headers
Balazs Scheidler | 1 Apr 2009 09:11
Picon

Re: INCLUDE not working for me :(

Hi,

Thanks for the feedback, it's really appreciated.

On Tue, 2009-03-31 at 09:38 -0500, Charles Jennings wrote:
> Looks like I was mistaken.  The install did work - but I just didn't realize
> it.  
> (I had already chmod -x /etc/init.d/syslog when I installed compiled
> version)
> 
> However, A couple of points to the installer:
> 
> 1)	Positive feedback needed.

There are multiple installers for syslog-ng right now, and the ".run"
based installers (that can run on RHEL/SUSE/Debian) has positive
feedback. My understanding of RPM based systems is that rpms are not
usually interactive.

On Debian, there's debconf and the installer uses that to ask for some
installation options, but rpm has no similar feature.

We could perhaps write messages to the console, but I don't see how we
could make the RPM interactive without affecting the non-interactive
installations.

> 2)	Notify users that their existing configuration is migrated. (this
> one took a while to figure out)
> 	(Mine moved from /etc/syslog-ng/syslog-ng.conf to
> /opt/syslog-ng/etc/syslog-ng.conf)
(Continue reading)

Permalink | Reply | 1 comment |
headers
Balazs Scheidler | 1 Apr 2009 10:01
Picon

Re: syslog 3.0 and fra_digits()

Well, currently only the ISO timestamp format supports subsecond
resolution. This patch makes it possible to do the same with other
timestamp formats:

commit 70d758fe40ad64f78e28e87b629c54fbd1fdc09e
Author: Balazs Scheidler <bazsi <at> balabit.hu>
Date:   Wed Apr 1 10:00:35 2009 +0200

    [LogStamp] make it possible to use frac_digits with non-ISO timestamps

You can get it via nightly snapshot, or by cloning the git repository.

On Tue, 2009-03-31 at 15:20 -0700, Joe Hansen wrote:
> I need this format of date in my syslog (notice the 3 digit
> miliseconds):
> 
> Mar 31 22:17:04.056 HOSTNAME PORTAGENT[10354]: INFO,broadcast srp
> down,
> 
> NOT:
> 
> 2009-03-31T22:17:42.000+00:00 HOSTNAME PORTAGENT[10354]:
> INFO,broadcast srp down
> 
--

-- 
Bazsi

______________________________________________________________________________
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
(Continue reading)

Permalink | Reply | 0 comments |
headers
Charles Jennings | 1 Apr 2009 15:10
Picon

Re: INCLUDE not working for me :(

Thanks for your response.  I am a medium-core (not hard-core) linux users so
I don't know all the in's and out's.

A stdout message just pointing to a README would suffice for me - stating to
review for important changes...

As to the include - yes - it is working just fine.  Thanks.

Regards,

Charles Jennings

-----Original Message-----
From: syslog-ng-bounces <at> lists.balabit.hu
[mailto:syslog-ng-bounces <at> lists.balabit.hu] On Behalf Of Balazs Scheidler
Sent: Wednesday, April 01, 2009 2:12 AM
To: Syslog-ng users' and developers' mailing list
Subject: Re: [syslog-ng] INCLUDE not working for me :(

Hi,

Thanks for the feedback, it's really appreciated.

On Tue, 2009-03-31 at 09:38 -0500, Charles Jennings wrote:
> Looks like I was mistaken.  The install did work - but I just didn't 
> realize it.
> (I had already chmod -x /etc/init.d/syslog when I installed compiled
> version)
> 
> However, A couple of points to the installer:
(Continue reading)

Permalink | Reply | 0 comments |
headers
Corinna Vinschen | 1 Apr 2009 15:21
Picon
Favicon

Re: [PATCH] Cygwin: missing colon in default syslog-ng.conf

Ping?

On Mar 25 17:09, Corinna Vinschen wrote:
> Hi,
> 
> The Cygwin service installer script creates a version entry without a colon,
> which leads to warnings.  The below patch fixes that.  Please apply.
> 
> 
> Thanks,
> Corinna
> 
> 
> --- contrib/cygwin-packaging/syslog-ng-config.ORIG	2009-03-25 17:08:34.000000000 +0100
> +++ contrib/cygwin-packaging/syslog-ng-config	2009-03-19 19:21:34.000000000 +0100
>  <at>  <at>  -205,7 +205,7  <at>  <at>  if [ ! -f "${SYSCONFDIR}/syslog-ng.conf"
>  then
>    echo "Creating default ${SYSCONFDIR}/syslog-ng.conf file"
>    cat > ${SYSCONFDIR}/syslog-ng.conf << EOF
> - <at> version 3.0
> + <at> version: 3.0
>  options {
>    keep_hostname(yes);
>    owner("system");
> 
______________________________________________________________________________
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
FAQ: http://www.campin.net/syslog-ng/faq.html
(Continue reading)

Permalink | Reply | 5 comments |
headers
Corinna Vinschen | 1 Apr 2009 15:21
Picon
Favicon

Re: [PATCH] typo in misc.c, function resolve_user?

Ping?

On Mar 25 17:18, Corinna Vinschen wrote:
> Hi,
> 
> a Cygwin user got a message in the syslog every time the syslog-ng
> service started up:
> 
>   Error resolving user; user='system'
> 
> He also found why this message was generated.  The function resolve_user()
> in misc.c appears to have a typo.  If the incoming user argument points
> to a non-empty string, resolve_user() just returns NULL.  So, the following
> getpwnam is only called for an empty user string.  This looks like a typo.
> 
> One possible fix below.  However, maybe the intention was actually to
> test for
> 
>   if (!user)
> 
> instead of
> 
>   if (!*user)
> 
> ???
> 
> 
> Corinna
> 
>
(Continue reading)

Permalink | Reply | 2 comments |
headers
Balazs Scheidler | 1 Apr 2009 15:31
Picon

Re: [PATCH] typo in misc.c, function resolve_user?

This has  already been fixed in recent git.

On Wed, 2009-04-01 at 15:21 +0200, Corinna Vinschen wrote:
> Ping?
> 
> On Mar 25 17:18, Corinna Vinschen wrote:
> > Hi,
> > 
> > a Cygwin user got a message in the syslog every time the syslog-ng
> > service started up:
> > 
> >   Error resolving user; user='system'
> > 
> > He also found why this message was generated.  The function resolve_user()
> > in misc.c appears to have a typo.  If the incoming user argument points
> > to a non-empty string, resolve_user() just returns NULL.  So, the following
> > getpwnam is only called for an empty user string.  This looks like a typo.
> > 
> > One possible fix below.  However, maybe the intention was actually to
> > test for
> > 
> >   if (!user)
> > 
> > instead of
> > 
> >   if (!*user)
> > 
--

-- 
Bazsi
(Continue reading)

Permalink | Reply | 1 comment |
headers
Corinna Vinschen | 1 Apr 2009 15:36
Picon
Favicon

Re: [PATCH] typo in misc.c, function resolve_user?

On Apr  1 15:31, Balazs Scheidler wrote:
> This has  already been fixed in recent git.

Uh, ok, thanks.

Corinna

--

-- 
Corinna Vinschen
Cygwin Project Co-Leader
Red Hat
______________________________________________________________________________
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
FAQ: http://www.campin.net/syslog-ng/faq.html
Permalink | Reply | 0 comments |
headers
mwilson | 3 Apr 2009 20:57
Favicon

Solaris 10 x86 configuration not working


Hello,

I've been using version 2 for a couple of years and decided to upgrade one of my systems to version 3, but my syslog-ng.conf file doesn't seem to work.  I can't figure out the error and am hoping someone can give me a hand.

Here's the error:

# /usr/local/sbin/syslog-ng -v -s -f /etc/syslog-ng/syslog-ng.conf
Error parsing command line arguments: Conversion from character set '646' to 'UTF-8' is not supported

Here's a sanitized version of my conf file:

/etc/syslog-ng/syslog-ng.conf

options {
        stats(0);
        sync(0);
        time_reopen(1);
        log_fifo_size(4096);
        long_hostnames(off);
        use_dns(no);
        use_fqdn(no);
        create_dirs(yes);
        keep_hostname(yes);
};

source          sys {
        sun-streams("/dev/log" door("/etc/.syslog_door"));
        internal();
        udp();
        tcp(ip("0.0.0.0") port(5150) max-connections(300));
};

filter          notdebug {
        level(info...emerg);
};
destination     perhost {
        file("/var/log/perhost/$HOST.log.$YEAR$MONTH$DAY");
};
log {
        source(sys);
        filter(notdebug);
        destination(perhost);
};

destination     syslogserver {
        tcp("10.1.1.20" port(5150));
};
log {
        source(sys);
        filter(notdebug);
        destination(syslogserver);
};


Any suggestions?

