| View previous topic :: View next topic |
| Author |
Message |
carpman
Advocate
Joined: 20 Jun 2002
Posts: 2202
Location: London - UK
|
 Posted: Thu Jan 22, 2009 4:58 pm Post subject: syslog-ng no logs ? |
 |
|
Hello, ok i have been a lazy last few weeks and did not check the logs on mail server, i did to today and find that there is nothing in the logs, as fair as i remember i have not done any updates since when i last looked and they were working?
From what i can see it is only the mail logs that are working:
| Code: |
/var/log/mail.log
/var/log/mail.info
/var/log/mail.warn
/var/log/mail.err
|
the procmail.log is fine though?
Any ideas?
cheers
/etc/syslog-ng/syslog-ng.conf
| Code: |
# $Header: /var/cvsroot/gentoo-x86/app-admin/syslog-ng/files/syslog-ng.conf.gentoo,v 1.7 2007/08/02 04:52:18 mr_bones_ Exp $
#
# Syslog-ng default configuration file for Gentoo Linux
# contributed by Michael Sterrett
options {
chain_hostnames(off);
sync(0);
# The default action of syslog-ng 1.6.0 is to log a STATS line
# to the file every 10 minutes. That's pretty ugly after a while.
# Change it to every 12 hours so you get a nice daily update of
# how many messages syslog-ng missed (0).
stats(43200);
};
source src {
unix-stream("/dev/log" max-connections(256));
internal();
file("/proc/kmsg");
};
#destination messages { file("/var/log/messages"); };
# By default messages are logged to tty12...
destination console_all { file("/dev/tty12"); };
# ...if you intend to use /dev/console for programs like xconsole
# you can comment out the destination line above that references /dev/tty12
# and uncomment the line below.
#destination console_all { file("/dev/console"); };
#log { source(src); destination(messages); };
#log { source(src); destination(console_all); };
#source where to read log
source src { unix-stream("/dev/log"); internal(); };
source kernsrc { file("/proc/kmsg"); };
#define destinations
destination authlog { file("/var/log/auth.log"); };
destination syslog { file("/var/log/syslog"); };
destination cron { file("/var/log/cron.log"); };
destination daemon { file("/var/log/daemon.log");
destination kern { file("/var/log/kern.log"); };
destination lpr { file("/var/log/lpr.log"); };
destination user { file("/var/log/user.log"); };
destination mail { file("/var/log/mail.log"); };
destination mailinfo { file("/var/log/mail.info"); };
destination mailwarn { file("/var/log/mail.warn"); };
destination mailerr { file("/var/log/mail.err"); };
destination newscrit { file("/var/log/news/news.crit"); };
destination newserr { file("/var/log/news/news.err"); };
destination newsnotice { file("/var/log/news/news.notice"); };
destination debug { file("/var/log/debug"); };
destination messages { file("/var/log/messages"); };
destination console { usertty("root"); };
destination console_all { file("/dev/tty12"); };
destination xconsole { pipe("/dev/xconsole"); };
destination d_shorewall{ file ("/var/log/shorewall/shorewall.log"); };
#create filters
filter f_authpriv { facility(auth, authpriv); };
filter f_syslog { not facility(authpriv, mail); };
filter f_cron { facility(cron); };
filter f_daemon { facility(daemon); };
filter f_kern { facility(kern); };
filter f_lpr { facility(lpr); };
filter f_mail { facility(mail); };
filter f_user { facility(user); };
filter f_debug { not facility(auth, authpriv, news, mail); };
filter f_messages { level(info..warn)
and not facility(auth, authpriv, mail, news); };
filter f_emergency { level(emerg); };
filter f_shorewall { match ("Shorewall"); };
filter f_not_shorewall { not match ("Shorewall"); };
filter f_info { level(info); };
filter f_notice { level(notice); };
filter f_warn { level(warn); };
filter f_crit { level(crit); };
filter f_err { level(err); };
filter f_failed { match("failed"); };
filter f_denied { match("denied"); };
#connect filter and destination
log { source(src); filter(f_authpriv); destination(authlog); };
log { source(src); filter(f_syslog); destination(syslog); };
log { source(src); filter(f_cron); destination(cron); };
log { source(src); filter(f_daemon); destination(daemon); };
log { source(kernsrc); filter(f_kern); destination(kern); };
log { source(src); filter(f_lpr); destination(lpr); };
log { source(src); filter(f_mail); destination(mail); };
log { source(src); filter(f_user); destination(user); };
log { source(src); filter(f_mail); filter(f_info); destination(mailinfo); };
log { source(src); filter(f_mail); filter(f_warn); destination(mailwarn); };
log { source(src); filter(f_mail); filter(f_err); destination(mailerr); };
log { source(src); filter(f_debug); destination(debug); };
log { source(src); filter(f_messages); destination(messages); };
log { source(src); filter(f_emergency); destination(console); };
log { source(src); filter (f_shorewall); destination (d_shorewall); };
#default log
log { source(src); destination(console_all); };
options { long_hostnames(off); sync(0); stats(0); };
destination d_bandwidth {
file("/var/log/bandwidth");
};
filter f_bandwidth {
facility(kern) and priority(debug);
};
log {
source(src);
filter(f_bandwidth);
destination(d_bandwidth);
};
destination RKHunter {
file("/var/log/rkhunter.log");
};
destination syslog {
file("/var/log/syslog");
};
destination Procmail {
file("/var/log/procmail.log");
};
destination DenyHosts {
file("/var/log/denyhosts");
};
#!spamd
# daemon.err;daemon.warn;daemon.info /var/log/spamd
|
aut
_________________
Work Station - 64bit
Gigabyte GA X48-DQ6 Core2duo E8400
8GB GSkill DDR2-1066
SATA Areca 1210 Raid
BFG OC2 8800 GTS 640mb
--------------------------------
Notebook
Samsung Q45 7100 4gb |
|
| Back to top |
|
 |
Bones McCracker
Veteran
Joined: 14 Mar 2006
Posts: 1611
Location: U.S.A.
|
| Posted: Thu Jan 22, 2009 5:23 pm Post subject: |
|
|
One thing I see is that you have "src" defined twice.
You have it defined as:
| Code: | source src {
unix-stream("/dev/log" max-connections(256));
internal();
file("/proc/kmsg");
}; |
And then also as:
| Code: | | source src { unix-stream("/dev/log"); internal(); }; |
Based on your log statements, I suspect you forgot to comment out or delete the first definition of "src". I would expect that the second definition would simply over-ride the first, but maybe it will help if you try it with only the second definition of "src".
Also, it may be simpler to comprehend if you group all your destinations together, all your filters together, and THEN define your log statements. (You have some other small redundancies that shouldn't matter, like defining the destination "syslog" twice.)
If that doesn't help, I suggest you back this file up, and then start by constructing a much simpler syslog-ng.conf file, and building up by adding a change or two at a time. That will verify that the basic logging functionality of the sytem is working okay, and then help you to isolate what exactly is causing problems. |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
Networking & Security
