Hi everyone,
i'm trying to build a server where i will centralize all the logs coming from 2 hosts
(linux ( RH) , Windows VISTA).
what i did,on the RH host is that i changed the syslog-ng.conf :
====================================CLIENT
options {
sync (0);
time_reopen (15);
log_fifo_size (1000);
long_hostnames (off);
use_dns (no);
use_fqdn (yes);
create_dirs (yes);
keep_hostname (yes);
};
source sys { unix-stream ("/dev/log"); internal(); };
destination serveur_syslog { tcp("172.16.1.235" port(5140)); };
log { source(sys); destination(serveur_syslog); };
====================================SERVER
options {
sync (0);
time_reopen (10);
log_fifo_size (1000);
long_hostnames (off);
use_dns (no);
use_fqdn (yes);
create_dirs (yes);
keep_hostname (yes);
};
source s_tcpmessages { tcp(port(5140) max-connections(100)); };
source s_udpmessages { udp (); };
source s_loc { unix-stream ("/dev/log"); internal(); };
destination d_mysql { pipe("/tmp/mysql.pipe" template("INSERT INTO logs (host, facility, priority, level, tag, datetime, program, msg)
VALUES ( '$HOST', '$FACILITY', '$PRIORITY', '$LEVEL', '$TAG', '$YEAR-$MONTH-$DAY $HOUR:$MIN:$SEC', '$PROGRAM', '$MSG' );\n") template-escape(yes));
};
log {
source(s_tcpmessages);
destination(d_mysql);
};
log {
source(s_udpmessages);
destination(d_mysql);
};
log {
source(s_loc);
destination(d_mysql);
};
and when i look on the database Syslog => table Logs
i found lines saying :
16855 idslan syslog err err 2b 2008-07-23 10:46:33 syslog-ng syslog-ng[18899]: Connection failed; error='Connection refused (111)',time_reopen='15'
If Anyone can help
or Any suggestions ??
Please do so.
thanks,
