Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Problems starting syslog-ng

Posted on 2007-11-28
2
Medium Priority
?
2,580 Views
Last Modified: 2013-12-06
I've configured (i think) syslog-ng to listen on all interfaces, and I want to monitor all of our SonicWalls for every office.  I'm going to point all of them at our syslog-ng server (Fedora Core 6 machine)

Problem is, when I try to start syslog-ng, I'm getting this error:

"[root@nagios log]# service syslog-ng start
Starting syslog-ng: syntax error at 49
Parse error reading configuration file, exiting. (line 49)
                                                           [FAILED]"

Line 49 signifies the start of the desination parameters.  Can anyone help?  I've attached my syslog-ng.conf file to this post.  Hopefully I have it configured right.  I've also included mysql support to inject data into our mysql database.

Thanks in advance.



# syslog-ng configuration file.
#
# This should behave pretty much like the original syslog on RedHat. But
# it could be configured a lot smarter.
#
# See syslog-ng(8) and syslog-ng.conf(5) for more information.
#
# 20000925 gb@sysfive.com
#
# Updated by Frank Crawford (<Frank.Crawford@ac3.com.au>) - 10 Aug 2002
#       - for Red Hat 7.3
#       - totally do away with klogd
#       - add message "kernel:" as is done with klogd.
#
# Updated by Frank Crawford (<Frank.Crawford@ac3.com.au>) - 22 Aug 2002
#       - use the log_prefix option as per Balazs Scheidler's email
#
# Updated by Jose Pedro Oliveira (<jpo at di.uminho.pt>) - 05 Apr 2003
#       - corrected filters 'f_filter2' and 'f_filter6'
#     these filters were only allowing messages of one specific
#     priority level; they should be allowing messages from that
#     priority and upper levels.
#
# Updated by Jose Pedro Oliveira (<jpo at di.uminho.pt>) - 25 Jan 2005
#   - Don't sync the d_mail destination
#
# Updated by Jose Pedro Oliveira (<jpo at di.uminho.pt>) - 01 Feb 2005
#   - /proc/kmsg is a file not a pipe.
#     (https://lists.balabit.hu/pipermail/syslog-ng/2005-February/006963.html)
#
 
options {
    sync (0);
    time_reopen (10);
    log_fifo_size (1000);
    long_hostnames (off);
    use_dns (no);
    use_fqdn (no);
    create_dirs (no);
    keep_hostname (yes);
};
 
# SonicWall syslog
source sonicwall {
    internal();
    udp(ip(0.0.0.0) port(514));
    tcp(ip(0.0.0.0) port(514));
 
destination d_cons { file("/dev/console"); };
destination d_mesg { file("/var/log/messages"); };
destination d_auth { file("/var/log/secure"); };
destination d_mail { file("/var/log/maillog" sync(10)); };
destination d_spol { file("/var/log/spooler"); };
destination d_boot { file("/var/log/boot.log"); };
destination d_cron { file("/var/log/cron"); };
destination d_mlal { usertty("*"); };
 
# MySQL added
destination d_mysql {
pipe("/tmp/mysql.pipe"
template("INSERT INTO logs (host, facility, priority, level, tag, date,
time, program, msg) VALUES ( '$HOST', '$FACILITY', '$PRIORITY', '$LEVEL','$TAG',
'$YEAR-$MONTH-$DAY', '$HOUR:$MIN:$SEC', '$PROGRAM', '$MSG' );\n") template-escape(yes));
};
 
log {
    source(sonicwall); destination(d_mysql);
 };
 
# end of MySQL added
 
#filter f_filter1   { facility(kern); };
filter f_filter2   { level(info..emerg) and
                     not facility(mail,authpriv,cron); };
filter f_filter3   { facility(authpriv); };
filter f_filter4   { facility(mail); };
filter f_filter5   { level(emerg); };
filter f_filter6   { facility(uucp) or
                     (facility(news) and level(crit..emerg)); };
filter f_filter7   { facility(local7); };
filter f_filter8   { facility(cron); };
 
#log { source(s_sys); filter(f_filter1); destination(d_cons); };
log { source(s_sys); filter(f_filter2); destination(d_mesg); };
log { source(s_sys); filter(f_filter3); destination(d_auth); };
log { source(s_sys); filter(f_filter4); destination(d_mail); };
log { source(s_sys); filter(f_filter5); destination(d_mlal); };
log { source(s_sys); filter(f_filter6); destination(d_spol); };
log { source(s_sys); filter(f_filter7); destination(d_boot); };
log { source(s_sys); filter(f_filter8); destination(d_cron); };

Open in new window

0
Comment
Question by:JWeb Admin
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 

Author Comment

by:JWeb Admin
ID: 20368942
OK, update.  Here is my new syslog-ng.conf file.  It starts, but I don't see any data being injected into the SQL database "logs"

I have 1 Sonicwall pointing to our syslog-ng server, but no results yet?

