[syslog-ng] syslog-ng Digest, Vol 169, Issue 3

Simon Tyler simon.tyler at aon.com
Thu May 2 15:32:11 UTC 2019


Hi Peter,

I commented out the network entry and uncommented this tcp entry:
source s_net {
        tcp(ip(10.8.41.60) port(514));
};

I can see syslog-ng start up and process local log messages:

[root at ip-10-8-41-60 syslog-ng]# syslog-ng --debug
Trying to open module; module='syslogformat', filename='/lib64/syslog-ng/libsyslogformat.so'
Trying to open module; module='basicfuncs', filename='/lib64/syslog-ng/libbasicfuncs.so'
Trying to open module; module='afsocket', filename='/lib64/syslog-ng/libafsocket.so'
Trying to open module; module='affile', filename='/lib64/syslog-ng/libaffile.so'
Trying to open module; module='afprog', filename='/lib64/syslog-ng/libafprog.so'
Trying to open module; module='afuser', filename='/lib64/syslog-ng/libafuser.so'
Trying to open module; module='dbparser', filename='/lib64/syslog-ng/libdbparser.so'
Trying to open module; module='csvparser', filename='/lib64/syslog-ng/libcsvparser.so'
Trying to open module; module='afsql', filename='/lib64/syslog-ng/libafsql.so'
Starting to read include file; filename='/etc/syslog-ng/scl.conf', depth='1'
Global value changed; define='scl-root', value='/usr/share/syslog-ng/include/scl'
Global value changed; define='include-path', value='/etc/syslog-ng:/usr/share/syslog-ng/include'
Starting to read include file; filename='/etc/syslog-ng/modules.conf', depth='2'
Global value changed; define='autoload-compiled-modules', value='0'
Trying to open module; module='syslogformat', filename='/lib64/syslog-ng/libsyslogformat.so'
Attempted to register the same plugin multiple times, ignoring; context='format', name='syslog'
Trying to open module; module='basicfuncs', filename='/lib64/syslog-ng/libbasicfuncs.so'
Attempted to register the same plugin multiple times, ignoring; context='template-func', name='echo'
Attempted to register the same plugin multiple times, ignoring; context='template-func', name='grep'
Attempted to register the same plugin multiple times, ignoring; context='template-func', name='if'
Trying to open module; module='afsocket', filename='/lib64/syslog-ng/libafsocket.so'
Attempted to register the same plugin multiple times, ignoring; context='source', name='unix-stream'
Attempted to register the same plugin multiple times, ignoring; context='destination', name='unix-stream'
Attempted to register the same plugin multiple times, ignoring; context='source', name='unix-dgram'
Attempted to register the same plugin multiple times, ignoring; context='destination', name='unix-dgram'
Attempted to register the same plugin multiple times, ignoring; context='source', name='tcp'
Attempted to register the same plugin multiple times, ignoring; context='destination', name='tcp'
Attempted to register the same plugin multiple times, ignoring; context='source', name='tcp6'
Attempted to register the same plugin multiple times, ignoring; context='destination', name='tcp6'
Attempted to register the same plugin multiple times, ignoring; context='source', name='udp'
Attempted to register the same plugin multiple times, ignoring; context='destination', name='udp'
Attempted to register the same plugin multiple times, ignoring; context='source', name='udp6'
Attempted to register the same plugin multiple times, ignoring; context='destination', name='udp6'
Attempted to register the same plugin multiple times, ignoring; context='source', name='syslog'
Attempted to register the same plugin multiple times, ignoring; context='destination', name='syslog'
Trying to open module; module='affile', filename='/lib64/syslog-ng/libaffile.so'
Attempted to register the same plugin multiple times, ignoring; context='source', name='file'
Attempted to register the same plugin multiple times, ignoring; context='source', name='pipe'
Attempted to register the same plugin multiple times, ignoring; context='destination', name='file'
Attempted to register the same plugin multiple times, ignoring; context='destination', name='pipe'
Trying to open module; module='afprog', filename='/lib64/syslog-ng/libafprog.so'
Attempted to register the same plugin multiple times, ignoring; context='source', name='program'
Attempted to register the same plugin multiple times, ignoring; context='destination', name='program'
Trying to open module; module='afuser', filename='/lib64/syslog-ng/libafuser.so'
Attempted to register the same plugin multiple times, ignoring; context='destination', name='usertty'
Trying to open module; module='dbparser', filename='/lib64/syslog-ng/libdbparser.so'
Attempted to register the same plugin multiple times, ignoring; context='parser', name='db-parser'
Trying to open module; module='csvparser', filename='/lib64/syslog-ng/libcsvparser.so'
Attempted to register the same plugin multiple times, ignoring; context='parser', name='csv-parser'
Finishing include; filename='/etc/syslog-ng/modules.conf', depth='2'
Starting to read include file; filename='/usr/share/syslog-ng/include/scl/system/plugin.conf', depth='2'
Trying to open module; module='confgen', filename='/lib64/syslog-ng/libconfgen.so'
Finishing include; filename='/usr/share/syslog-ng/include/scl/system/plugin.conf', depth='2'
Starting to read include file; filename='/usr/share/syslog-ng/include/scl/pacct/plugin.conf', depth='2'
Finishing include; filename='/usr/share/syslog-ng/include/scl/pacct/plugin.conf', depth='2'
Starting to read include file; filename='/usr/share/syslog-ng/include/scl/syslogconf/plugin.conf', depth='2'
Trying to open module; module='confgen', filename='/lib64/syslog-ng/libconfgen.so'
Finishing include; filename='/usr/share/syslog-ng/include/scl/syslogconf/plugin.conf', depth='2'
Finishing include; filename='/etc/syslog-ng/scl.conf', depth='1'
Running application hooks; hook='1'
Running application hooks; hook='3'
syslog-ng starting up; version='3.2.5'
Incoming log entry; line='<30>May  2 15:20:55 dhclient[1689]: XMT: Solicit on eth0, interval 129080ms.'

But, there is no syslog process listening on port 514 or any other port.
I did try upgrading to a more recent version 3.19 from here: https://copr.fedorainfracloud.org/coprs/czanik/syslog-ng319/repo/epel-7/czanik-syslog-ng319-epel-7.repo however this is an Amazon linux instance and it appears to conflict with some of the operating system packages. 

I thought I would check in with you one more time to see if you have any other suggestions; otherwise, I can try Centos and a more recent version of syslog-ng.

Thanks again for your help,

Simon Tyler  |  Senior Systems Administrator - PathWise Solutions Group
Aon
225 King Street West, Suite 1000  |  Toronto, ON M5V 3M2, Canada
t +1.416.263.7755  |  m +1.416.564.4855  |  f +1.416.979.7724
simon.tyler at aon.com
PLEASE NOTE that my email address has changed to simon.tyler at aon.com


-----Original Message-----
From: syslog-ng [mailto:syslog-ng-bounces at lists.balabit.hu] On Behalf Of syslog-ng-request at lists.balabit.hu
Sent: Thursday, May 02, 2019 1:23 AM
To: syslog-ng at lists.balabit.hu
Subject: syslog-ng Digest, Vol 169, Issue 3

Send syslog-ng mailing list submissions to
	syslog-ng at lists.balabit.hu

To subscribe or unsubscribe via the World Wide Web, visit
	https://lists.balabit.hu/mailman/listinfo/syslog-ng
or, via email, send a message with subject or body 'help' to
	syslog-ng-request at lists.balabit.hu

You can reach the person managing the list at
	syslog-ng-owner at lists.balabit.hu

When replying, please edit your Subject line so it is more specific
than "Re: Contents of syslog-ng digest..."


Today's Topics:

   1. Re:  syslog-ng Digest, Vol 169, Issue 1 (Péter)


----------------------------------------------------------------------

Message: 1
Date: Thu, 2 May 2019 07:22:28 +0200
From: Péter, Kókai <peter.kokai at oneidentity.com>
To: "Syslog-ng users' and developers' mailing list"
	<syslog-ng at lists.balabit.hu>
Subject: Re: [syslog-ng] syslog-ng Digest, Vol 169, Issue 1
Message-ID:
	<CABxQCphefFz0VVvGYVkGzMr6GzUPbeHVp3b8Gq_fbgcRazKJaQ at mail.gmail.com>
Content-Type: text/plain; charset="utf-8"

Hello,

Okay I see it now. You are using a version (3.2) which as far as I can see
did not have *network* keyword at all.
Instead of *network*, you could use tcp, udp, tls, ...

