[opensuse] syslog-ng not working as syslog host for external devices ...
following this: http://www.novell.com/coolsolutions/feature/18044.html I'm trying to get syslog-ng on a SLES server to accept incoming syslogging from external devices (an ADTRAN dsu/csu, and some cisco switches). However, the document says to exit /etc/syslog-ng/syslog-ng.in and that file does not seem to exist on my SLES 10 SP2 box. So, I edited instead the file below. It does not appear that the ADTRAN unit has actually dumped anything to this server (which seems impossible) -- either that, or for whatever reason (because I have kludged up the conf file, perhaps??) syslog-ng just has not created any directories or accepted any logging. The firewall is off and I did make sure that syslog-ng is running. Is there anything obvious that I have missed, or something that I can try? modified contents of etc/syslog-ng/syslog-ng.conf.in # uncomment to process log messages from network: # udp(ip("192.168.0.203") port(514)); tcp(ip("192.168.0.203") port(5140) keep-alive(yes)); }; and then later: #this is for separating out network hosts into individual log files destination std { file ("/var/log/HOSTS/$YEAR-$MONTH/$HOST/$FACILITY-$YEAR-$MONTH-$DAY" owner(root) group(root) perm(0600) dir_perm(0700) create_dirs (y\es) ); }; log { source(src); destination(std); }; -- When I do good, I feel good. When I do bad, I feel bad. That is my religion. -Abraham Lincoln http://www.the-brights.net http://xkcd.com/167 -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Tuesday, 2008-12-02 at 15:58 -0600, Peter Van Lone wrote:
following this:
http://www.novell.com/coolsolutions/feature/18044.html
I'm trying to get syslog-ng on a SLES server to accept incoming syslogging from external devices (an ADTRAN dsu/csu, and some cisco switches). However, the document says to exit /etc/syslog-ng/syslog-ng.in and that file does not seem to exist on my SLES 10 SP2 box. So, I edited instead the file below. It does not appear that the ADTRAN unit has actually dumped anything to this server (which seems impossible) -- either that, or for whatever reason (because I have kludged up the conf file, perhaps??) syslog-ng just has not created any directories or accepted any logging. The firewall is off and I did make sure that syslog-ng is running.
Is there anything obvious that I have missed, or something that I can try?
I can tell you what I use on openSUSE (not sles). First, about "/etc/syslog-ng/syslog-ng.in": it was used during the transition of syslog to syslog-ng, and then it was dropped in the following openSUSE version. source src { ... original entries, not modified. }; source ext { udp(ip("0.0.0.0") port(514)); }; And then, it is business as usual, with two different sources (which makes easier separating local and remote entries): log { source(src); filter(f_console); destination(xconsole); }; log { source(ext); filter(f_router); destination(router); }; etc.
#this is for separating out network hosts into individual log files destination std { file ("/var/log/HOSTS/$YEAR-$MONTH/$HOST/$FACILITY-$YEAR-$MONTH-$DAY" owner(root) group(root) perm(0600) dir_perm(0700) create_dirs (y\es) );
I was not aware of this syntax :-? [...] Ah, ok, I see it, syslog-ng.txt file. Then, I would first try with a fixed file, so that you get all entries from the outside hosts there, and when it works, continue with the variable names. The problem with syslog-ng is that it doesn't report errors in your configuration file: it simply does not work. It seems easy, but it is not :-( - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (GNU/Linux) iEYEARECAAYFAkk1xQYACgkQtTMYHG2NR9UmpACeNN8Q0x9DzCPpGoczSvwq/FeE Ry4An1Ontv7y0AbFMAOfOmxQPGDQozuB =o47V -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Tue, Dec 2, 2008 at 5:30 PM, Carlos E. R. <robin.listas@telefonica.net> wrote: <snip>
First, about "/etc/syslog-ng/syslog-ng.in": it was used during the transition of syslog to syslog-ng, and then it was dropped in the following openSUSE version.
