[syslog-ng] Error binding socket;

vinod samant vinod.samant.123 at gmail.com
Fri May 11 13:03:51 UTC 2018 

Hi ,
When  i am going to comment those lines on server side ,syslog-ng is
working fine ,But all logs are coming in one file */var/log/from_net .*

*commented lines:-*

source s_net {
  network(flags(no-parse));
};

parser p_apache {
  csv-parser(
    columns("apache.FILE_NAME", "apache.MESSAGE")
    flags(greedy)
  );
};
destination d_apache {
  file("/usr/local/apache/logs/${apache.FILE_NAME}"
       template("${apache.MESSAGE}\n"));
};

log{
   source (s_net);
   parser (p_apache);
   destination(d_apache);
};

*Is it necessary to define port in server side configuration file also?*

*Can you share  wildcard configuration for both server side and cilent
side?*













*Thanks & Regards :-*

*VINOD SINGH SAUD*

*(M):- 09718663552*

*(W):-09997645597*

*(E) :- vinod.samant.123 at gmail.com <vinod.samant.123 at gmail.com>*

On Fri, May 11, 2018 at 6:02 PM, Nagy, Gábor <gabor.nagy at balabit.com> wrote:

> Hi!
>
> It seems that some other process is using the default syslog port
> > Starting syslog-ng: [2018-05-11T16:41:55.756615] Error binding socket;
> addr='AF_INET(0.0.0.0:514)', error='Address already in use (98)'
>
> I would suggest to check the port with netstat.
>
> Regards,
> Gabor
>
> On Fri, May 11, 2018 at 1:23 PM, vinod samant <vinod.samant.123 at gmail.com>
> wrote:
>
>> Hi
>> I am getting below error while restarting server .
>>
>> [root at localhost logs]# /etc/init.d/syslog-ng restart
>> Stopping syslog-ng:                                        [FAILED]
>> syslog-ng is stopped
>> Starting syslog-ng: [2018-05-11T16:41:55.756615] Error binding socket;
>> addr='AF_INET(0.0.0.0:514)', error='Address already in use (98)'
>> [2018-05-11T16:41:55.756684] Error initializing message pipeline; plugin
>> name='network', location='/etc/syslog-ng/syslog-ng.conf:24:3'
>>                                                            [FAILED]
>>
>>
>> My requirement :-
>>
>> OS:- centos 6.5
>>
>> 1. I want to use wildcard to send all apache custom logs from client to
>> server .
>>
>> Configuration of both client and server :-
>>
>>  >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>client
>> conf<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
>> @version:3.13
>> @include "scl.conf"
>> @define allow-config-dups 1
>>
>> source s_local {
>>     system();
>>     internal();
>>
>> };
>> destination d_network {udp("192.168.122.67" port(514));
>>
>> };
>>
>> destination d_local {
>>             file("/var/log/messages");
>> };
>>
>> log{
>>    source(s_local);
>>    destination(d_network);
>>    destination(d_local);
>>
>> };
>>
>> ####################
>> source s_local{
>>           wildcard-file(
>>           base-dir("/usr/local/apache/logs")
>>           filename-pattern("*.log")
>>           recursive(no)
>>           follow-freq(1));
>> };
>>
>> destination d_network {tcp("192.168.122.67" port(514));
>>
>> };
>>
>> log{
>>    source(s_local);
>>    destination(d_network);
>>
>> };
>>
>>
>> >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>server
>> conf<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
>>
>> @version:3.13
>> @include "scl.conf"
>>
>> source s_local{system(); internal();};
>> source s_network{
>>
>>          udp();
>>          tcp();
>>
>> };
>>
>> destination d_local{file("/var/log/messages");};
>> destination d_from_net{file("/var/log/from_net");};
>> log{
>>    source(s_local);
>>    destination(d_local);
>> };
>> log { source(s_network); destination(d_from_net); };
>>
>>
>> source s_net {
>>   network(flags(no-parse));
>> };
>>
>> parser p_apache {
>>   csv-parser(
>>     columns("apache.FILE_NAME", "apache.MESSAGE")
>>     flags(greedy)
>>   );
>> };
>> destination d_apache {
>>   file("/usr/local/apache/logs/${apache.FILE_NAME}"
>>        template("${apache.MESSAGE}\n"));
>> };
>>
>> log{
>>    source (s_net);
>>    parser (p_apache);
>>    destination(d_apache);
>> };
>>
>>
>> What should be changed on configuration file on both side ?
>>
>>
>>
>>
>>
>>
>> *Thanks & Regards :-*
>>
>> *VINOD SINGH SAUD*
>>
>> *(M):- 09718663552*
>>
>> *(W):-09997645597*
>>
>> *(E) :- vinod.samant.123 at gmail.com <vinod.samant.123 at gmail.com>*
>>
>> ____________________________________________________________
>> __________________
>> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>> Documentation: http://www.balabit.com/support/documentation/?product=
>> syslog-ng
>> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>>
>>
>>
>
> ____________________________________________________________
> __________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation: http://www.balabit.com/support/documentation/?
> product=syslog-ng
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20180511/0fbe5204/attachment-0001.html>

More information about the syslog-ng mailing list