Or even better upgrade to something much newer if possible :)

The "Avaiable-Modules" is also a later feature, so that was a reason not to
show up the list of modules, not the lack of them.

--
Kokan

On Wed, May 1, 2019 at 9:41 PM Simon Tyler <simon.tyler at aon.com> wrote:

> Hi Kohan,
>
> It appears that modules are not loading?
>
> [root at ip-10-8-41-60 syslog-ng]# syslog-ng -V
> syslog-ng 3.2.5
> Installer-Version: 3.2.5
> Revision: ssh+git://bazsi@git.balabit
> //var/scm/git/syslog-ng/syslog-ng-ose--mainline--3.2#master#9d4bea28198bd731df1a61e980a2af5b88d81116
> Compile-Date: Jul 25 2014 15:20:50
> Enable-Threads: on
> Enable-Debug: off
> Enable-GProf: off
> Enable-Memtrace: off
> Enable-Sun-STREAMS: off
> Enable-IPv6: on
> Enable-Spoof-Source: on
> Enable-TCP-Wrapper: on
> Enable-SSL: off
> Enable-SQL: on
> Enable-Linux-Caps: off
> Enable-Pcre: on
> Enable-Pacct: off
>
> -------------------------------------------------------------
> I tried putting full path to modules.conf in scl.conf:
>
> [root at ip-10-8-41-60 syslog-ng]# cat scl.conf
>
> #############################################################################
> # Copyright (c) 2010 BalaBit IT Ltd, Budapest, Hungary
> #
> # This program is free software; you can redistribute it and/or modify it
> # under the terms of the GNU General Public License version 2 as published
> # by the Free Software Foundation, or (at your option) any later version.
> #
> # As an additional exemption you are allowed to compile & link against the
> # OpenSSL libraries as published by the OpenSSL project. See the file
> # COPYING for details.
> #
> # This program is distributed in the hope that it will be useful,
> # but WITHOUT ANY WARRANTY; without even the implied warranty of
> # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
> # GNU General Public License for more details.
> #
> # You should have received a copy of the GNU General Public License
> # along with this program; if not, write to the Free Software
> # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301
> USA
> #
>
> #############################################################################
> #
> # This file is placed into /etc/syslog-ng in order to make it trivial to
> # include in user written syslog-ng.conf files.  It sets up 'scl-root' and
> # `include-path`, then includes all SCL supplied plugins.
> #
>
> @define scl-root "`syslog-ng-data`/include/scl"
> @define include-path "`include-path`:`syslog-ng-data`/include"
>
> #@include 'modules.conf'
> @include '/etc/syslog-ng/modules.conf'
> @include 'scl/system/plugin.conf'
> @include 'scl/pacct/plugin.conf'
> @include 'scl/syslogconf/plugin.conf'
>
> ---------------------------------------------------
> Debug it seems to be trying to open modules, and it knows where they live:
> [root at ip-10-8-41-60 syslog-ng]# syslog-ng --debug
> Trying to open module; module='syslogformat',
> filename='/lib64/syslog-ng/libsyslogformat.so'
> Trying to open module; module='basicfuncs',
> filename='/lib64/syslog-ng/libbasicfuncs.so'
> Trying to open module; module='afsocket',
> filename='/lib64/syslog-ng/libafsocket.so'
> Trying to open module; module='affile',
> filename='/lib64/syslog-ng/libaffile.so'
> Trying to open module; module='afprog',
> filename='/lib64/syslog-ng/libafprog.so'
> Trying to open module; module='afuser',
> filename='/lib64/syslog-ng/libafuser.so'
> Trying to open module; module='dbparser',
> filename='/lib64/syslog-ng/libdbparser.so'
> Trying to open module; module='csvparser',
> filename='/lib64/syslog-ng/libcsvparser.so'
> Trying to open module; module='afsql',
> filename='/lib64/syslog-ng/libafsql.so'
> Starting to read include file; filename='/etc/syslog-ng/scl.conf',
> depth='1'
> Global value changed; define='scl-root',
> value='/usr/share/syslog-ng/include/scl'
> Global value changed; define='include-path',
> value='/etc/syslog-ng:/usr/share/syslog-ng/include'
