syslog-ng not working as syslog host for external devices ...

Nathan C. Broome nathan.broome at oberlin.edu
Wed Dec 3 16:20:12 GMT 2008 

Peter,

That 'y/es' statement is a typo.   At minimum, you have to define your 
source , destination, and log statements.  The log statement uses the 
source, destination and filter (optional) statements that you've defined.


so an example config might look like this:

-------------------


source my-src {
udp (ip(0.0.0.0) port(514));
};


    destination my-dst {
        file("/var/log/HOSTS/$YEAR-$MONTH/$HOST/$FACILITY-$YEAR-$MONTH-$DAY"
            owner(root) group (syslog_users) perm(0660) dir_perm(0770) 
create_dirs(yes)
            );
    };


log { source(my-src); destination(my-dst); };

-------------

Also, make sure you are allowing UDP 514 through the SuSEfirewall.   
It's helpful check to see if you are even getting packets from a source 
by doing a tcpdump.  Sometimes I find myself blaming syslog-ng, when 
some other obstruction is really the problem.  A very basic dump would 
be like:


tcpdump 'host 192.168.1.1  and dst port 514'




Hope that helps.



Nathan






Peter Van Lone wrote:
> When I ran SuSeconfig --module syslog-ng again, I noticed this time
> errors (that were probably there the first time, but I did not
> notice):
>
> "rp-syslog:/var/log # SuSEconfig --module syslog-ng
> Starting SuSEconfig, the SuSE Configuration Tool...
> Running module syslog-ng only
> Reading /etc/sysconfig and updating the system...
> Executing /sbin/conf.d/SuSEconfig.syslog-ng...
> Checking //etc/syslog-ng/syslog-ng.conf.SuSEconfig file: syntax error at 199
> Parse error reading configuration file, exiting. (line 199)
> Please correct the //etc/syslog-ng/syslog-ng.conf.in file.
> Finished"
>
> Line 199 as reported by gedit is the line:
>
> #this is for separating out network hosts into individual log files
> destination std {
>       file ("/var/log/HOSTS/$YEAR-$MONTH/$HOST/$FACILITY-$YEAR-$MONTH-$DAY"
>               owner(root) group(root) perm(0600) dir_perm(0700)
> create_dirs (y\es)
>       );
> };
> #the following line is 199:
> log {
>       source(src);
>       destination(std);
> };
>
> Is there anything in particular about this line that I have gotten
> wrong? As far as I can tell it is right out of the example I worked
> from, but since I really do not understand the logic that is being
> used, or the particular rules of syntax, I'm not sure what the problem
> might be.
> _______________________________________________
> Novell mailing list
> Novell at netlab1.oucs.ox.ac.uk
> http://netlab1.usu.edu/mailman/listinfo/novell
>
>

More information about the Novell mailing list