[syslog-ng] Error resolving reference; content='source', name='src', location='/etc/syslog-ng/syslog-ng.conf:26:7

Rick Silacci rick at velociter.net
Tue May 12 20:02:20 CEST 2015


One more question:  I get this when trying to start syslogng-web:


syslog-ng at syslogng-virtual-machine:~/syslogng-web$ sudo node app.js

Option log level is not valid. Please refer to the README.

initializing subsystem

  ...connected to MongoDB database

An error occured while setting up syslogng-web: collection syslog.messages not found Bail out syslog-ng at syslogng-virtual-machine:~/syslogng-web$


From: syslog-ng-bounces at lists.balabit.hu [mailto:syslog-ng-bounces at lists.balabit.hu] On Behalf Of Tibor Benke
Sent: Tuesday, May 12, 2015 10:48 AM
To: Syslog-ng users' and developers' mailing list
Subject: Re: [syslog-ng] Error resolving reference; content='source', name='src', location='/etc/syslog-ng/syslog-ng.conf:26:7

It depends on..

If you want to listen to /dev/log, your kernel logs and syslog-ng's own internal logs you should uncomment the s_src definition and use source(s_src).

If you want to listen to network logs, you should use source(s_net). It is already defined in your config you just have to use it.

You may find more information in syslog-ng's manual:

https://www.balabit.com/sites/default/files/documents/syslog-ng-ose-latest-guides/en/syslog-ng-ose-guide-admin/html-single/index.html#chapter-sources

2015-05-12 19:42 GMT+02:00 Rick Silacci <rick at velociter.net<mailto:rick at velociter.net>>:
Hi,

Is source going to be a file, directory or IP address?


From: syslog-ng-bounces at lists.balabit.hu<mailto:syslog-ng-bounces at lists.balabit.hu> [mailto:syslog-ng-bounces at lists.balabit.hu<mailto:syslog-ng-bounces at lists.balabit.hu>] On Behalf Of Tibor Benke
Sent: Tuesday, May 12, 2015 10:34 AM
To: Syslog-ng users' and developers' mailing list
Subject: Re: [syslog-ng] Error resolving reference; content='source', name='src', location='/etc/syslog-ng/syslog-ng.conf:26:7

Hi,

The problem is with this line:

log { source(); destination(mongodb); };

There is nothing in source().

This should be right:

log { source(s_src); destination(mongodb); };

Cheers,
Tibor

2015-05-12 19:29 GMT+02:00 Rick Silacci <rick at velociter.net<mailto:rick at velociter.net>>:


I can’t figure out why I’m getting this message.  Keep in mind, I just started using syslog.  Here’s the cfg:


@version: 3.5

@include "scl.conf"

@include "`scl-root`/system/tty10.conf"



# Syslog-ng configuration file, compatible with default Debian syslogd # installation.



# First, set some global options.

options { chain_hostnames(off); flush_lines(0); use_dns(no); use_fqdn(no);

              owner("root"); group("adm"); perm(0640); stats_freq(0);

              bad_hostname("^gconfd$");

};



########################

# Sources

########################

# This is the default behavior of sysklogd package # Logs may come from unix stream, but not from another machine.

#

#source s_src {

#       system();

#      internal();

#};



destination mongodb { mongodb(); };

log { source(); destination(mongodb); };







# If you wish to get logs from remote machine you should uncomment # this and comment the above source line.

#

source s_net { tcp(ip(127.0.0.1) port(1000) keep-alive(yes)); };



########################

# Destinations

########################

# First some standard logfile

#

destination d_auth { file("/var/log/auth.log"); }; destination d_cron { file("/var/log/cron.log"); }; destination d_daemon { file("/var/log/daemon.log"); }; destination d_kern { file("/var/log/kern.log"); }; destination d_lpr { file("/var/log/lpr.log"); }; destination d_mail { file("/var/log/mail.log"); }; destination d_syslog { file("/var/log/syslog"); }; destination d_user { file("/var/log/user.log"); }; destination d_uucp { file("/var/log/uucp.log"); };



#destination mongodb { file("/var/log/mongodb.log"); };





# This files are the log come from the mail subsystem.

#

destination d_mailinfo { file("/var/log/mail.info<http://mail.info>"); }; destination d_mailwarn { file("/var/log/mail.warn"); }; destination d_mailerr { file("/var/log/mail.err"); };



# Logging for INN news system

#

destination d_newscrit { file("/var/log/news/news.crit"); }; destination d_newserr { file("/var/log/news/news.err"); }; destination d_newsnotice { file("/var/log/news/news.notice"); };