> Starting to read include file; filename='/etc/syslog-ng/modules.conf',
> depth='2'
> Global value changed; define='autoload-compiled-modules', value='0'
> Trying to open module; module='syslogformat',
> filename='/lib64/syslog-ng/libsyslogformat.so'
> Attempted to register the same plugin multiple times, ignoring;
> context='format', name='syslog'
> Trying to open module; module='basicfuncs',
> filename='/lib64/syslog-ng/libbasicfuncs.so'
> Attempted to register the same plugin multiple times, ignoring;
> context='template-func', name='echo'
> Attempted to register the same plugin multiple times, ignoring;
> context='template-func', name='grep'
> Attempted to register the same plugin multiple times, ignoring;
> context='template-func', name='if'
> Trying to open module; module='afsocket',
> filename='/lib64/syslog-ng/libafsocket.so'
> Attempted to register the same plugin multiple times, ignoring;
> context='source', name='unix-stream'
> Attempted to register the same plugin multiple times, ignoring;
> context='destination', name='unix-stream'
> Attempted to register the same plugin multiple times, ignoring;
> context='source', name='unix-dgram'
> Attempted to register the same plugin multiple times, ignoring;
> context='destination', name='unix-dgram'
> Attempted to register the same plugin multiple times, ignoring;
> context='source', name='tcp'
> Attempted to register the same plugin multiple times, ignoring;
> context='destination', name='tcp'
> Attempted to register the same plugin multiple times, ignoring;
> context='source', name='tcp6'
> Attempted to register the same plugin multiple times, ignoring;
> context='destination', name='tcp6'
> Attempted to register the same plugin multiple times, ignoring;
> context='source', name='udp'
> Attempted to register the same plugin multiple times, ignoring;
> context='destination', name='udp'
> Attempted to register the same plugin multiple times, ignoring;
> context='source', name='udp6'
> Attempted to register the same plugin multiple times, ignoring;
> context='destination', name='udp6'
> Attempted to register the same plugin multiple times, ignoring;
> context='source', name='syslog'
> Attempted to register the same plugin multiple times, ignoring;
> context='destination', name='syslog'
> Trying to open module; module='affile',
> filename='/lib64/syslog-ng/libaffile.so'
> Attempted to register the same plugin multiple times, ignoring;
> context='source', name='file'
> Attempted to register the same plugin multiple times, ignoring;
> context='source', name='pipe'
> Attempted to register the same plugin multiple times, ignoring;
> context='destination', name='file'
> Attempted to register the same plugin multiple times, ignoring;
> context='destination', name='pipe'
> Trying to open module; module='afprog',
> filename='/lib64/syslog-ng/libafprog.so'
> Attempted to register the same plugin multiple times, ignoring;
> context='source', name='program'
> Attempted to register the same plugin multiple times, ignoring;
> context='destination', name='program'
> Trying to open module; module='afuser',
> filename='/lib64/syslog-ng/libafuser.so'
> Attempted to register the same plugin multiple times, ignoring;
> context='destination', name='usertty'
> Trying to open module; module='dbparser',
> filename='/lib64/syslog-ng/libdbparser.so'
> Attempted to register the same plugin multiple times, ignoring;
> context='parser', name='db-parser'
> Trying to open module; module='csvparser',
> filename='/lib64/syslog-ng/libcsvparser.so'
> Attempted to register the same plugin multiple times, ignoring;
> context='parser', name='csv-parser'
> Finishing include; filename='/etc/syslog-ng/modules.conf', depth='2'
> Starting to read include file;
> filename='/usr/share/syslog-ng/include/scl/system/plugin.conf', depth='2'
> Trying to open module; module='confgen',
> filename='/lib64/syslog-ng/libconfgen.so'
> Finishing include;
> filename='/usr/share/syslog-ng/include/scl/system/plugin.conf', depth='2'
