>
>
> ########################
>
> # Sources
>
> ########################
>
> # This is the default behavior of sysklogd package # Logs may come from
> unix stream, but not from another machine.
>
> #
>
> #source s_src {
>
> #       system();
>
> #      internal();
>
> #};
>
>
>
> destination mongodb { mongodb(); };
>
> log { source(); destination(mongodb); };
>
>
>
>
>
>
>
> # If you wish to get logs from remote machine you should uncomment # this
> and comment the above source line.
>
> #
>
> source s_net { tcp(ip(127.0.0.1) port(1000) keep-alive(yes)); };
>
>
>
> ########################
>
> # Destinations
>
> ########################
>
> # First some standard logfile
>
> #
>
> destination d_auth { file("/var/log/auth.log"); }; destination d_cron {
> file("/var/log/cron.log"); }; destination d_daemon {
> file("/var/log/daemon.log"); }; destination d_kern {
> file("/var/log/kern.log"); }; destination d_lpr { file("/var/log/lpr.log");
> }; destination d_mail { file("/var/log/mail.log"); }; destination d_syslog
> { file("/var/log/syslog"); }; destination d_user {
> file("/var/log/user.log"); }; destination d_uucp {
> file("/var/log/uucp.log"); };
>
>
>
> #destination mongodb { file("/var/log/mongodb.log"); };
>
>
>
>
>
> # This files are the log come from the mail subsystem.
>
> #
>
> destination d_mailinfo { file("/var/log/mail.info"); }; destination
> d_mailwarn { file("/var/log/mail.warn"); }; destination d_mailerr {
> file("/var/log/mail.err"); };
>
>
>
> # Logging for INN news system
>
> #
>
> destination d_newscrit { file("/var/log/news/news.crit"); }; destination
> d_newserr { file("/var/log/news/news.err"); }; destination d_newsnotice {
> file("/var/log/news/news.notice"); };
>
>
>
> # Some `catch-all' logfiles.
>
> #
>
> destination d_debug { file("/var/log/debug"); }; destination d_error {
> file("/var/log/error"); }; destination d_messages {
> file("/var/log/messages"); };
>
>
>
> # The root's console.
>
> #
>
> destination d_console { usertty("root"); };
>
>
>
> # Virtual console.
>
> #
>
> destination d_console_all { file(`tty10`); };
>
>
>
> # The named pipe /dev/xconsole is for the nsole' utility.  To use it, #
> you must invoke nsole' with the -file' option:
>
> #
>
> #    $ xconsole -file /dev/xconsole [...]
>
> #
>
> destination d_xconsole { pipe("/dev/xconsole"); };
>
>
>
> # Send the messages to an other host
>
> #
>
> #destination d_net { tcp("127.0.0.1" port(1000) log_fifo_size(1000)); };
>
>
>
> # Debian only
>
> destination d_ppp { file("/var/log/ppp.log"); };
>
>
>
> ########################
>
> # Filters
>
> ########################
>
> # Here's come the filter options. With this rules, we can set which #
> message go where.
>
>
>
> filter f_dbg { level(debug); };
>
> filter f_info { level(info); };
>
> filter f_notice { level(notice); };
>
> filter f_warn { level(warn); };
>
> filter f_err { level(err); };
>
> filter f_crit { level(crit .. emerg); };
>
>
>
> filter f_debug { level(debug) and not facility(auth, authpriv, news,
> mail); }; filter f_error { level(err .. emerg) ; }; filter f_messages {
> level(info,notice,warn) and
>
>                     not facility(auth,authpriv,cron,daemon,mail,news); };
>
>
>
> filter f_auth { facility(auth, authpriv) and not filter(f_debug); };
> filter f_cron { facility(cron) and not filter(f_debug); }; filter f_daemon
> { facility(daemon) and not filter(f_debug); }; filter f_kern {
> facility(kern) and not filter(f_debug); }; filter f_lpr { facility(lpr) and
> not filter(f_debug); }; filter f_local { facility(local0, local1, local3,
> local4, local5,
>
>                         local6, local7) and not filter(f_debug); }; filter
> f_mail { facility(mail) and not filter(f_debug); }; filter f_news {
> facility(news) and not filter(f_debug); }; filter f_syslog3 { not
> facility(auth, authpriv, mail) and not filter(f_debug); }; filter f_user {
> facility(user) and not filter(f_debug); }; filter f_uucp { facility(uucp)
> and not filter(f_debug); };
>
>
>
> filter f_cnews { level(notice, err, crit) and facility(news); }; filter
> f_cother { level(debug, info, notice, warn) or facility(daemon, mail); };
>
>
>
> filter f_ppp { facility(local2) and not filter(f_debug); }; filter
> f_console { level(warn .. emerg); };
>
>
>
> ########################
>
> # Log paths
>
> ########################
>
> log { source(s_src); filter(f_auth); destination(d_auth); }; log {
> source(s_src); filter(f_cron); destination(d_cron); }; log { source(s_src);
> filter(f_daemon); destination(d_daemon); }; log { source(s_src);
> filter(f_kern); destination(d_kern); }; log { source(s_src); filter(f_lpr);
> destination(d_lpr); }; log { source(s_src); filter(f_syslog3);
> destination(d_syslog); }; log { source(s_src); filter(f_user);
> destination(d_user); }; log { source(s_src); filter(f_uucp);
> destination(d_uucp); };
>
>
>
> log { source(s_src); filter(f_mail); destination(d_mail); }; #log {
> source(s_src); filter(f_mail); filter(f_info); destination(d_mailinfo); };
> #log { source(s_src); filter(f_mail); filter(f_warn);
> destination(d_mailwarn); }; #log { source(s_src); filter(f_mail);
> filter(f_err); destination(d_mailerr); };
>
>
>
> log { source(s_src); filter(f_news); filter(f_crit);
> destination(d_newscrit); }; log { source(s_src); filter(f_news);
> filter(f_err); destination(d_newserr); }; log { source(s_src);
> filter(f_news); filter(f_notice); destination(d_newsnotice); }; #log {
> source(s_src); filter(f_cnews); destination(d_console_all); }; #log {
> source(s_src); filter(f_cother); destination(d_console_all); };
>
>
>
> #log { source(s_src); filter(f_ppp); destination(d_ppp); };
>
>
>
> log { source(s_src); filter(f_debug); destination(d_debug); }; log {
> source(s_src); filter(f_error); destination(d_error); }; log {
> source(s_src); filter(f_messages); destination(d_messages); };
>
>
>
> log { source(s_src); filter(f_console); destination(d_console_all);
>
>
> destination(d_xconsole); };
>
> log { source(s_src); filter(f_crit); destination(d_console); };
>
>
>
> # All messages send to a remote site
>
> #
>
> #log { source(s_src); destination(d_net); };
>
>
>
> ###
>
> # Include all config files in /etc/syslog-ng/conf.d/ ### @include
> "/etc/syslog-ng/conf.d/*.conf"
>
>
>
>
>
>
>
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation:
> http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>
>
>
>
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation:
> http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20150512/7db2e055/attachment.htm 


More information about the syslog-ng mailing list