[syslog-ng] Error binding socket;
Gergely Nagy
algernon at balabit.com
Mon May 14 15:16:16 UTC 2018
>>>>> "vinod" == vinod samant <vinod.samant.123 at gmail.com> writes:
vinod> Hi Gergely,
vinod> My configuration my of both client and server side.
>>>>>>>>>>>>>>>>>>>>>>>>>>>>> client confg<<<<<<<<<<<<<<<<<<<<<<<<<<<
vinod> @version:3.13
vinod> @include "scl.conf"
vinod> @define allow-config-dups 1
...and herein lies one of your problems. You have multiple blocks with
the same name (`s_local`, `d_network`, etc). Only one of them will be
active, the last one.
In case of the client config, it will only forward apache logs, because
the last `s_local` block sources from there. If you want to forward
system and internal logs too, you'll have to name the block differently.
And likely forward to a different port, because in the examples I
provided, the server-side will only handle the apache logs correctly.
vinod> >>>>>>>>>>>>>>>>>>>>> server side cong<<<<<<<<<<<<<<<<<<<<<<<<<<<<
[...]
vinod> source s_network{
vinod> udp();
vinod> tcp();
vinod> };
vinod> log { source(s_network); destination(d_from_net); };
The above two snippets will make syslog-ng listen on the default udp &
tcp ports, and route every message to the `d_from_net` destination.
Which happens to be `/var/log/from_net`.
vinod> source s_net {
vinod> network(flags(no-parse));
vinod> };
Because the `s_network` source uses the default ports, and so does this,
this will not be able to start, because the previous one already
occupies the port.
vinod> log{
vinod> source (s_net);
vinod> parser (p_apache);
vinod> destination(d_apache);
vinod> };
For the above reason, `s_network` will see no traffic, and nothing will
get routed this way. This is why your logs end up in
`/var/log/from_net`.
I would suggest starting from the simple - but complete - examples I
gave, and extending it step-by-step to include other logs than apache.
--
|8]
More information about the syslog-ng
mailing list