> Starting to read include file;
> filename='/usr/share/syslog-ng/include/scl/pacct/plugin.conf', depth='2'
> Finishing include;
> filename='/usr/share/syslog-ng/include/scl/pacct/plugin.conf', depth='2'
> Starting to read include file;
> filename='/usr/share/syslog-ng/include/scl/syslogconf/plugin.conf',
> depth='2'
> Trying to open module; module='confgen',
> filename='/lib64/syslog-ng/libconfgen.so'
> Finishing include;
> filename='/usr/share/syslog-ng/include/scl/syslogconf/plugin.conf',
> depth='2'
> Finishing include; filename='/etc/syslog-ng/scl.conf', depth='1'
> Error parsing source, source plugin network not found in
> /etc/syslog-ng/syslog-ng.conf at line 85, column 2:
>
>         network(
>         ^^^^^^^
> ---------------------------------------------------------------
> It is not clear to me what the name is for network module; here are the
> modules in the file system:
> [root at ip-10-8-41-60 syslog-ng]# ls /lib64/syslog-ng/
> libaffile.so  libafsocket-notls.so  libafsql.so   libbasicfuncs.so
> libconvertfuncs.so  libdbparser.so  libsyslogformat.so
> libafprog.so  libafsocket.so        libafuser.so  libconfgen.so
>  libcsvparser.so     libdummy.so
>
> Thank you for your advice,
>
>
>
>
> Simon Tyler  |  Senior Systems Administrator - PathWise Solutions Group
> Aon
> 225 King Street West, Suite 1000  |  Toronto, ON M5V 3M2, Canada
> t +1.416.263.7755  |  m +1.416.564.4855  |  f +1.416.979.7724
> simon.tyler at aon.com
> PLEASE NOTE that my email address has changed to simon.tyler at aon.com
>
>
>
> -----Original Message-----
> From: syslog-ng [mailto:syslog-ng-bounces at lists.balabit.hu] On Behalf Of
> syslog-ng-request at lists.balabit.hu
> Sent: Wednesday, May 01, 2019 12:47 PM
> To: syslog-ng at lists.balabit.hu
> Subject: syslog-ng Digest, Vol 169, Issue 1
>
> Send syslog-ng mailing list submissions to
>         syslog-ng at lists.balabit.hu
>
> To subscribe or unsubscribe via the World Wide Web, visit
>         https://lists.balabit.hu/mailman/listinfo/syslog-ng
> or, via email, send a message with subject or body 'help' to
>         syslog-ng-request at lists.balabit.hu
>
> You can reach the person managing the list at
>         syslog-ng-owner at lists.balabit.hu
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of syslog-ng digest..."
>
>
> Today's Topics:
>
>    1.  source plugin network not found/problems getting syslog-ng
>       to listen on tcp port (Simon Tyler)
>    2. Re:  source plugin network not found/problems getting
>       syslog-ng to listen on tcp port (Péter)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Wed, 1 May 2019 15:22:26 +0000
> From: Simon Tyler <simon.tyler at aon.com>
> To: "syslog-ng at lists.balabit.hu" <syslog-ng at lists.balabit.hu>
> Subject: [syslog-ng] source plugin network not found/problems getting
>         syslog-ng to listen on tcp port
> Message-ID:
>         <
> DM5P170MB0015DD8BF273A79D22817BAAFB3B0 at DM5P170MB0015.NAMP170.PROD.OUTLOOK.COM
> >
>
> Content-Type: text/plain; charset="utf-8"
>
> Hello,
>
> I'm new to syslog-ng, and I'm having some trouble just getting it to
> listen on a tcp port. I've tried several different configurations. Some of
> the start up with no error, but a netstat or lsof command shows that there
> is no open /listening tcp port associated with the process. I'm pretty sure
> my mistake is basic or fundamental, but I haven't had much luck finding
> specific details to resolve this issue; there is a fair amount of material
> to comb through. I've tried several different tutorials.
>
> I want a central log server that accepts logs from multiple sources, so I
> started by trying to configure it to listen on a tcp port, I'm thinking 514
> because we don't use rshell anywhere, but it doesn't really matter what
> port.
>
> The current error I'm getting is:
>
> [root at ip-10-8-41-60 syslog-ng]# service syslog-ng start
> Error parsing source, source plugin network not found in
