[syslog-ng] Difference in version

vinod samant vinod.samant.123 at gmail.com
Tue May 8 11:38:20 UTC 2018


Please suggest..


*Thanks & Regards :-*

*VINOD SINGH SAUD*

*(M):- 09718663552*

*(W):-09997645597*

*(E) :- vinod.samant.123 at gmail.com <vinod.samant.123 at gmail.com>*

On Tue, May 8, 2018 at 3:16 PM, vinod samant <vinod.samant.123 at gmail.com>
wrote:

> Hi ,
> I have used same configuration as you have sent ,
> client IP:-  192.168.122.61
> central server IP:- 192.168.122.184
> my Client configuration file:-
>
> @version:3.13
> @include "scl.conf"
>
> # syslog-ng configuration file.
> #
> # This should behave pretty much like the original syslog on RedHat. But
> # it could be configured a lot smarter.
> #
> # See syslog-ng(8) and syslog-ng.conf(5) for more information.
> #
> # Note: it also sources additional configuration files (*.conf)
> #       located in /etc/syslog-ng/conf.d/
>
> options {
>     flush_lines (0);
>     time_reopen (10);
>     log_fifo_size (1000);
>     chain_hostnames (off);
>     use_dns (no);
>     use_fqdn (no);
>     create_dirs (no);
>     keep_hostname (yes);
> };
>
> source s_sys {
>     system();
>     internal();
>     # udp(ip(0.0.0.0) port(514));
> };
>
> destination d_cons { file("/dev/console"); };
> destination d_mesg { file("/var/log/messages"); };
> destination d_auth { file("/var/log/secure"); };
> destination d_mail { file("/var/log/maillog" flush_lines(10)); };
> destination d_spol { file("/var/log/spooler"); };
> destination d_boot { file("/var/log/boot.log"); };
> destination d_cron { file("/var/log/cron"); };
> destination d_kern { file("/var/log/kern"); };
> destination d_mlal { usertty("*"); };
>
> filter f_kernel     { facility(kern); };
> filter f_default    { level(info..emerg) and
>                         not (facility(mail)
>                         or facility(authpriv)
>                         or facility(cron)); };
> filter f_auth       { facility(authpriv); };
> filter f_mail       { facility(mail); };
> filter f_emergency  { level(emerg); };
> filter f_news       { facility(uucp) or
>                         (facility(news)
>                         and level(crit..emerg)); };
> filter f_boot   { facility(local7); };
> filter f_cron   { facility(cron); };
>
> #log { source(s_sys); filter(f_kernel); destination(d_cons); };
> log { source(s_sys); filter(f_kernel); destination(d_kern); };
> log { source(s_sys); filter(f_default); destination(d_mesg); };
> log { source(s_sys); filter(f_auth); destination(d_auth); };
> log { source(s_sys); filter(f_mail); destination(d_mail); };
> log { source(s_sys); filter(f_emergency); destination(d_mlal); };
> log { source(s_sys); filter(f_news); destination(d_spol); };
> log { source(s_sys); filter(f_boot); destination(d_boot); };
> log { source(s_sys); filter(f_cron); destination(d_cron); };
>
>
> # Source additional configuration files (.conf extension only)
> @include "/etc/syslog-ng/conf.d/*.conf"
>
>
> # vim:ft=syslog-ng:ai:si:ts=4:sw=4:et:
> #
>
>
>
> source s_apache {
>   wildcard-file(
>     base-dir("/var/log/httpd/")
>     filename-pattern("*access_*")
>     flags(no-parse)
>   )
>
>
> destination d_central {
>   network("192.168.122.184" port(udp))
> }
>
>
> log {
>   source(s_apache)
>   destination(d_central)
> }
>
> >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
> ERROR<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
> If I am starting syslog-ng then ,its showing below error
>
>
> [root at master syslog-ng]# service syslog-ng start
> Error parsing source, syntax error, unexpected KW_DESTINATION, expecting
> ';' in /etc/syslog-ng/syslog-ng.conf at line 83, column 1:
>
> destination d_central {
> ^^^^^^^^^^^
>
> syslog-ng documentation: https://www.balabit.com/
> support/documentation?product=syslog-ng-ose
> contact: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> [root at master syslog-ng]#
>
>
> So,Please help to configure client and central server.
>
>
>
>
> *Thanks & Regards :-*
>
> *VINOD SINGH SAUD*
>
> *(M):- 09718663552*
>
> *(W):-09997645597*
>
> *(E) :- vinod.samant.123 at gmail.com <vinod.samant.123 at gmail.com>*
>
> On Mon, May 7, 2018 at 7:30 PM, Gergely Nagy <algernon at balabit.com> wrote:
>
>> Hi!
>>
>> >>>>> "vinod" == vinod samant <vinod.samant.123 at gmail.com> writes:
>>
>>     vinod> 1.first one is using command  yum install syslog-ng ,  and it
>> has been
>>     vinod> installed ,if this way is wright then what will be the client
>> and server
>>     vinod> side configuration,Suppose
>>
>> The client should be configured to read the logs, the server to accept
>> them and put them where you want 'em. See below for two simple examples.
>>
>>     vinod> apache writing custom log on
>>     vinod> /usr/local/apache/logs/xyz_access_2018-05-07.log  ,Client
>> IP:- 10.10.64.1
>>     vinod> ,server IP:- 10.10.64.100.
>>
>> It looks like you're using files with dates in them, so you'll need a
>> wildcard source. Something along these lines may serve as a starting
>> point:
>>
>> ------------------------- * -------------------------
>>
>> # client config
>>
>> @version: 3.15
>>
>> source s_apache {
>>   wildcard-file(
>>     base-dir("/usr/local/apache/logs");
>>     filename-pattern("*_access_*.log");
>>     flags(no-parse);
>>   );
>> };
>>
>> destination d_central {
>>   network("10.0.0.1" port(1234));
>> };
>>
>> log {
>>   source(s_apache);
>>   destination(d_central);
>> };
>>
>> ------------------------- * -------------------------
>>
>> # server config
>>
>> @version: 3.15
>>
>> source s_network {
>>   network(port(1234));
>> };
>>
>> destination d_all {
>>   file("/var/log/all.log" template("${MSG}\n");
>> };
>>
>> log {
>>   source(s_network);
>>   destination(d_all);
>> };
>>
>> ------------------------- * -------------------------
>>
>> If you want to have the same filename on the server side, that becomes a
>> bit less trivial, but still doable. You'll have to transfer the filename
>> too, and extract it on the server side.
>>
>> This should be doable, because the ${FILE_NAME} macro on the client
>> contains the file a log line was read from, you can put this into the
>> message sent to the server, where it can be extracted and used to
>> construct the file the message gets saved to.
>>
>> The following thread might be of use if you want to go down this path:
>>  https://lists.balabit.hu/pipermail/syslog-ng/2015-March/021906.html
>>
>> I also recommend reading - or at least browsing the relevant parts of -
>> the syslog-ng administrator's guide. It has a lot of helpful information
>> about the configuration file syntax, options, and whatnot:
>>  https://syslog-ng.com/documents/html/syslog-ng-ose-3.14-
>> guides/en/syslog-ng-ose-guide-admin/html/index.html
>>
>>     vinod> 2. Second i have downloaded tar.gz file form github and trying
>> to install
>>     vinod> ,But i am facing lots of dependency problem.
>>
>>     vinod> Can you explain difference between both way installation which
>> i am triyng
>>     vinod> ?
>>
>> If you install from a binary package, you won't have to compile
>> anything. But you are limited to the version of syslog-ng your
>> distribution ships with (unless you use a third-party repository, which
>> you don't appear to be using). When compiling from source, you'll need
>> plenty of development tools - I'd recommend checking out the
>> docker-based building solution Laszlo Budai mentioned in his reply:
>>  https://github.com/balabit/syslog-ng/blob/master/dbld/image
>> s/centos6.dockerfile
>>
>> This should make it a *lot* easier to compile from source, as it has all
>> the dependencies already installed. There are some notes on how to use
>> the Dockerfile here:
>>  https://github.com/balabit/syslog-ng/tree/master/dbld
>>
>> The main difference between source and binary package is like the
>> difference between a recipe and a finished dish: if you have the recipe
>> (source), the ingredients and tools (dependencies, compiler, etc), then
>> you can cook the dish (binary package). Or you can order (download) the
>> finshed food (binary package), where someone else did the cooking for
>> you. :)
>>
>> --
>> |8]
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20180508/95bfa899/attachment.html>


More information about the syslog-ng mailing list