Stefan Varga | 1 Oct 16:02 2009
Picon

syslog-ng logging from localhost

Hi

we have a syslog-ng configuration see bellow, running on solaris

if I telnet to 10.128.240.100 from server where syslog-ng is running, nothing is logged
if I telnet to 10.128.240.100 from any other server it is logging as expected

do you see something obvious here ?

Thanks,
Stefan

# <at> version: 3.0

options {
 create_dirs(yes);  
 owner(root);       
 group(logs);       
 perm(0644);        
 dir_perm(0755);    
 flush_lines(0);
 log_fifo_size(2048);
 log_msg_size(8192);
 stats_freq(3600);
 long_hostnames(off);
 keep_hostname(no);
 use_dns(yes);
};

source s_remote {
(Continue reading)

Stefan Varga | 1 Oct 16:19 2009
Picon

Re: syslog-ng logging from localhost

Sorry for misleading you, it is logged to /logs/hosts/10.128.240.100
but I would like to log it to /logs/hosts/server where i issued telnet

Thanks,
Stefan

Stefan Varga wrote:
> Hi
>
> we have a syslog-ng configuration see bellow, running on solaris
>
> if I telnet to 10.128.240.100 from server where syslog-ng is running, nothing is logged
> if I telnet to 10.128.240.100 from any other server it is logging as expected
>
> do you see something obvious here ?
>
>
> Thanks,
> Stefan
>  
>
> # <at> version: 3.0
>
> options {
>  create_dirs(yes);  
>  owner(root);       
>  group(logs);       
>  perm(0644);        
>  dir_perm(0755);    
>  flush_lines(0);
(Continue reading)

fredzy padzy | 1 Oct 16:35 2009
Picon

Re: syslog-ng logging from localhost

hi,

you should try to replace (in your destination declaration)
file ("/logs/hosts/${HOST}/${HOST}-${YEAR}${MONTH}${DAY}");

by

file ("/logs/hosts/server");

... and also understand what your doing, of course ... ;)

2009/10/1 Stefan Varga <Stefan_Varga <at> tempest.sk>
Sorry for misleading you, it is logged to /logs/hosts/10.128.240.100
but I would like to log it to /logs/hosts/server where i issued telnet

Thanks,
Stefan



Stefan Varga wrote:
> Hi
>
> we have a syslog-ng configuration see bellow, running on solaris
>
> if I telnet to 10.128.240.100 from server where syslog-ng is running, nothing is logged
> if I telnet to 10.128.240.100 from any other server it is logging as expected
>
> do you see something obvious here ?
>
>
> Thanks,
> Stefan
>
>
> # <at> version: 3.0
>
> options {
>  create_dirs(yes);
>  owner(root);
>  group(logs);
>  perm(0644);
>  dir_perm(0755);
>  flush_lines(0);
>  log_fifo_size(2048);
>  log_msg_size(8192);
>  stats_freq(3600);
>  long_hostnames(off);
>  keep_hostname(no);
>  use_dns(yes);
> };
>
> source s_remote {
>        udp(ip(10.128.240.100) port(514));
>        tcp(ip(10.128.240.100) port(514) max_connections(1000))
> };
>
>
> # remote hosts to files
> destination r_messages {
>    file ("/logs/hosts/${HOST}/${HOST}-${YEAR}${MONTH}${DAY}");
> };
>
>
> # remote logs
> log {
>    source (s_remote);
>    filter (f_debug);
>    destination (r_messages);
> };
>
>
>
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.campin.net/syslog-ng/faq.html
>
>


--
+----------------------------------------------+
| Stefan Varga               TEMPEST a.s.      |
| Senior Systems Engineer    Services Division |
| +421908 760617             Plynarenska 7/B   |
| Stefan_Varga <at> tempest.sk    Bratislava        |
|   Sun Microsystems Executive Partner         |
|   Symantec(Veritas) Platinum Partner         |
+----------------------------------------------+

______________________________________________________________________________
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
FAQ: http://www.campin.net/syslog-ng/faq.html


______________________________________________________________________________
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
FAQ: http://www.campin.net/syslog-ng/faq.html

PAUL WILLIAMSON | 3 Oct 05:20 2009

Question about flags(ignore-case) option

I have the following filter set up:
 
filter f_wireless_devices { host("system") flags(ignore-case); };
and I'm getting a syntax error.  If I remove the flags(ignore-case),
 
filter f_wireless_devices { host("system"); };
It is fine.  On page 58 of the 3.0 sys admin guide, I have the
syntax correct.
 
Is there any other way to do this?  Maybe put an ignore_case(yes) in the options sections at the top of the configuration file?
 
Thanks,
Paul
************************************ This email may contain privileged and/or confidential information that is intended solely for the use of the addressee. If you are not the intended recipient or entity, you are strictly prohibited from disclosing, copying, distributing or using any of the information contained in the transmission. If you received this communication in error, please contact the sender immediately and destroy the material in its entirety, whether electronic or hard copy. This communication may contain nonpublic personal information about consumers subject to the restrictions of the Gramm-Leach-Bliley Act and the Sarbanes-Oxley Act. You may not directly or indirectly reuse or disclose such information for any purpose other than to provide the services for which you are receiving the information. There are risks associated with the use of electronic transmission. The sender of this information does not control the method of transmittal or service providers and assumes no duty or obligation for the security, receipt, or third party interception of this transmission. ************************************
______________________________________________________________________________
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
FAQ: http://www.campin.net/syslog-ng/faq.html

PAUL WILLIAMSON | 4 Oct 19:44 2009

Forwarding messages

I am receiving messages from 5 devices that I need to send to a remote machine for
specific analysis.  Right now, the messages are getting interpreted as coming
from the central syslog host, not the individual devices.  Is there any option
to tell syslog-ng to forward as the original hostname, or should I focus on
looking for options in the other system?  I have the keep_hostname(yes) option
enabled, but that isn't working the way I was hoping.
 
Thanks,
Paul
************************************ This email may contain privileged and/or confidential information that is intended solely for the use of the addressee. If you are not the intended recipient or entity, you are strictly prohibited from disclosing, copying, distributing or using any of the information contained in the transmission. If you received this communication in error, please contact the sender immediately and destroy the material in its entirety, whether electronic or hard copy. This communication may contain nonpublic personal information about consumers subject to the restrictions of the Gramm-Leach-Bliley Act and the Sarbanes-Oxley Act. You may not directly or indirectly reuse or disclose such information for any purpose other than to provide the services for which you are receiving the information. There are risks associated with the use of electronic transmission. The sender of this information does not control the method of transmittal or service providers and assumes no duty or obligation for the security, receipt, or third party interception of this transmission. ************************************
______________________________________________________________________________
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
FAQ: http://www.campin.net/syslog-ng/faq.html

Nilshar | 5 Oct 10:04 2009
Picon

Strange behaviour of syslog-ng. Date macros not working and missing character in file name.

Thank you Bazsi !

could you point me to the reported bug, or any more informations about
it ? I don't see it in changelog file, and can't find it in the bug
tracking system.

Thank you.
______________________________________________________________________________
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
FAQ: http://www.campin.net/syslog-ng/faq.html

Garry De Toffoli | 5 Oct 10:11 2009
Picon

syslog-ng with sql() command, cpu to 100%

I am using the version 3.04 of syslog-ng, as reported:

$./syslog-ng -V
syslog-ng 3.0.4
Revision: ssh+git://bazsi <at> git.balabit//var/scm/git/syslog-ng/syslog-ng-ose--mainline--3.0#master#1b5d618e301ad94aa20e692ffba16469dece8d10
Compile-Date: Aug  5 2009 17:38:20
Enable-Threads: on
Enable-Debug: off
Enable-GProf: off
Enable-Memtrace: off
Enable-Sun-STREAMS: off
Enable-Sun-Door: off
Enable-IPv6: on
Enable-Spoof-Source: on
Enable-TCP-Wrapper: off
Enable-SSL: on
Enable-SQL: on
Enable-Linux-Caps: on
Enable-Pcre: off

I would like to use the sql() features;

but syslog-ng does not write anything on dbase, and the cpu go to 100%;

this is the configuration of the destination sql

destination d_mysql {
        sql(type(mysql)
        host("localhost") username("syslogadmin") password("syslogadmin")
        database("syslog")
        table("logs")
        columns("host", "facility", "priority", "level", "tag", "datetime", "program", "msg", "seq")
        values("$HOST_FROM", "$FACILITY", "$PRIORITY", "$LEVEL", "$TAG", "$YEAR-$MONTH-$DAY $HOUR:$MIN:$SEC", "$PROGRAM", "$MSG", "$SEQNUM")
        indexes("host", "facility", "priority", "datetime", "program", "seq"));
};

of course, the configuration like this
destination d_mysql {
    program("/usr/bin/mysql -usyslogadmin -psyslogadmin syslog"
    template("INSERT INTO logs (host, facility, priority, level, tag, datetime, program, msg)
    VALUES ( '$HOST', '$FACILITY', '$PRIORITY', '$LEVEL', '$TAG', '$YEAR-$MONTH-$DAY $HOUR:$MIN:$SEC', '$PROGRAM', '$MSG' );\n")
    template-escape(yes));
};
run OK, but I would like to use the sql() statement instead;

what can I do?

Is the sql() command supported by the syslog-ng 3.0.4?

Thank you.


Una risposta istantanea? Usa Messenger da Hotmail
______________________________________________________________________________
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
FAQ: http://www.campin.net/syslog-ng/faq.html

Charles Jennings | 5 Oct 20:00 2009
Picon

Re: Forwarding messages

Make sure that keep_hostname(yes) is set on both the 1st syslog-ng server and the 2nd syslog-ng server.

From: syslog-ng-bounces <at> lists.balabit.hu [mailto:syslog-ng-bounces <at> lists.balabit.hu] On Behalf Of PAUL WILLIAMSON
Sent: Sunday, October 04, 2009 12:45 PM
To: syslog-ng <at> lists.balabit.hu
Subject: [syslog-ng] Forwarding messages

I am receiving messages from 5 devices that I need to send to a remote machine for
specific analysis.  Right now, the messages are getting interpreted as coming
from the central syslog host, not the individual devices.  Is there any option
to tell syslog-ng to forward as the original hostname, or should I focus on
looking for options in the other system?  I have the keep_hostname(yes) option
enabled, but that isn't working the way I was hoping.
 
Thanks,
Paul
************************************ This email may contain privileged and/or confidential information that is intended solely for the use of the addressee. If you are not the intended recipient or entity, you are strictly prohibited from disclosing, copying, distributing or using any of the information contained in the transmission. If you received this communication in error, please contact the sender immediately and destroy the material in its entirety, whether electronic or hard copy. This communication may contain nonpublic personal information about consumers subject to the restrictions of the Gramm-Leach-Bliley Act and the Sarbanes-Oxley Act. You may not directly or indirectly reuse or disclose such information for any purpose other than to provide the services for which you are receiving the information. There are risks associated with the use of electronic transmission. The sender of this information does not control the method of transmittal or service providers and assumes no duty or obligation for the security, receipt, or third party interception of this transmission. ************************************
______________________________________________________________________________
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
FAQ: http://www.campin.net/syslog-ng/faq.html

Jean F. Mousinho | 6 Oct 15:07 2009
Picon

up to date syslog-ng.conf ?

Hello,

I'm trying to use a compiled version of syslog-ng (3.0.4) tho I'm not
successful to find a syslog-ng.conf file that cames with that package
and is up to date. Find reveals several configuration files:

./debian/syslog-ng.conf
./contrib/hpux-packaging/syslog-ng.conf
./contrib/rhel-packaging/syslog-ng.conf
./contrib/aix-packaging/syslog-ng.conf
./contrib/fedora-packaging/syslog-ng.conf

tho, none of them has  <at> version keyword in the head, so syslog-ng is
nagging for not being able to determine the configuration version.

I'm running syslog-ng manually from the ./src specifing the
configuration file from the command line (using -f).

So the question is, where is the syslog-ng.conf for the 3.0.4 version
(after doing ./configure .. and make) ?

Thanks for your help.

Jean F. Mousinho

______________________________________________________________________________
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
FAQ: http://www.campin.net/syslog-ng/faq.html

Ross, Michael W. | 6 Oct 15:32 2009
Picon

trying to install syslog-ng 3.0.4 and drivers for oracle

We are trying to get syslog-ng (OSE) 3.0.4 on Red Hat AS 4 to feed into an oracle DB using the sql() destination.

 

We get syslog-ng to install and run A-OK and we think we have it configured right. 

 

What we are struggling with is what all we need to install in addition to syslog-ng.  We have installed libdbi-0.8.3.1 and libdbi-devel-0.8.3.1.  We have not been able to find the specific oracle driver, which we think we need.

 

Do we need the specific oracle driver, if so where can we find it? 

 

Thanks…

 

 

 

          Mike

 

 

 

 

 

______________________________________________________________________________
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
FAQ: http://www.campin.net/syslog-ng/faq.html


Gmane