Solved

Problems starting syslog-ng

Posted on 2007-11-28
2
2,475 Views
Last Modified: 2013-12-06
I've configured (i think) syslog-ng to listen on all interfaces, and I want to monitor all of our SonicWalls for every office.  I'm going to point all of them at our syslog-ng server (Fedora Core 6 machine)

Problem is, when I try to start syslog-ng, I'm getting this error:

"[root@nagios log]# service syslog-ng start
Starting syslog-ng: syntax error at 49
Parse error reading configuration file, exiting. (line 49)
                                                           [FAILED]"

Line 49 signifies the start of the desination parameters.  Can anyone help?  I've attached my syslog-ng.conf file to this post.  Hopefully I have it configured right.  I've also included mysql support to inject data into our mysql database.

Thanks in advance.



# syslog-ng configuration file.
#
# This should behave pretty much like the original syslog on RedHat. But
# it could be configured a lot smarter.
#
# See syslog-ng(8) and syslog-ng.conf(5) for more information.
#
# 20000925 gb@sysfive.com
#
# Updated by Frank Crawford (<Frank.Crawford@ac3.com.au>) - 10 Aug 2002
#       - for Red Hat 7.3
#       - totally do away with klogd
#       - add message "kernel:" as is done with klogd.
#
# Updated by Frank Crawford (<Frank.Crawford@ac3.com.au>) - 22 Aug 2002
#       - use the log_prefix option as per Balazs Scheidler's email
#
# Updated by Jose Pedro Oliveira (<jpo at di.uminho.pt>) - 05 Apr 2003
#       - corrected filters 'f_filter2' and 'f_filter6'
#     these filters were only allowing messages of one specific
#     priority level; they should be allowing messages from that
#     priority and upper levels.
#
# Updated by Jose Pedro Oliveira (<jpo at di.uminho.pt>) - 25 Jan 2005
#   - Don't sync the d_mail destination
#
# Updated by Jose Pedro Oliveira (<jpo at di.uminho.pt>) - 01 Feb 2005
#   - /proc/kmsg is a file not a pipe.
#     (https://lists.balabit.hu/pipermail/syslog-ng/2005-February/006963.html)
#
 
options {
    sync (0);
    time_reopen (10);
    log_fifo_size (1000);
    long_hostnames (off);
    use_dns (no);
    use_fqdn (no);
    create_dirs (no);
    keep_hostname (yes);
};
 
# SonicWall syslog
source sonicwall {
    internal();
    udp(ip(0.0.0.0) port(514));
    tcp(ip(0.0.0.0) port(514));
 
destination d_cons { file("/dev/console"); };
destination d_mesg { file("/var/log/messages"); };
destination d_auth { file("/var/log/secure"); };
destination d_mail { file("/var/log/maillog" sync(10)); };
destination d_spol { file("/var/log/spooler"); };
destination d_boot { file("/var/log/boot.log"); };
destination d_cron { file("/var/log/cron"); };
destination d_mlal { usertty("*"); };
 
# MySQL added
destination d_mysql {
pipe("/tmp/mysql.pipe"
template("INSERT INTO logs (host, facility, priority, level, tag, date,
time, program, msg) VALUES ( '$HOST', '$FACILITY', '$PRIORITY', '$LEVEL','$TAG',
'$YEAR-$MONTH-$DAY', '$HOUR:$MIN:$SEC', '$PROGRAM', '$MSG' );\n") template-escape(yes));
};
 
log {
    source(sonicwall); destination(d_mysql);
 };
 
# end of MySQL added
 
#filter f_filter1   { facility(kern); };
filter f_filter2   { level(info..emerg) and
                     not facility(mail,authpriv,cron); };
filter f_filter3   { facility(authpriv); };
filter f_filter4   { facility(mail); };
filter f_filter5   { level(emerg); };
filter f_filter6   { facility(uucp) or
                     (facility(news) and level(crit..emerg)); };
filter f_filter7   { facility(local7); };
filter f_filter8   { facility(cron); };
 
#log { source(s_sys); filter(f_filter1); destination(d_cons); };
log { source(s_sys); filter(f_filter2); destination(d_mesg); };
log { source(s_sys); filter(f_filter3); destination(d_auth); };
log { source(s_sys); filter(f_filter4); destination(d_mail); };
log { source(s_sys); filter(f_filter5); destination(d_mlal); };
log { source(s_sys); filter(f_filter6); destination(d_spol); };
log { source(s_sys); filter(f_filter7); destination(d_boot); };
log { source(s_sys); filter(f_filter8); destination(d_cron); };

Open in new window

0
Comment
Question by:JWeb Admin
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 

Author Comment

by:JWeb Admin
ID: 20368942
OK, update.  Here is my new syslog-ng.conf file.  It starts, but I don't see any data being injected into the SQL database "logs"

I have 1 Sonicwall pointing to our syslog-ng server, but no results yet?

Can anyone help?
# syslog-ng configuration file.
#
# This should behave pretty much like the original syslog on RedHat. But
# it could be configured a lot smarter.
#
# See syslog-ng(8) and syslog-ng.conf(5) for more information.
#
# 20000925 gb@sysfive.com
#
# Updated by Frank Crawford (<Frank.Crawford@ac3.com.au>) - 10 Aug 2002
#       - for Red Hat 7.3
#       - totally do away with klogd
#       - add message "kernel:" as is done with klogd.
#
# Updated by Frank Crawford (<Frank.Crawford@ac3.com.au>) - 22 Aug 2002
#       - use the log_prefix option as per Balazs Scheidler's email
#
# Updated by Jose Pedro Oliveira (<jpo at di.uminho.pt>) - 05 Apr 2003
#       - corrected filters 'f_filter2' and 'f_filter6'
#     these filters were only allowing messages of one specific
#     priority level; they should be allowing messages from that
#     priority and upper levels.
#
# Updated by Jose Pedro Oliveira (<jpo at di.uminho.pt>) - 25 Jan 2005
#   - Don't sync the d_mail destination
#
# Updated by Jose Pedro Oliveira (<jpo at di.uminho.pt>) - 01 Feb 2005
#   - /proc/kmsg is a file not a pipe.
#     (https://lists.balabit.hu/pipermail/syslog-ng/2005-February/006963.html)
#
 
options {
    sync (0);
    time_reopen (10);
    log_fifo_size (1000);
    long_hostnames (off);
    use_dns (no);
    use_fqdn (no);
    create_dirs (no);
    keep_hostname (yes);
};
 
# SonicWall syslog
source sonicwall {
    internal();
    udp(ip(0.0.0.0) port(514));
    tcp(ip(0.0.0.0) port(514));
};
 
#destination d_cons { file("/dev/console"); };
#destination d_mesg { file("/var/log/messages"); };
#destination d_auth { file("/var/log/secure"); };
#destination d_mail { file("/var/log/maillog" sync(10)); };
#destination d_spol { file("/var/log/spooler"); };
#destination d_boot { file("/var/log/boot.log"); };
#destination d_cron { file("/var/log/cron"); };
#destination d_mlal { usertty("*"); };
 
# MySQL added
destination d_mysql {
pipe("/tmp/mysql.pipe"
template("INSERT INTO logs (host, facility, priority, level, tag, date,
time, program, msg) VALUES ( '$HOST', '$FACILITY', '$PRIORITY', '$LEVEL','$TAG',
'$YEAR-$MONTH-$DAY', '$HOUR:$MIN:$SEC', '$PROGRAM', '$MSG' );\n") template-escape(yes));
};
 
log {
    source(sonicwall); destination(d_mysql);
 };
 
# end of MySQL added
 
#filter f_filter1   { facility(kern); };
filter f_filter2   { level(info..emerg) and
                     not facility(mail,authpriv,cron); };
filter f_filter3   { facility(authpriv); };
filter f_filter4   { facility(mail); };
filter f_filter5   { level(emerg); };
filter f_filter6   { facility(uucp) or
                     (facility(news) and level(crit..emerg)); };
filter f_filter7   { facility(local7); };
filter f_filter8   { facility(cron); };
 
#log { source(s_sys); filter(f_filter1); destination(d_cons); };
#log { source(s_sys); filter(f_filter2); destination(d_mesg); };
#log { source(s_sys); filter(f_filter3); destination(d_auth); };
#log { source(s_sys); filter(f_filter4); destination(d_mail); };
#log { source(s_sys); filter(f_filter5); destination(d_mlal); };
#log { source(s_sys); filter(f_filter6); destination(d_spol); };
#log { source(s_sys); filter(f_filter7); destination(d_boot); };
#log { source(s_sys); filter(f_filter8); destination(d_cron); };

Open in new window

0
 
LVL 1

Accepted Solution

by:
weisso5 earned 500 total points
ID: 20502083
# SonicWall syslog
source sonicwall {
    internal();
    udp(ip(0.0.0.0) port(514));
    tcp(ip(0.0.0.0) port(514));


Try closing this command out, you have an open "{" but no close "}"
0

Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

As a database administrator, you may need to audit your table(s) to determine whether the data types are optimal for your real-world data needs.  This Article is intended to be a resource for such a task. Preface The other day, I was involved …
Load balancing is the method of dividing the total amount of work performed by one computer between two or more computers. Its aim is to get more work done in the same amount of time, ensuring that all the users get served faster.
How to Install VMware Tools in Red Hat Enterprise Linux 6.4 (RHEL 6.4) Step-by-Step Tutorial

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question