LinuxQuestions.org
Register a domain and help support LQ
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices

Reply
 
Search this Thread
Old 01-23-2009, 12:58 PM   #1
sir-lancealot
Member
 
Registered: Aug 2007
Posts: 336

Rep: Reputation: 31
syslog-ng -> syslog-ng logging, how to troubleshoot


Well now both the client and server are running syslog-ng. I don't see anything on the server side who is going to collect from a few servers, but not sure how to debug or just test/watch the connection, etc. to try and see why there is no file creation/update.

The server config looks like;
options {
sync (0);
time_reopen (10);
log_fifo_size (1000);
long_hostnames (off);
use_dns (no);
use_fqdn (no);
create_dirs (no);
keep_hostname (yes);
};

source s_sys {
file ("/proc/kmsg" log_prefix("kernel: "));
unix-stream ("/dev/log");
internal();
udp(ip(0.0.0.0) port(514));
};

destination send_http_logs { file("/var/log/web.log"); };

filter send_http_logs {
program("httpd.*");
};

log {
source(s_sys);
filter(send_http_logs);
destination(send_http_logs);
};


The client looks like;
options {
sync (0);
time_reopen (10);
log_fifo_size (1000);
long_hostnames (off);
use_dns (no);
use_fqdn (no);
create_dirs (no);
keep_hostname (yes);
};

source s_sys {
file ("/proc/kmsg" log_prefix("kernel: "));
unix-stream ("/dev/log");
internal();
# udp(ip(0.0.0.0) port(514));
};

destination send_http_logs { udp("192.168.2.54" port(514)); };

filter send_http_logs {
program("httpd.*");
};

log {
source(s_sys);
filter(send_http_logs);
destination(send_http_logs);
};

Both servers are running syslog-ng (I assume syslog can still run as well). I would figure the server would have a file /var/log/web.log but nothing. I did create one, add perm's but still nothing, and I don't see anything jumping out in messages either.

Thanks.
 
Old 01-24-2009, 07:07 AM   #2
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,414

Rep: Reputation: 1967Reputation: 1967Reputation: 1967Reputation: 1967Reputation: 1967Reputation: 1967Reputation: 1967Reputation: 1967Reputation: 1967Reputation: 1967Reputation: 1967
you certainly *CAN'T* run them both at the same time. stop and uninstall sysklogd / syslogd & klogd and restart syslog-ng. if there are no obvious problems in general, use wireshark / tcpdump to watch for the actual netwrok traffic to find if it's a client or server issue. I wouldn't rely on program details in a filter on a remote server, only the local client. you should really use basic string matching or syslog prio / facility fields once your going across a network.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
LXer: OpenLDAP Quick Tips: Using syslog or syslog-ng with slapd for OpenLDAP logging LXer Syndicated Linux News 0 11-14-2008 09:41 PM
PHP not logging via syslog-ng fukawi2 Linux - Server 2 07-02-2008 05:49 AM
syslog-ng is not logging coreno Linux - Software 4 09-08-2007 02:13 PM
syslog to postgres logging sir-lancealot Linux - Software 1 08-30-2007 05:09 AM
Logging/syslog s0n|k Linux - Newbie 2 03-13-2006 08:36 PM


All times are GMT -5. The time now is 04:25 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration