[prev in list] [next in list] [prev in thread] [next in thread]
List: syslog-ng
Subject: Re: [syslog-ng]central log server not working
From: Ed Davison <bfdi533 () cbacc-security3 ! mccombs ! utexas ! edu>
Date: 2005-02-28 18:15:54
Message-ID: 1109614554.4241.19.camel () cbacc-security3
[Download RAW message or body]
Any thoughts?
Ed
On Tue, 2005-02-22 at 16:10 -0600, Ed Davison wrote:
> I am trying to setup a central log host and am having trouble getting
> events registered on the central server. It looks like the remote host
> does register with the central host but nothing shows in a log anywhere
> for it.
>
> I really need another set of eyes on this as I cannot figure this out
> for the life of me and I need to get this going.
>
> Here is the excerpt from /var/log/messages (cleaned on the ip numbers):
>
> --------8<--------8<--------8<--------
> Feb 18 14:19:45 sec5 syslog-ng[27866]: syslog-ng version 1.6.5 starting
> Feb 18 14:19:45 sec5 syslog-ng[27866]: Changing permissions on special
> file /dev/tty12
> Feb 18 14:24:00 sec5 syslog-ng[27866]: AF_INET client connected from
> 1.2.3.4, port 50378
> --------8<--------8<--------8<--------
>
> Here is the central loghost config file:
>
> --------8<--------8<--------8<--------
> options {
> long_hostnames(off);
> sync(0);
> stats(43200);
> dns_cache(yes);
> use_fqdn(no);
> keep_hostname(yes);
> use_dns(yes);
> };
>
> source gateway {
> unix-stream("/dev/log");
> internal();
> udp(ip(0.0.0.0) port(514));
> };
>
> source tcpgateway {
> unix-stream("/dev/log");
> internal();
> tcp(ip(0.0.0.0) port(514) max_connections(1000));
> };
>
> destination hosts {
> file("/var/log/syslogs/$HOST/$FACILITY"
> owner(root) group(root) perm(0600) dir_perm(0700)
> create_dirs(yes));
> };
>
> log {
> source(gateway); destination(hosts);
> };
>
> log {
> source(tcpgateway); destination(hosts);
> };
>
> --------8<--------8<--------8<--------
>
> The remote host config file is:
>
> --------8<--------8<--------8<--------
> options {
> long_hostnames(off);
> sync(0);
> stats(43200);
> };
>
> source src { unix-stream("/dev/log"); internal(); pipe("/proc/kmsg"); };
>
> source gateway {
> unix-stream("/dev/log" max_connections(1000));
> internal();
> };
>
> destination messages { file("/var/log/messages"); };
>
> # By default messages are logged to tty12...
> destination console_all { file("/dev/tty12"); };
>
> destination shell {
> tcp("1.2.3.1" port(514));
> };
>
> log { source(src); destination(messages); };
> log { source(src); destination(console_all); };
>
> log {
> source(gateway); destination(shell);
> };
> --------8<--------8<--------8<--------
>
>
>
--
--------------------------
Ed Davison
Sr. Systems Analyst
McCombs School of Business
512-232-6620 voice
_______________________________________________
syslog-ng maillist - syslog-ng@lists.balabit.hu
https://lists.balabit.hu/mailman/listinfo/syslog-ng
Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic