Solved

Problems starting syslog-ng

Posted on 2007-11-28
2
2,508 Views
Last Modified: 2013-12-06
I've configured (i think) syslog-ng to listen on all interfaces, and I want to monitor all of our SonicWalls for every office.  I'm going to point all of them at our syslog-ng server (Fedora Core 6 machine)

Problem is, when I try to start syslog-ng, I'm getting this error:

"[root@nagios log]# service syslog-ng start
Starting syslog-ng: syntax error at 49
Parse error reading configuration file, exiting. (line 49)
                                                           [FAILED]"

Line 49 signifies the start of the desination parameters.  Can anyone help?  I've attached my syslog-ng.conf file to this post.  Hopefully I have it configured right.  I've also included mysql support to inject data into our mysql database.

Thanks in advance.



# syslog-ng configuration file.
#
# This should behave pretty much like the original syslog on RedHat. But
# it could be configured a lot smarter.
#
# See syslog-ng(8) and syslog-ng.conf(5) for more information.
#
# 20000925 gb@sysfive.com
#
# Updated by Frank Crawford (<Frank.Crawford@ac3.com.au>) - 10 Aug 2002
#       - for Red Hat 7.3
#       - totally do away with klogd
#       - add message "kernel:" as is done with klogd.
#
# Updated by Frank Crawford (<Frank.Crawford@ac3.com.au>) - 22 Aug 2002
#       - use the log_prefix option as per Balazs Scheidler's email
#
# Updated by Jose Pedro Oliveira (<jpo at di.uminho.pt>) - 05 Apr 2003
#       - corrected filters 'f_filter2' and 'f_filter6'
#     these filters were only allowing messages of one specific
#     priority level; they should be allowing messages from that
#     priority and upper levels.
#
# Updated by Jose Pedro Oliveira (<jpo at di.uminho.pt>) - 25 Jan 2005
#   - Don't sync the d_mail destination
#
# Updated by Jose Pedro Oliveira (<jpo at di.uminho.pt>) - 01 Feb 2005
#   - /proc/kmsg is a file not a pipe.
#     (https://lists.balabit.hu/pipermail/syslog-ng/2005-February/006963.html)
#
 
options {
    sync (0);
    time_reopen (10);
    log_fifo_size (1000);
    long_hostnames (off);
    use_dns (no);
    use_fqdn (no);
    create_dirs (no);
    keep_hostname (yes);
};
 
# SonicWall syslog
source sonicwall {
    internal();
    udp(ip(0.0.0.0) port(514));
    tcp(ip(0.0.0.0) port(514));
 
destination d_cons { file("/dev/console"); };
destination d_mesg { file("/var/log/messages"); };
destination d_auth { file("/var/log/secure"); };
destination d_mail { file("/var/log/maillog" sync(10)); };
destination d_spol { file("/var/log/spooler"); };
destination d_boot { file("/var/log/boot.log"); };
destination d_cron { file("/var/log/cron"); };
destination d_mlal { usertty("*"); };
 
# MySQL added
destination d_mysql {
pipe("/tmp/mysql.pipe"
template("INSERT INTO logs (host, facility, priority, level, tag, date,
time, program, msg) VALUES ( '$HOST', '$FACILITY', '$PRIORITY', '$LEVEL','$TAG',
'$YEAR-$MONTH-$DAY', '$HOUR:$MIN:$SEC', '$PROGRAM', '$MSG' );\n") template-escape(yes));
};
 
log {
    source(sonicwall); destination(d_mysql);
 };
 
# end of MySQL added
 
#filter f_filter1   { facility(kern); };
filter f_filter2   { level(info..emerg) and
                     not facility(mail,authpriv,cron); };
filter f_filter3   { facility(authpriv); };
filter f_filter4   { facility(mail); };
filter f_filter5   { level(emerg); };
filter f_filter6   { facility(uucp) or
                     (facility(news) and level(crit..emerg)); };
filter f_filter7   { facility(local7); };
filter f_filter8   { facility(cron); };
 
#log { source(s_sys); filter(f_filter1); destination(d_cons); };
log { source(s_sys); filter(f_filter2); destination(d_mesg); };
log { source(s_sys); filter(f_filter3); destination(d_auth); };
log { source(s_sys); filter(f_filter4); destination(d_mail); };
log { source(s_sys); filter(f_filter5); destination(d_mlal); };
log { source(s_sys); filter(f_filter6); destination(d_spol); };
log { source(s_sys); filter(f_filter7); destination(d_boot); };
log { source(s_sys); filter(f_filter8); destination(d_cron); };

Open in new window

0
Comment
Question by:JWeb Admin
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 

Author Comment

by:JWeb Admin
ID: 20368942
OK, update.  Here is my new syslog-ng.conf file.  It starts, but I don't see any data being injected into the SQL database "logs"

I have 1 Sonicwall pointing to our syslog-ng server, but no results yet?

