LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices


Reply
  Search this Thread
Old 03-16-2017, 11:15 AM   #1
Mark_667
Member
 
Registered: Aug 2005
Location: Manchester, England
Distribution: Ubuntu 20.04
Posts: 381

Rep: Reputation: 30
Events not being logged in aggregator


I'm trying to get a SLES 11 system using syslog-ng to log to a syslog aggregator on a second (Cent OS) server using rsyslog.

I stripped down the config to the bare minimum. Here's syslog-ng's configuration from Server1.
Code:
#
# /etc/syslog-ng/syslog-ng.conf
#

#
# Global options.
#
options { long_hostnames(off); flush-lines(1); perm(0640); stats(3600); };

source src {
	#
	# include internal syslog-ng messages
	# note: the internal() soure is required!
	#
	internal();

	#
	# the default log socket for local logging:
	#
	unix-dgram("/dev/log");
};


#
# Enable this and adopt IP to send log messages to a log server.
#
destination logserver { udp("Server2's IP here" port(514)); };
log { source(src); destination(logserver); };
rsyslog changes on server 2. I uncommented:
Code:
# Provides UDP syslog reception
$ModLoad imudp
$UDPServerRun 514

# Provides TCP syslog reception
$ModLoad imtcp
$InputTCPServerRun 514
It looks foolproof enough but when I run the following command I can only see it on server 1.
logger -p kern.crit "Test from server 1"
I've disabled the firewalls on both and the IP address is correct.

I installed remote syslog2 from
http://help.papertrailapp.com/kb/con...remote_syslog2
on server 1. Running the same logger command I got an entry in server 2's /var/log/messages albeit with garbled encoding.

I added the following line to the end of /etc/syslog.conf on an openSuse VM, call it server 3.
*.* Server2's IP here:514
after restarting syslog and again using the logger command I can only see it output in /var/log/messages locally.

As recommended in this article
http://help.papertrailapp.com/kb/con...-reachability/
on the aggregator machine I did:
strace -s 500 -tfp 8639
ran the logger command and got nothing.

On the client I did:
sudo tcpdump -n -s 1500 -X port 514
Ran the logger command and also got nothing.

So what's remote syslog2 doing that my client config isn't?

Last edited by Mark_667; 03-21-2017 at 05:00 AM. Reason: Added remote syslog2 info
 
  


Reply

Tags
aggregator, syslog


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
mce Hardware Error Machine check events logged - botzko Linux - Hardware 4 06-30-2014 12:55 AM
dmesg - "Hardware Error: Machine Check Events Logged" D1ver Slackware 5 10-15-2012 07:45 PM
[SOLVED] how do I stop evdev events being repoted in dmesg, and being logged to syslog GlennsPref Mandriva 1 01-28-2010 12:35 AM
Keyboard events interrupting mouse events. miner49er Linux - Hardware 3 11-04-2008 04:16 AM
Hang on triggering udev events- is there a buildup of events? sonichedgehog Slackware 20 07-11-2008 02:49 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Software

All times are GMT -5. The time now is 08:01 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration