Solved

Problems starting syslog-ng

Posted on 2007-11-28
2
2,489 Views
Last Modified: 2013-12-06
I've configured (i think) syslog-ng to listen on all interfaces, and I want to monitor all of our SonicWalls for every office.  I'm going to point all of them at our syslog-ng server (Fedora Core 6 machine)

Problem is, when I try to start syslog-ng, I'm getting this error:

"[root@nagios log]# service syslog-ng start
Starting syslog-ng: syntax error at 49
Parse error reading configuration file, exiting. (line 49)
                                                           [FAILED]"

Line 49 signifies the start of the desination parameters.  Can anyone help?  I've attached my syslog-ng.conf file to this post.  Hopefully I have it configured right.  I've also included mysql support to inject data into our mysql database.

Thanks in advance.



# syslog-ng configuration file.
#
# This should behave pretty much like the original syslog on RedHat. But
# it could be configured a lot smarter.
#
# See syslog-ng(8) and syslog-ng.conf(5) for more information.
#
# 20000925 gb@sysfive.com
#
# Updated by Frank Crawford (<Frank.Crawford@ac3.com.au>) - 10 Aug 2002
#       - for Red Hat 7.3
#       - totally do away with klogd
#       - add message "kernel:" as is done with klogd.
#
# Updated by Frank Crawford (<Frank.Crawford@ac3.com.au>) - 22 Aug 2002
#       - use the log_prefix option as per Balazs Scheidler's email
#
# Updated by Jose Pedro Oliveira (<jpo at di.uminho.pt>) - 05 Apr 2003
#       - corrected filters 'f_filter2' and 'f_filter6'
#     these filters were only allowing messages of one specific
#     priority level; they should be allowing messages from that
#     priority and upper levels.
#
# Updated by Jose Pedro Oliveira (<jpo at di.uminho.pt>) - 25 Jan 2005
#   - Don't sync the d_mail destination
#
# Updated by Jose Pedro Oliveira (<jpo at di.uminho.pt>) - 01 Feb 2005
#   - /proc/kmsg is a file not a pipe.
#     (https://lists.balabit.hu/pipermail/syslog-ng/2005-February/006963.html)
#
 
options {
    sync (0);
    time_reopen (10);
    log_fifo_size (1000);
    long_hostnames (off);
    use_dns (no);
    use_fqdn (no);
    create_dirs (no);
    keep_hostname (yes);
};
 
# SonicWall syslog
source sonicwall {
    internal();
    udp(ip(0.0.0.0) port(514));
    tcp(ip(0.0.0.0) port(514));
 
destination d_cons { file("/dev/console"); };
destination d_mesg { file("/var/log/messages"); };
destination d_auth { file("/var/log/secure"); };
destination d_mail { file("/var/log/maillog" sync(10)); };
destination d_spol { file("/var/log/spooler"); };
destination d_boot { file("/var/log/boot.log"); };
destination d_cron { file("/var/log/cron"); };
destination d_mlal { usertty("*"); };
 
# MySQL added
destination d_mysql {
pipe("/tmp/mysql.pipe"
template("INSERT INTO logs (host, facility, priority, level, tag, date,
time, program, msg) VALUES ( '$HOST', '$FACILITY', '$PRIORITY', '$LEVEL','$TAG',
'$YEAR-$MONTH-$DAY', '$HOUR:$MIN:$SEC', '$PROGRAM', '$MSG' );\n") template-escape(yes));
};
 
log {
    source(sonicwall); destination(d_mysql);
 };
 
# end of MySQL added
 
#filter f_filter1   { facility(kern); };
filter f_filter2   { level(info..emerg) and
                     not facility(mail,authpriv,cron); };
filter f_filter3   { facility(authpriv); };
filter f_filter4   { facility(mail); };
filter f_filter5   { level(emerg); };
filter f_filter6   { facility(uucp) or
                     (facility(news) and level(crit..emerg)); };
filter f_filter7   { facility(local7); };
filter f_filter8   { facility(cron); };
 
#log { source(s_sys); filter(f_filter1); destination(d_cons); };
log { source(s_sys); filter(f_filter2); destination(d_mesg); };
log { source(s_sys); filter(f_filter3); destination(d_auth); };
log { source(s_sys); filter(f_filter4); destination(d_mail); };
log { source(s_sys); filter(f_filter5); destination(d_mlal); };
log { source(s_sys); filter(f_filter6); destination(d_spol); };
log { source(s_sys); filter(f_filter7); destination(d_boot); };
log { source(s_sys); filter(f_filter8); destination(d_cron); };

Open in new window

0
Comment
Question by:JWeb Admin
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 

Author Comment

by:JWeb Admin
ID: 20368942
OK, update.  Here is my new syslog-ng.conf file.  It starts, but I don't see any data being injected into the SQL database "logs"

I have 1 Sonicwall pointing to our syslog-ng server, but no results yet?

