[ILUG] syslogd and syslog-ng
Colin O'Keeffe
ilugcolin at gmail.com
Tue Aug 21 11:11:58 IST 2007
Hi,
Im running a syslog-ng server as my central log host.
I have 3 other servers running syslog-ng but I cannot get them to log to the
host.
Also I have a few staros boxes and I want them to log to the central log
host as well but when I point the staros towards it, they dont show up, but
If I point the staros towards a linux box running syslogd, logs appear
instantly..
Heres my log host config..
options {
# disable the chained hostname format in logs
# (default is enabled)
chain_hostnames(0);
# the time to wait before a died connection is re-established
# (default is 60)
time_reopen(10);
# the time to wait before an idle destination file is closed
# (default is 60)
time_reap(360);
# the number of lines buffered before written to file
# you might want to increase this if your disk isn't catching with
# all the log messages you get or if you want less disk activity
# (say on a laptop)
# (default is 0)
#sync(0);
# the number of lines fitting in the output queue
log_fifo_size(2048);
# enable or disable directory creation for destination files
create_dirs(yes);
# default owner, group, and permissions for log files
# (defaults are 0, 0, 0600)
#owner(root);
group(adm);
perm(0640);
# default owner, group, and permissions for created directories
# (defaults are 0, 0, 0700)
#dir_owner(root);
#dir_group(root);
dir_perm(0755);
# enable or disable DNS usage
# syslog-ng blocks on DNS queries, so enabling DNS may lead to
# a Denial of Service attack
# (default is yes)
use_dns(no);
# maximum length of message in bytes
# this is only limited by the program listening on the /dev/log Unix
# socket, glibc can handle arbitrary length log messages, but -- for
# example -- syslogd accepts only 1024 bytes
# (default is 2048)
#log_msg_size(2048);
#Disable statistic log messages.
stats_freq(0);
keep_hostname(yes);
};
######
# sources
# all known message sources
source s_all {
# message generated by Syslog-NG
internal();
# standard Linux log source (this is the default place for the
syslog()
# function to send logs to)
unix-stream("/dev/log");
# messages from the kernel
file("/proc/kmsg" log_prefix("kernel: "));
# use the following line if you want to receive remote UDP logging
messages
# (this is equivalent to the "-r" syslogd flag)
#udp();
};
source s_servers {
udp();
};
######
# destinations
destination d_mysql {
pipe("/var/log/mysql.pipe"
template("INSERT INTO logs
(host, facility, priority, level, tag, datetime, program, msg)
VALUES ( '$HOST', '$FACILITY', '$PRIORITY', '$LEVEL', '$TAG',
'$YEAR-$MONTH-$DAY $HOUR:$MIN:$SEC',
'$PROGRAM', '$MSG' );\n") template-escape(yes));
};
# some standard log files
destination df_auth { file("/var/log/auth.log"); };
destination df_syslog { file("/var/log/syslog"); };
destination df_cron { file("/var/log/cron.log"); };
the rest of the standard destinations amd filters here....
######
# logs
# order matters if you use "flags(final);" to mark the end of processing in
a
# "log" statement
log {
source(s_all);
#destination(s_servers);
destination(d_mysql);
};
log {
source(s_servers);
destination(d_mysql);
};
# these rules provide the same behavior as the commented original syslogd
rules
# auth,authpriv.* /var/log/auth.log
log {
source(s_all);
filter(f_auth);
destination(df_auth);
};
the rest of the default log stuff here
and heres my client machines syslog-ng conf
options {
# disable the chained hostname format in logs
# (default is enabled)
chain_hostnames(0);
# the time to wait before a died connection is re-established
# (default is 60)
time_reopen(10);
# the time to wait before an idle destination file is closed
# (default is 60)
time_reap(360);
# the number of lines buffered before written to file
# you might want to increase this if your disk isn't catching with
# all the log messages you get or if you want less disk activity
# (say on a laptop)
# (default is 0)
#sync(0);
# the number of lines fitting in the output queue
log_fifo_size(2048);
# enable or disable directory creation for destination files
create_dirs(yes);
# default owner, group, and permissions for log files
# (defaults are 0, 0, 0600)
#owner(root);
group(adm);
perm(0640);
# default owner, group, and permissions for created directories
# (defaults are 0, 0, 0700)
#dir_owner(root);
#dir_group(root);
dir_perm(0755);
# enable or disable DNS usage
# syslog-ng blocks on DNS queries, so enabling DNS may lead to
# a Denial of Service attack
# (default is yes)
use_dns(no);
# maximum length of message in bytes
# this is only limited by the program listening on the /dev/log Unix
# socket, glibc can handle arbitrary length log messages, but -- for
# example -- syslogd accepts only 1024 bytes
# (default is 2048)
#log_msg_size(2048);
keep_hostname(yes);
};
log {
source(s_all);
destination(d_loghost);
};
######
# sources
# all known message sources
source s_all {
# message generated by Syslog-NG
internal();
# standard Linux log source (this is the default place for the
syslog()
# function to send logs to)
unix-stream("/dev/log");
# messages from the kernel
file("/proc/kmsg" log_prefix("kernel: "));
# use the above line if you want to receive remote UDP logging
messages
# (this is equivalent to the "-r" syslogd flag)
# udp();
};
default destination stuff here..
destination d_loghost {
udp("10.1.254.20" port(514));
};
######
# filters
more filters and log here....
any ideas why my clients wont log to the server or why staros wont either?
thanks
More information about the ILUG
mailing list