# Some `catch-all' logfiles.

#

destination d_debug { file("/var/log/debug"); }; destination d_error { file("/var/log/error"); }; destination d_messages { file("/var/log/messages"); };



# The root's console.

#

destination d_console { usertty("root"); };



# Virtual console.

#

destination d_console_all { file(`tty10`); };



# The named pipe /dev/xconsole is for the nsole' utility.  To use it, # you must invoke nsole' with the -file' option:

#

#    $ xconsole -file /dev/xconsole [...]

#

destination d_xconsole { pipe("/dev/xconsole"); };



# Send the messages to an other host

#

#destination d_net { tcp("127.0.0.1" port(1000) log_fifo_size(1000)); };



# Debian only

destination d_ppp { file("/var/log/ppp.log"); };



########################

# Filters

########################

# Here's come the filter options. With this rules, we can set which # message go where.



filter f_dbg { level(debug); };

filter f_info { level(info); };

filter f_notice { level(notice); };

filter f_warn { level(warn); };

filter f_err { level(err); };

filter f_crit { level(crit .. emerg); };



filter f_debug { level(debug) and not facility(auth, authpriv, news, mail); }; filter f_error { level(err .. emerg) ; }; filter f_messages { level(info,notice,warn) and

                    not facility(auth,authpriv,cron,daemon,mail,news); };



filter f_auth { facility(auth, authpriv) and not filter(f_debug); }; filter f_cron { facility(cron) and not filter(f_debug); }; filter f_daemon { facility(daemon) and not filter(f_debug); }; filter f_kern { facility(kern) and not filter(f_debug); }; filter f_lpr { facility(lpr) and not filter(f_debug); }; filter f_local { facility(local0, local1, local3, local4, local5,

                        local6, local7) and not filter(f_debug); }; filter f_mail { facility(mail) and not filter(f_debug); }; filter f_news { facility(news) and not filter(f_debug); }; filter f_syslog3 { not facility(auth, authpriv, mail) and not filter(f_debug); }; filter f_user { facility(user) and not filter(f_debug); }; filter f_uucp { facility(uucp) and not filter(f_debug); };



filter f_cnews { level(notice, err, crit) and facility(news); }; filter f_cother { level(debug, info, notice, warn) or facility(daemon, mail); };



filter f_ppp { facility(local2) and not filter(f_debug); }; filter f_console { level(warn .. emerg); };



########################

# Log paths

########################

log { source(s_src); filter(f_auth); destination(d_auth); }; log { source(s_src); filter(f_cron); destination(d_cron); }; log { source(s_src); filter(f_daemon); destination(d_daemon); }; log { source(s_src); filter(f_kern); destination(d_kern); }; log { source(s_src); filter(f_lpr); destination(d_lpr); }; log { source(s_src); filter(f_syslog3); destination(d_syslog); }; log { source(s_src); filter(f_user); destination(d_user); }; log { source(s_src); filter(f_uucp); destination(d_uucp); };



log { source(s_src); filter(f_mail); destination(d_mail); }; #log { source(s_src); filter(f_mail); filter(f_info); destination(d_mailinfo); }; #log { source(s_src); filter(f_mail); filter(f_warn); destination(d_mailwarn); }; #log { source(s_src); filter(f_mail); filter(f_err); destination(d_mailerr); };



log { source(s_src); filter(f_news); filter(f_crit); destination(d_newscrit); }; log { source(s_src); filter(f_news); filter(f_err); destination(d_newserr); }; log { source(s_src); filter(f_news); filter(f_notice); destination(d_newsnotice); }; #log { source(s_src); filter(f_cnews); destination(d_console_all); }; #log { source(s_src); filter(f_cother); destination(d_console_all); };



#log { source(s_src); filter(f_ppp); destination(d_ppp); };



log { source(s_src); filter(f_debug); destination(d_debug); }; log { source(s_src); filter(f_error); destination(d_error); }; log { source(s_src); filter(f_messages); destination(d_messages); };



log { source(s_src); filter(f_console); destination(d_console_all);

                                                    destination(d_xconsole); };

log { source(s_src); filter(f_crit); destination(d_console); };



# All messages send to a remote site

#

#log { source(s_src); destination(d_net); };



###

# Include all config files in /etc/syslog-ng/conf.d/ ### @include "/etc/syslog-ng/conf.d/*.conf"



______________________________________________________________________________
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
FAQ: http://www.balabit.com/wiki/syslog-ng-faq


______________________________________________________________________________
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
FAQ: http://www.balabit.com/wiki/syslog-ng-faq


-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20150512/70a1e21b/attachment-0001.htm 


More information about the syslog-ng mailing list