______________________________________________________________________________
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
FAQ: http://www.campin.net/syslog-ng/faq.html
Permalink | Reply | 3 comments |
headers
gatfi sami | 4 Apr 2009 01:32
Picon

problem in writing to database

hi

i am configuring a centralised syslog server and when i arrived to the writing into the database there is some thing wrong

because when i use a file as destination i see incoming logs when i restart apache2 or mysql in the client

"tail - f /"
i use syslog -ng 2.0

here is the client
source my_src{
file("/var/log/apache2/error_log" follow_freq(1)  );

file("/var/lib/mysql/mysqld.log" follow_freq(1) );

};


destination loghost {
    tcp("192.168.1.69" port(514));
};
log {
   source(my_src);
  destination(loghost);
};
                 


here is the server

 source mysrc{ tcp(ip(0.0.0.0) port(514) keep-alive(yes));
#udp();
 };

destination d_mysql {
  pipe("/tmp/mysql.pipe"
  template("INSERT INTO logs (host, facility, priority, level, tag, date,
  time, program, msg) VALUES ( '$HOST', '$FACILITY', '$PRIORITY', '$LEVEL',
  '$TAG',
  '$YEAR-$MONTH-$DAY', '$HOUR:$MIN:$SEC', '$PROGRAM', '$MSG' );\n")
  template-escape(yes));
};
log { source(mysrc); destination(d_mysql);
};


note that a databes names syslog is already created and contain a table logs;



if itry the following command : syslog-ng -f /etc/syslog-ng/syslog-ng.conf

Error binding socket; addr='AF_INET(0.0.0.0:514)', error='Address already in use (98)'
Error initializing source driver; source='mysrc'


ps i used to use the server as relai and send by udp using the same port 514 but now everinthing is

commented   like this #

need help
______________________________________________________________________________
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
FAQ: http://www.campin.net/syslog-ng/faq.html
Permalink | Reply | 0 comments |
headers
gatfi sami | 5 Apr 2009 02:31
Picon

problem in writing to database 2

i succefully added the folowing script to

/etc/profile

it recreates the pilpline but

when i get access to the virtual machine by ssh it is blocked
like this:
Password:

Last login: Sun Apr 5 03:08:51 2009 from linux-ux35.lan
Have a lot of fun...

i have to tape ctrl + c to
have
linux-test1:~ #



 i have to tape ctrl +c to get access to it


here is the script
#!/bin/bash
if [ -e /tmp/mysql.pipe ]; then
while [ -e /tmp/mysql.pipe ]
do
mysql -u root --password= syslog< /tmp/mysql.pipe
done
else
mkfifo /tmp/mysql.pipe
fi

i think the problem is from

 mysql -u root --password= syslog< /tmp/mysql.pipe



2009/4/4 gatfi sami <pfegatfi.sami <at> gmail.com>
hi

i am configuring a centralised syslog server and when i arrived to the writing into the database there is some thing wrong

because when i use a file as destination i see incoming logs when i restart apache2 or mysql in the client

"tail - f /"
i use syslog -ng 2.0

here is the client
source my_src{
file("/var/log/apache2/error_log" follow_freq(1)  );

file("/var/lib/mysql/mysqld.log" follow_freq(1) );

};


destination loghost {
    tcp("192.168.1.69" port(514));
};
log {
   source(my_src);
  destination(loghost);
};
                 


here is the server

 source mysrc{ tcp(ip(0.0.0.0) port(514) keep-alive(yes));
#udp();
 };

destination d_mysql {
  pipe("/tmp/mysql.pipe"
  template("INSERT INTO logs (host, facility, priority, level, tag, date,
  time, program, msg) VALUES ( '$HOST', '$FACILITY', '$PRIORITY', '$LEVEL',
  '$TAG',
  '$YEAR-$MONTH-$DAY', '$HOUR:$MIN:$SEC', '$PROGRAM', '$MSG' );\n")
  template-escape(yes));
};
log { source(mysrc); destination(d_mysql);
};


note that a databes names syslog is already created and contain a table logs;



if itry the following command : syslog-ng -f /etc/syslog-ng/syslog-ng.conf

Error binding socket; addr='AF_INET(0.0.0.0:514)', error='Address already in use (98)'
Error initializing source driver; source='mysrc'


ps i used to use the server as relai and send by udp using the same port 514 but now everinthing is

commented   like this #

need help

i added the following script to the file 

______________________________________________________________________________
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
FAQ: http://www.campin.net/syslog-ng/faq.html
Permalink | Reply | 0 comments |

Gmane