Can anyone help?
# syslog-ng configuration file.
#
# This should behave pretty much like the original syslog on RedHat. But
# it could be configured a lot smarter.
#
# See syslog-ng(8) and syslog-ng.conf(5) for more information.
#
# 20000925 gb@sysfive.com
#
# Updated by Frank Crawford (<Frank.Crawford@ac3.com.au>) - 10 Aug 2002
#       - for Red Hat 7.3
#       - totally do away with klogd
#       - add message "kernel:" as is done with klogd.
#
# Updated by Frank Crawford (<Frank.Crawford@ac3.com.au>) - 22 Aug 2002
#       - use the log_prefix option as per Balazs Scheidler's email
#
# Updated by Jose Pedro Oliveira (<jpo at di.uminho.pt>) - 05 Apr 2003
#       - corrected filters 'f_filter2' and 'f_filter6'
#     these filters were only allowing messages of one specific
#     priority level; they should be allowing messages from that
#     priority and upper levels.
#
# Updated by Jose Pedro Oliveira (<jpo at di.uminho.pt>) - 25 Jan 2005
#   - Don't sync the d_mail destination
#
# Updated by Jose Pedro Oliveira (<jpo at di.uminho.pt>) - 01 Feb 2005
#   - /proc/kmsg is a file not a pipe.
#     (https://lists.balabit.hu/pipermail/syslog-ng/2005-February/006963.html)
#
 
options {
    sync (0);
    time_reopen (10);
    log_fifo_size (1000);
    long_hostnames (off);
    use_dns (no);
    use_fqdn (no);
    create_dirs (no);
    keep_hostname (yes);
};
 
# SonicWall syslog
source sonicwall {
    internal();
    udp(ip(0.0.0.0) port(514));
    tcp(ip(0.0.0.0) port(514));
};
 
#destination d_cons { file("/dev/console"); };
#destination d_mesg { file("/var/log/messages"); };
#destination d_auth { file("/var/log/secure"); };
#destination d_mail { file("/var/log/maillog" sync(10)); };
#destination d_spol { file("/var/log/spooler"); };
#destination d_boot { file("/var/log/boot.log"); };
#destination d_cron { file("/var/log/cron"); };
#destination d_mlal { usertty("*"); };
 
# MySQL added
destination d_mysql {
pipe("/tmp/mysql.pipe"
template("INSERT INTO logs (host, facility, priority, level, tag, date,
time, program, msg) VALUES ( '$HOST', '$FACILITY', '$PRIORITY', '$LEVEL','$TAG',
'$YEAR-$MONTH-$DAY', '$HOUR:$MIN:$SEC', '$PROGRAM', '$MSG' );\n") template-escape(yes));
};
 
log {
    source(sonicwall); destination(d_mysql);
 };
 
# end of MySQL added
 
#filter f_filter1   { facility(kern); };
filter f_filter2   { level(info..emerg) and
                     not facility(mail,authpriv,cron); };
filter f_filter3   { facility(authpriv); };
filter f_filter4   { facility(mail); };
filter f_filter5   { level(emerg); };
filter f_filter6   { facility(uucp) or
                     (facility(news) and level(crit..emerg)); };
filter f_filter7   { facility(local7); };
filter f_filter8   { facility(cron); };
 
#log { source(s_sys); filter(f_filter1); destination(d_cons); };
#log { source(s_sys); filter(f_filter2); destination(d_mesg); };
#log { source(s_sys); filter(f_filter3); destination(d_auth); };
#log { source(s_sys); filter(f_filter4); destination(d_mail); };
#log { source(s_sys); filter(f_filter5); destination(d_mlal); };
#log { source(s_sys); filter(f_filter6); destination(d_spol); };
#log { source(s_sys); filter(f_filter7); destination(d_boot); };
#log { source(s_sys); filter(f_filter8); destination(d_cron); };

Open in new window

0
 
LVL 1

Accepted Solution

by:
weisso5 earned 2000 total points
ID: 20502083
# SonicWall syslog
source sonicwall {
    internal();
    udp(ip(0.0.0.0) port(514));
    tcp(ip(0.0.0.0) port(514));


Try closing this command out, you have an open "{" but no close "}"
0

Featured Post

Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This post looks at MongoDB and MySQL, and covers high-level MongoDB strengths, weaknesses, features, and uses from the perspective of an SQL user.
By, Vadim Tkachenko. In this article we’ll look at ClickHouse on its one year anniversary.
How to Install VMware Tools in Red Hat Enterprise Linux 6.4 (RHEL 6.4) Step-by-Step Tutorial
In this video, Percona Solution Engineer Dimitri Vanoverbeke discusses why you want to use at least three nodes in a database cluster. To discuss how Percona Consulting can help with your design and architecture needs for your database and infras…
Suggested Courses

610 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question