Can anyone help?
# syslog-ng configuration file.
#
# This should behave pretty much like the original syslog on RedHat. But
# it could be configured a lot smarter.
#
# See syslog-ng(8) and syslog-ng.conf(5) for more information.
#
# 20000925 gb@sysfive.com
#
# Updated by Frank Crawford (<Frank.Crawford@ac3.com.au>) - 10 Aug 2002
#       - for Red Hat 7.3
#       - totally do away with klogd
#       - add message "kernel:" as is done with klogd.
#
# Updated by Frank Crawford (<Frank.Crawford@ac3.com.au>) - 22 Aug 2002
#       - use the log_prefix option as per Balazs Scheidler's email
#
# Updated by Jose Pedro Oliveira (<jpo at di.uminho.pt>) - 05 Apr 2003
#       - corrected filters 'f_filter2' and 'f_filter6'
#     these filters were only allowing messages of one specific
#     priority level; they should be allowing messages from that
#     priority and upper levels.
#
# Updated by Jose Pedro Oliveira (<jpo at di.uminho.pt>) - 25 Jan 2005
#   - Don't sync the d_mail destination
#
# Updated by Jose Pedro Oliveira (<jpo at di.uminho.pt>) - 01 Feb 2005
#   - /proc/kmsg is a file not a pipe.
#     (https://lists.balabit.hu/pipermail/syslog-ng/2005-February/006963.html)
#
 
options {
    sync (0);
    time_reopen (10);
    log_fifo_size (1000);
    long_hostnames (off);
    use_dns (no);
    use_fqdn (no);
    create_dirs (no);
    keep_hostname (yes);
};
 
# SonicWall syslog
source sonicwall {
    internal();
    udp(ip(0.0.0.0) port(514));
    tcp(ip(0.0.0.0) port(514));
};
 
#destination d_cons { file("/dev/console"); };
#destination d_mesg { file("/var/log/messages"); };
#destination d_auth { file("/var/log/secure"); };
#destination d_mail { file("/var/log/maillog" sync(10)); };
#destination d_spol { file("/var/log/spooler"); };
#destination d_boot { file("/var/log/boot.log"); };
#destination d_cron { file("/var/log/cron"); };
#destination d_mlal { usertty("*"); };
 
# MySQL added
destination d_mysql {
pipe("/tmp/mysql.pipe"
template("INSERT INTO logs (host, facility, priority, level, tag, date,
time, program, msg) VALUES ( '$HOST', '$FACILITY', '$PRIORITY', '$LEVEL','$TAG',
'$YEAR-$MONTH-$DAY', '$HOUR:$MIN:$SEC', '$PROGRAM', '$MSG' );\n") template-escape(yes));
};
 
log {
    source(sonicwall); destination(d_mysql);
 };
 
# end of MySQL added
 
#filter f_filter1   { facility(kern); };
filter f_filter2   { level(info..emerg) and
                     not facility(mail,authpriv,cron); };
filter f_filter3   { facility(authpriv); };
filter f_filter4   { facility(mail); };
filter f_filter5   { level(emerg); };
filter f_filter6   { facility(uucp) or
                     (facility(news) and level(crit..emerg)); };
filter f_filter7   { facility(local7); };
filter f_filter8   { facility(cron); };
 
#log { source(s_sys); filter(f_filter1); destination(d_cons); };
#log { source(s_sys); filter(f_filter2); destination(d_mesg); };
#log { source(s_sys); filter(f_filter3); destination(d_auth); };
#log { source(s_sys); filter(f_filter4); destination(d_mail); };
#log { source(s_sys); filter(f_filter5); destination(d_mlal); };
#log { source(s_sys); filter(f_filter6); destination(d_spol); };
#log { source(s_sys); filter(f_filter7); destination(d_boot); };
#log { source(s_sys); filter(f_filter8); destination(d_cron); };

Open in new window

0
 
LVL 1

Accepted Solution

by:
weisso5 earned 500 total points
ID: 20502083
# SonicWall syslog
source sonicwall {
    internal();
    udp(ip(0.0.0.0) port(514));
    tcp(ip(0.0.0.0) port(514));


Try closing this command out, you have an open "{" but no close "}"
0

Featured Post

Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
INDEX does not make a difference, why? 10 70
Unwanted output from my query 5 49
MySQL 6 43
mysql workbecn having problems to export tables to cvs 4 20
Does the idea of dealing with bits scare or confuse you? Does it seem like a waste of time in an age where we all have terabytes of storage? If so, you're missing out on one of the core tools in every professional programmer's toolbox. Learn how to …
Introduction This article is intended for those who are new to PHP error handling (https://www.experts-exchange.com/articles/11769/And-by-the-way-I-am-New-to-PHP.html).  It addresses one of the most common problems that plague beginning PHP develop…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
How to Install VMware Tools in Red Hat Enterprise Linux 6.4 (RHEL 6.4) Step-by-Step Tutorial

738 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question