Can anyone help?
# syslog-ng configuration file.
#
# This should behave pretty much like the original syslog on RedHat. But
# it could be configured a lot smarter.
#
# See syslog-ng(8) and syslog-ng.conf(5) for more information.
#
# 20000925 gb@sysfive.com
#
# Updated by Frank Crawford (<Frank.Crawford@ac3.com.au>) - 10 Aug 2002
#       - for Red Hat 7.3
#       - totally do away with klogd
#       - add message "kernel:" as is done with klogd.
#
# Updated by Frank Crawford (<Frank.Crawford@ac3.com.au>) - 22 Aug 2002
#       - use the log_prefix option as per Balazs Scheidler's email
#
# Updated by Jose Pedro Oliveira (<jpo at di.uminho.pt>) - 05 Apr 2003
#       - corrected filters 'f_filter2' and 'f_filter6'
#     these filters were only allowing messages of one specific
#     priority level; they should be allowing messages from that
#     priority and upper levels.
#
# Updated by Jose Pedro Oliveira (<jpo at di.uminho.pt>) - 25 Jan 2005
#   - Don't sync the d_mail destination
#
# Updated by Jose Pedro Oliveira (<jpo at di.uminho.pt>) - 01 Feb 2005
#   - /proc/kmsg is a file not a pipe.
#     (https://lists.balabit.hu/pipermail/syslog-ng/2005-February/006963.html)
#
 
options {
    sync (0);
    time_reopen (10);
    log_fifo_size (1000);
    long_hostnames (off);
    use_dns (no);
    use_fqdn (no);
    create_dirs (no);
    keep_hostname (yes);
};
 
# SonicWall syslog
source sonicwall {
    internal();
    udp(ip(0.0.0.0) port(514));
    tcp(ip(0.0.0.0) port(514));
};
 
#destination d_cons { file("/dev/console"); };
#destination d_mesg { file("/var/log/messages"); };
#destination d_auth { file("/var/log/secure"); };
#destination d_mail { file("/var/log/maillog" sync(10)); };
#destination d_spol { file("/var/log/spooler"); };
#destination d_boot { file("/var/log/boot.log"); };
#destination d_cron { file("/var/log/cron"); };
#destination d_mlal { usertty("*"); };
 
# MySQL added
destination d_mysql {
pipe("/tmp/mysql.pipe"
template("INSERT INTO logs (host, facility, priority, level, tag, date,
time, program, msg) VALUES ( '$HOST', '$FACILITY', '$PRIORITY', '$LEVEL','$TAG',
'$YEAR-$MONTH-$DAY', '$HOUR:$MIN:$SEC', '$PROGRAM', '$MSG' );\n") template-escape(yes));
};
 
log {
    source(sonicwall); destination(d_mysql);
 };
 
# end of MySQL added
 
#filter f_filter1   { facility(kern); };
filter f_filter2   { level(info..emerg) and
                     not facility(mail,authpriv,cron); };
filter f_filter3   { facility(authpriv); };
filter f_filter4   { facility(mail); };
filter f_filter5   { level(emerg); };
filter f_filter6   { facility(uucp) or
                     (facility(news) and level(crit..emerg)); };
filter f_filter7   { facility(local7); };
filter f_filter8   { facility(cron); };
 
#log { source(s_sys); filter(f_filter1); destination(d_cons); };
#log { source(s_sys); filter(f_filter2); destination(d_mesg); };
#log { source(s_sys); filter(f_filter3); destination(d_auth); };
#log { source(s_sys); filter(f_filter4); destination(d_mail); };
#log { source(s_sys); filter(f_filter5); destination(d_mlal); };
#log { source(s_sys); filter(f_filter6); destination(d_spol); };
#log { source(s_sys); filter(f_filter7); destination(d_boot); };
#log { source(s_sys); filter(f_filter8); destination(d_cron); };

Open in new window

0
 
LVL 1

Accepted Solution

by:
weisso5 earned 500 total points
ID: 20502083
# SonicWall syslog
source sonicwall {
    internal();
    udp(ip(0.0.0.0) port(514));
    tcp(ip(0.0.0.0) port(514));


Try closing this command out, you have an open "{" but no close "}"
0

Featured Post

Do you have a plan for Continuity?

It's inevitable. People leave organizations creating a gap in your service. That's where Percona comes in.

See how Pepper.com relies on Percona to:
-Manage their database
-Guarantee data safety and protection
-Provide database expertise that is available for any situation

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When table data gets too large to manage or queries take too long to execute the solution is often to buy bigger hardware or assign more CPUs and memory resources to the machine to solve the problem. However, the best, cheapest and most effective so…
Containers like Docker and Rocket are getting more popular every day. In my conversations with customers, they consistently ask what containers are and how they can use them in their environment. If you’re as curious as most people, read on. . .
How to Install VMware Tools in Red Hat Enterprise Linux 6.4 (RHEL 6.4) Step-by-Step Tutorial
Add bar graphs to Access queries using Unicode block characters. Graphs appear on every record in the color you want. Give life to numbers. Hopes this gives you ideas on visualizing your data in new ways ~ Create a calculated field in a query: …

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question