Syslog-ng Remote logging won't work

Posted on 2005-04-26
Last Modified: 2012-06-27
I've got syslog-ng running on my server. I set the client to log tot my server by editing the /etc/syslog.conf and add *.* @ip
Now i'm trying to configure my server where syslog-ng is running but i can't seem to get it working

my configfile of syslog-ng on the server

source s_sys { file ("/proc/kmsg" log_prefix("kernel: ")); unix-stream ("/dev/log"); internal(); };
source s_test { udp( ip(""); port("514");); };

destination d_cons { file("/dev/console"); };
destination d_mesg { file("/var/log/messages"); };
destination d_auth { file("/var/log/secure"); };
destination d_mail { file("/var/log/maillog"); };
destination d_spol { file("/var/log/spooler"); };
destination d_boot { file("/var/log/boot.log"); };
destination d_cron { file("/var/log/cron"); };
destination d_mlal { usertty("*"); };
destination d_hosts {file("/var/log/$HOST" owner(root) group(root) perm(0755) dir_perm(0755) create_dirs(yes)); };

filter f_filter1     { facility(kern); };
filter f_filter2     { level(info) and
                     not (facility(mail)
                        or facility(authpriv) or facility(cron)); };
filter f_filter3     { facility(authpriv); };
filter f_filter4     { facility(mail); };
filter f_filter5     { level(emerg); };
filter f_filter6     { facility(uucp) or
                     (facility(news) and level(crit)); };
filter f_filter7     { facility(local7); };
filter f_filter8     { facility(cron); };

#log { source(s_sys); filter(f_filter1); destination(d_cons); };
log { source(s_sys); filter(f_filter2); destination(d_mesg); };
log { source(s_sys); filter(f_filter3); destination(d_auth); };
log { source(s_sys); filter(f_filter4); destination(d_mail); };
log { source(s_sys); filter(f_filter5); destination(d_mlal); };
log { source(s_sys); filter(f_filter6); destination(d_spol); };
log { source(s_sys); filter(f_filter7); destination(d_boot); };
log { source(s_sys); filter(f_filter8); destination(d_cron); };
log { source(s_test); destination(d_hosts); };

end syslog-ng config

So i added 2 lines to the standerd config file:

source s_test { udp( ip(""); port("514");); };
destination d_hosts {file("/var/log/$HOST" owner(root) group(root) perm(0755) dir_perm(0755) create_dirs(yes)); };
log { source(s_test); destination(d_hosts); };

So what i'm trying to reach is that all syslog messages from the source machine side wich is running basis syslog configured to log remotely) are logged in the folder /var/logl/$host ($host is going to be the name of the source machine).

after configuring it like this i'll get the error there is a error in line 40, and that would be this line:
source s_test { udp( ip(""); port("514");); };

can you guys help me out please

Question by:Mr-sark
    LVL 4

    Expert Comment

    No ";" are allowed inside (), try:
    source s_test { udp( ip("") port("514")); };

    But usually it's like:
    source r_src { tcp(ip("") port(5140)); };
    so I'm not sure if "514" is correct
    LVL 1

    Author Comment

    i know it's that is TCP, but on the client side i run SYSLOGD the basic syslog daemon and that one is using UDP. Should i also install syslog-ng on the client side to get it to use TCP?

    thnx in advance
    LVL 1

    Author Comment

    after applying your line i'll get this error

    Error finding port for service 514.  Falling back to default
    io.c: bind_inet_socket() bind failed Cannot assign requested address
    Error initializing configuration, exiting.
    LVL 4

    Expert Comment

    The syslog port is

    I thought I had made that clear
    LVL 4

    Accepted Solution

    my bad - udp port 514 is the default.

    But according to the error message, port("514") seems to be looking for the service "514", not port number 514 - so changing that would reduce the errors to 2.
    But the fallback tries port 514, and fails...

    Are you sure that machine is set up correctly?
    from man syslogd:
     To have this work correctly the services(5)
           files (typically found in /etc) must have the following entry:

                       syslog          514/udp

           If this entry is missing syslogd neither can  receive  remote  messages
           nor  send  them,  because the UDP port cant be opened.

    Otherwise, I'm stumped...

    LVL 3

    Assisted Solution


    In file

    By default following option will be there

    add "-r" to list to look like

    SYSLOGD_OPTIONS="-m 0 -r"

    -r will allow remote login

    restart syslogd service...

    thats it..


    Featured Post

    6 Surprising Benefits of Threat Intelligence

    All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

    Join & Write a Comment

    I. Introduction There's an interesting discussion going on now in an Experts Exchange Group — Attachments with no extension ( This reminded me of questions tha…
    The purpose of this article is to demonstrate how we can use conditional statements using Python.
    Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
    Connecting to an Amazon Linux EC2 Instance from Windows Using PuTTY.

    746 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    16 Experts available now in Live!

    Get 1:1 Help Now