[syslog-ng] Syslog-ng Multiple Instances

David Campeau David.Campeau at tn.gov
Wed Jun 29 21:04:46 CEST 2016 

Thanks,

I’ll see what I can do about upgrading the version, as I didn’t realize it was that far behind.  Will follow up with the findings.


Best Regards,

David

From: syslog-ng-bounces at lists.balabit.hu [mailto:syslog-ng-bounces at lists.balabit.hu] On Behalf Of Scheidler, Balázs
Sent: Wednesday, June 29, 2016 11:01 AM
To: Syslog-ng users' and developers' mailing list
Subject: Re: [syslog-ng] Syslog-ng Multiple Instances

Hi,
syslog-ng-ctl requires the same control file that you supplied to the 2nd syslog-ng instance, so this should work:

$ syslog-ng-ctl --control=/usr/local/bin/syslog-ng-Second-Instance/syslog-ng.ctl
If it started up, it should work though. Can you start syslog-ng in the foreground (-F) and request debug logs using -de, so it should look like this:

$ syslog-ng -Fed --cfgfile=/usr/local/bin/syslog-ng-Second-Instance/syslog-ng.conf --persist-file=/usr/local/bin/syslog-ng-Second-Instance/syslog-ng.persist --pidfile=/usr/local/bin/syslog-ng-Second-Instance/syslog-ng.pid --control=/usr/local/bin/syslog-ng-Second-Instance/syslog-ng.ctl
This should display a couple of debugging messages during startup and also whenever a message is received. You might find a clue there.

Also, this may or may not have a relation to the problem you are seeing, but 3.3.4 is pretty old, probably more than 5 years old. Our current version is 3.7.3.


--
Bazsi

On Wed, Jun 29, 2016 at 3:33 PM, David Campeau <David.Campeau at tn.gov<mailto:David.Campeau at tn.gov>> wrote:
I'm not sure of the syntax needed to connect to the socket or how to prepare the system.

Below is just a blind attempt to connect to a socket.  The 2nd instance of syslog-ng is running and listening on port 518.

I created a directory under /run called "syslog-ng-Second-Instance" and tried to connect...  However Connection is refused.

Command Used:
root at syslog-ng:# syslog-ng-ctl verbose --set=on --control=/run/syslog-ng-Second-Instance
Error connecting control socket, socket='/run/syslog-ng-Second-Instance', error='Connection refused'


Any thoughts on the correct syntax and preparation needed?


Best Regards,





-----Original Message-----
From: jrhendri at roadrunner.com<mailto:jrhendri at roadrunner.com> [mailto:jrhendri at roadrunner.com<mailto:jrhendri at roadrunner.com>]
Sent: Tuesday, June 28, 2016 3:00 PM
To: Syslog-ng users' and developers' mailing list; David Campeau
Subject: RE: [syslog-ng] Syslog-ng Multiple Instances

Maybe this?

If you need to use a non-standard control socket to access syslog-ng,
       use the syslog-ng-ctl <command> --set=on --control=<socket> command to
       specify the socket to use.



---- David Campeau <David.Campeau at tn.gov<mailto:David.Campeau at tn.gov>> wrote:
> Jim,
>
> No errors as the instance starts normally and listens on port 518. However, no logs are received or forwarded.
>
> root at syslog-ng1:/usr/local/bin/syslog-ng-Second-Instance# netstat -an |grep 518
> udp        0      0 0.0.0.0:518<http://0.0.0.0:518>             0.0.0.0:*
>
> The test device is on the same subnet as syslog-ng listening on port 518, so there aren't any firewall issues. I've verified the test device is configured for port 518.
>
> However, when I check ctl stats, it's seeing the stats of the production syslog-ng instance.  So, it appears this is improperly configured, but it's unknown what needs to be changed.
>
> Best Regards,
>
>
> -----Original Message-----
> From: jrhendri at roadrunner.com<mailto:jrhendri at roadrunner.com> [mailto:jrhendri at roadrunner.com<mailto:jrhendri at roadrunner.com>]
> Sent: Tuesday, June 28, 2016 12:53 PM
> To: Syslog-ng users' and developers' mailing list
> Cc: David Campeau
> Subject: Re: [syslog-ng] Syslog-ng Multiple Instances
>
> The only thing that would limit the number of instances that I am aware of are conflicts for opening things like network ports, connections to databases, maybe FIFOs, etc.
>
> I would look at that as a place to start.
>
> What kind of errors are you getting when you try to start the second instance?
>
> Jim
>
> ---- David Campeau <David.Campeau at tn.gov<mailto:David.Campeau at tn.gov>> wrote:
> > Hello,
> >
> > I've been using syslog-ng to filter syslog before forwarding on to a log collector. However, I need to spin up a second instance for testing purposes. I've found a little bit of information on-line, but it hasn't completed the entire picture.
> >
> > This is the command used to start up the 2nd instance. I'm pointing to separate .conf .persist .pid and .ctl files -- However, it's still not working. I suspect the issue is due to OS log sources. How do a change log sources?
> >
> > syslog-ng --cfgfile=/usr/local/bin/syslog-ng-Second-Instance/syslog-ng.conf --persist-file=/usr/local/bin/syslog-ng-Second-Instance/syslog-ng.persist --pidfile=/usr/local/bin/syslog-ng-Second-Instance/syslog-ng.pid --control=/usr/local/bin/syslog-ng-Second-Instance/syslog-ng.ctl &
> >
> > This is the upper part of the syslog-ng.conf file for the 2nd instance I wish to run.
> >
> > @version: 3.3.4
> > @include "scl.conf"
> >     options {
> >         time-reap(30);
> >         mark-freq(10);
> >         keep-hostname(yes);
> >         chain-hostnames(no);
> >         use-dns(no);
> > ##       log-fifo-size(500000);                ## Tuning Options
> > ##      flush_lines(10000);                   ## Tuning Options
> > ##       flush_timeout(10000);                ## Tuning Options
> >     };
> >
> >         source s_second_instance {
> >         syslog(transport("udp") port("518"));       #### Will receive test syslog on port 518
> >         };
> >
> >     destination d_syslog_udp {
> >         syslog("10.X.X.X"
> >             transport("udp")
> >             port("514")
> >             throttle(4000)
> >         );
> >     };
> >
> >
> >
> > I'm hoping someone has experience or has seen information on how to run a 2nd instance on the same box.
> >
> > Best Regards,
> >
> > David
>

______________________________________________________________________________
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
FAQ: http://www.balabit.com/wiki/syslog-ng-faq

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20160629/4a793f4a/attachment-0001.htm

More information about the syslog-ng mailing list