> /etc/syslog-ng/syslog-ng.conf at line 85, column 2:
>
>         network(
>         ^^^^^^^
>
> The section of the config file related to networking is below; I've
> commented out several attempts.
>
> # s_net = Network listener. This is listening on TCP port 514, no UDP
> #source s_net { tcp(port(514) max-connections(5000)); udp();};
>
> #source s_net {
> #       tcp(ip(10.8.41.60) port(514));
> #};
>
> #source s_net {
> #       network(ip(10.8.41.60) port(514));
> #};
>
> #source s_network {
> #       default-network-drivers();
> #};
>
> #source s_syslog { syslog(
> #               ip(10.8.41.60) port(514) transport("tcp")); };
>
> source s_network {
>         network(
>                 ip("10.8.41.60")
>                 transport("tcp")
>                 listen-backlog(2048)
>                 );
> };
>
> There is a line at the top of the file:
> @include "scl.conf"
>
> I've attached the entire file.
>
> Any guidance would be very much appreciated,
>
> Simon Tyler  |  Senior Systems Administrator - PathWise Solutions Group
> Aon
> 225 King Street West, Suite 1000  |  Toronto, ON M5V 3M2, Canada
> t +1.416.263.7755  |  m +1.416.564.4855  |  f +1.416.979.7724
> simon.tyler at aon.com<mailto:simon.tyler at aon.com>
> PLEASE NOTE that my email address has changed to simon.tyler at aon.com
>
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <
> http://lists.balabit.hu/pipermail/syslog-ng/attachments/20190501/4cfbf496/attachment-0001.html
> >
> -------------- next part --------------
> A non-text attachment was scrubbed...
> Name: syslog-ng.conf
> Type: application/octet-stream
> Size: 4159 bytes
> Desc: syslog-ng.conf
> URL: <
> http://lists.balabit.hu/pipermail/syslog-ng/attachments/20190501/4cfbf496/attachment-0001.obj
> >
>
> ------------------------------
>
> Message: 2
> Date: Wed, 1 May 2019 18:46:41 +0200
> From: Péter, Kókai <peter.kokai at oneidentity.com>
> To: "Syslog-ng users' and developers' mailing list"
>         <syslog-ng at lists.balabit.hu>
> Subject: Re: [syslog-ng] source plugin network not found/problems
>         getting syslog-ng to listen on tcp port
> Message-ID:
>         <CABxQCphBGgTm47G=
> KVSB67Ri6BRKUZYgX-HvAj1SrS9ofMoaoQ at mail.gmail.com>
> Content-Type: text/plain; charset="utf-8"
>
> Hello,
>
> It either looks for a wrong place for the network module or that actually
> really not installed.
>
> You could run the following: syslog-ng -V
> That should provide something like this:
>
> syslog-ng 3.20.1.317.g98479aa
> Config version: 3.20
> Installer-Version: 3.20.1.317.g98479aa
> Revision: 3.20.1.317.g98479aa
> Module-Directory: /tmp/install/lib/syslog-ng
> Module-Path: /tmp/install/lib/syslog-ng
> Include-Path: /tmp/install/share/syslog-ng/include
> Available-Modules:
>
> xml,tags-parser,system-source,sdjournal,syslogformat,stardate,snmptrapd_parser,riemann,mod-python,pseudofile,pacctformat,map_value_pairs,linux-kmsg-format,kvformat,json-plugin,http,hook-commands,graphite,tfgetent,geoip2-plugin,geoip-plugin,examples,disk-buffer,dbparser,date,csvparser,cryptofuncs,confgen,cef,basicfuncs,appmodel,afuser,afstomp,afsql,afsocket,afprog,affile,afamqp,add_contextual_data
> Enable-Debug: on
> Enable-GProf: off
> Enable-Memtrace: off
> Enable-IPv6: on
> Enable-Spoof-Source: off
> Enable-TCP-Wrapper: off
> Enable-Linux-Caps: on
> Enable-Systemd: on
>
> Check if the "Available-Modules" line has the *afsocket*, if the *afsocket*
> is not listed there, try to look in the "Module-Path:" directory for
> *libafsocket.so", if it is missing maybe it is actually in a different
> package, you may need to install something like syslog-ng-mod-afsocket.
>
> If you find the *libafsocket.so* in the directory I would run
> syslog-ng --module-registry -dvt (possibly past its result here) or look
> for error message as why it cannot load *libafsocket.so*.
>
>
> --
> Kokan
>
> On Wed, May 1, 2019 at 5:22 PM Simon Tyler <simon.tyler at aon.com> wrote:
>
> > Hello,
> >
> >
> >
> > I’m new to syslog-ng, and I’m having some trouble just getting it to
> > listen on a tcp port. I’ve tried several different configurations. Some
> of
> > the start up with no error, but a netstat or lsof command shows that
> there
> > is no open /listening tcp port associated with the process. I’m pretty
> sure
> > my mistake is basic or fundamental, but I haven’t had much luck finding
> > specific details to resolve this issue; there is a fair amount of
> material
> > to comb through. I’ve tried several different tutorials.
> >
> >
> >
> > I want a central log server that accepts logs from multiple sources, so I
> > started by trying to configure it to listen on a tcp port, I’m thinking
> 514
> > because we don’t use rshell anywhere, but it doesn’t really matter what
> > port.
> >
> >
> >
> > The current error I’m getting is:
> >
> >
> >
> > [root at ip-10-8-41-60 syslog-ng]# service syslog-ng start
> >
> > Error parsing source, source plugin network not found in
> > /etc/syslog-ng/syslog-ng.conf at line 85, column 2:
> >
> >
> >
> >         network(
> >
> >         ^^^^^^^
> >
> >
> >
> > The section of the config file related to networking is below; I’ve
> > commented out several attempts.
> >
> >
> >
> > # s_net = Network listener. This is listening on TCP port 514, no UDP
> >
> > #source s_net { tcp(port(514) max-connections(5000)); udp();};
> >
> >
> >
> > #source s_net {
> >
> > #       tcp(ip(10.8.41.60) port(514));
> >
> > #};
> >
> >
> >
> > #source s_net {
> >
> > #       network(ip(10.8.41.60) port(514));
> >
> > #};
> >
> >
> >
> > #source s_network {
> >
> > #       default-network-drivers();
> >
> > #};
> >
> >
> >
> > #source s_syslog { syslog(
> >
> > #               ip(10.8.41.60) port(514) transport("tcp")); };
> >
> >
> >
> > source s_network {
> >
> >         network(
> >
> >                 ip("10.8.41.60")
> >
> >                 transport("tcp")
> >
> >                 listen-backlog(2048)
> >
> >                 );
> >
> > };
> >
> >
> >
> > There is a line at the top of the file:
> >
> > @include "scl.conf"
> >
> >
> >
> > I’ve attached the entire file.
> >
> >
> >
> > Any guidance would be very much appreciated,
> >
> >
> >
> > *Simon Tyler  *|  Senior Systems Administrator - PathWise Solutions Group
> > Aon
> > 225 King Street West, Suite 1000  |  Toronto, ON M5V 3M2, Canada
> > t +1.416.263.7755  |  m +1.416.564.4855  |  f +1.416.979.7724
> > *simon.tyler at aon.com <simon.tyler at aon.com>*
> >
> > *PLEASE NOTE that my email address has changed to simon.tyler at aon.com
> > <http://simon.tyler@aon.com>*
> >
> >
> >
> >
> ______________________________________________________________________________
> > Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> > Documentation:
> > http://www.balabit.com/support/documentation/?product=syslog-ng
> > FAQ: http://www.balabit.com/wiki/syslog-ng-faq
> >
> >
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <
> http://lists.balabit.hu/pipermail/syslog-ng/attachments/20190501/715578b1/attachment.html
> >
>
> ------------------------------
>
> Subject: Digest Footer
>
> _______________________________________________
> syslog-ng maillist  -  syslog-ng at lists.balabit.hu
> https://lists.balabit.hu/mailman/listinfo/syslog-ng
>
>
> ------------------------------
>
> End of syslog-ng Digest, Vol 169, Issue 1
> *****************************************
>
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation:
> http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20190502/b6b91ca5/attachment.html>

------------------------------

Subject: Digest Footer

_______________________________________________
syslog-ng maillist  -  syslog-ng at lists.balabit.hu
https://lists.balabit.hu/mailman/listinfo/syslog-ng


------------------------------

End of syslog-ng Digest, Vol 169, Issue 3
*****************************************


More information about the syslog-ng mailing list