syslog-ng newbie

[tgiles]

Hi, All.

This is my first time working with syslog-ng and I think I'm getting stumped by how to send logs out from the server to my log server. I followed all the docs and examples that I could get my hands on, but not seeing this server reporting in to the log server at all. The server is available on TCP 514 and I validated that worked fine.

Here's a sample with what I came up with. and trying to use on a RHEL4 system. To test logging, I tried running logger on the system to throw messages out. Nothing showed up on the far end.

Code:

options {
        keep_hostname(yes);
        long_hostnames(off);
        sync(0);
        log_fifo_size(1024);
};

source src {
        pipe("/proc/kmsg");
        unix-stream("/dev/log");
        internal();
};

destination cron { file("/var/log/cron"); };
destination messages { file("/var/log/messages"); };

log { source(src); destination(messages); };
log { source(src); destination(cron); };

destination loghost {
        tcp("198.299.199.99" port(514));
};

log {
        source(src);
        destination(loghost);
};

Have any thoughts, or see anything that could trip me up?

Thanks!

tom

[mutex]

I would first try logging to a local file to make sure that syslog-ng is actually catching the logs.  That way we start to know where to look for the problem.  Something like this:

Code:

options {
        keep_hostname(yes);
        long_hostnames(off);
        sync(0);
        log_fifo_size(1024);
};

source src {
        pipe("/proc/kmsg");
        unix-stream("/dev/log");
        internal();
};

destination cron { file("/var/log/cron"); };
destination messages { file("/var/log/messages"); };

log { source(src); destination(messages); };
log { source(src); destination(cron); };

destination loghost {
        tcp("198.299.199.99" port(514));
};
destination logfile {
 file("/var/log/temp.log"
  owner("root")
  group("log")
  perm(0660)
  create_dirs(yes)
  dir_owner(root)
  dir_group("log")
  dir_perm(0770)
 );
};

log {
        source(src);
        destination(loghost);
        destination(logfile);
};

[tgiles]

Thanks a ton for the response, mutex!

I created a new config file as per your recommendation. There's nothing happening. No files are getting created.

* I noted there was no "log" group on the system, so I added the group, just in case. Same result after bouncing syslog-ng
* I also noted some odd process called minilogd which would kick off after I stopped the syslog-ng process. Killed it off, just in case it was causing some unforeseen issue. Same problem.

Ok. I think I see what the issue is.

I ended up running syslog-ng in debug mode to see what it would report back...

Code:

/usr/local/sbin/syslog-ng -d -v

and got an error...

Code:

/usr/local/sbin/syslog-ng: /lib/tls/libc.so.6: version `GLIBC_2.4' not found (required by /usr/local/sbin/syslog-ng)

It looks like there's a missing library- so, I'll get that installed and continue forward with your recommendations.

I had another (offtopic) thought. To anyone's knowledge, has anyone made available any statically compiled executables? I attempted last night (on one of my personal Ubuntu systems) and it wouldn't compile at all.

Ok, just curious. Thanks again for all the assist. Will update once I get those libs setup.

Cheers,

tom

[mutex]

After you get the library installed, try starting syslog-ng in debug mode again. If that checks out, it'll probably work fine.