Since SLES is still in the 10.x versions, it is still the default When I ran SuSeconfig --module syslog-ng again, I noticed this time errors (that were probably there the first time, but I did not notice): "rp-syslog:/var/log # SuSEconfig --module syslog-ng Starting SuSEconfig, the SuSE Configuration Tool... Running module syslog-ng only Reading /etc/sysconfig and updating the system... Executing /sbin/conf.d/SuSEconfig.syslog-ng... Checking //etc/syslog-ng/syslog-ng.conf.SuSEconfig file: syntax error at 199 Parse error reading configuration file, exiting. (line 199) Please correct the //etc/syslog-ng/syslog-ng.conf.in file. Finished" Line 199 as reported by gedit is the line: #this is for separating out network hosts into individual log files destination std { file ("/var/log/HOSTS/$YEAR-$MONTH/$HOST/$FACILITY-$YEAR-$MONTH-$DAY" owner(root) group(root) perm(0600) dir_perm(0700) create_dirs (y\es) ); }; #the following line is 199: log { source(src); destination(std); }; Is there anything in particular about this line that I have gotten wrong? As far as I can tell it is right out of the example I worked from, but since I really do not understand the logic that is being used, or the particular rules of syntax, I'm not sure what the problem might be. Peter -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On 2008-12-03 04:57, Peter Van Lone wrote:
#this is for separating out network hosts into individual log files destination std { file ("/var/log/HOSTS/$YEAR-$MONTH/$HOST/$FACILITY-$YEAR-$MONTH-$DAY" owner(root) group(root) perm(0600) dir_perm(0700) create_dirs (y\es)
Why is there a backslash in 'y\es' ? Try removing that, so that it reads create_dirs(yes)
Is there anything in particular about this line that I have gotten wrong? As far as I can tell it is right out of the example I worked from, but since I really do not understand the logic that is being used, or the particular rules of syntax, I'm not sure what the problem might be.
I can't spot anything, other than mentioned above. This is what i use to capture the log from my linksys router: source s_network { udp(ip("0.0.0.0") port(514)); }; filter f_ddwrt { host("DD-WRT") and not match("10.0.47.254"); }; destination d_ddwrt { file("/var/log/ddwrt/$FACILITY" owner(root) group(root) perm(0600)); }; log { source(s_network); filter(f_ddwrt); destination(d_ddwrt); }; But as you can see, i don't use create_dirs.
Peter
/Sylvester -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On 2008-12-03 04:57, Peter Van Lone wrote:
#this is for separating out network hosts into individual log files destination std { file ("/var/log/HOSTS/$YEAR-$MONTH/$HOST/$FACILITY-$YEAR-$MONTH-$DAY" owner(root) group(root) perm(0600) dir_perm(0700) create_dirs (y\es)
Why is there a backslash in 'y\es' ? Try removing that, so that it reads create_dirs(yes)
Is there anything in particular about this line that I have gotten wrong? As far as I can tell it is right out of the example I worked from, but since I really do not understand the logic that is being used, or the particular rules of syntax, I'm not sure what the problem might be.
I can't spot anything, other than mentioned above. This is what i use to capture the log from my linksys router: source s_network { udp(ip("0.0.0.0") port(514)); }; filter f_ddwrt { host("DD-WRT") and not match("10.0.47.254"); }; destination d_ddwrt { file("/var/log/ddwrt/$FACILITY" owner(root) group(root) perm(0600)); }; log { source(s_network); filter(f_ddwrt); destination(d_ddwrt); }; But as you can see, i don't use create_dirs.
Peter
/Sylvester -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Tuesday, 2008-12-02 at 21:57 -0600, Peter Van Lone wrote:
On Tue, Dec 2, 2008 at 5:30 PM, Carlos E. R.
<snip>
First, about "/etc/syslog-ng/syslog-ng.in": it was used during the transition of syslog to syslog-ng, and then it was dropped in the following openSUSE version.
Since SLES is still in the 10.x versions, it is still the default
When I ran SuSeconfig --module syslog-ng again, I noticed this time errors (that were probably there the first time, but I did not notice):
Yes. In opensuse, when they started using syslog-ng, that was the method. You made changes to syslog-ng.in, then we run suseconfig, as you say above. On the next version they dropped this procedure, and we edit /etc/syslog-ng/syslog-ng directly.
Checking //etc/syslog-ng/syslog-ng.conf.SuSEconfig file: syntax error at 199 Parse error reading configuration file, exiting. (line 199) Please correct the //etc/syslog-ng/syslog-ng.conf.in file. Finished"
Line 199 as reported by gedit is the line:
#this is for separating out network hosts into individual log files destination std { file ("/var/log/HOSTS/$YEAR-$MONTH/$HOST/$FACILITY-$YEAR-$MONTH-$DAY" owner(root) group(root) perm(0600) dir_perm(0700) create_dirs (y\es) ); }; #the following line is 199: log { source(src); destination(std); };
I would have used "log { source(src); destination(std); };" in a single line. But the problem could be the backslash in the middle of the "yes" above, as others have said. - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (GNU/Linux) iEYEARECAAYFAkk2rfQACgkQtTMYHG2NR9VpDQCfTVcCb7XW3pfdKf8AQ44pjqII 1K0AniQm6UJdN6PEAxsByOKW2wOcqAjb =HZHt -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
participants (3)
-
Carlos E. R. -
Peter Van Lone -
Sylvester Lykkehus