Solved

Problems starting syslog-ng

Posted on 2007-11-28
2
2,415 Views
Last Modified: 2013-12-06
I've configured (i think) syslog-ng to listen on all interfaces, and I want to monitor all of our SonicWalls for every office.  I'm going to point all of them at our syslog-ng server (Fedora Core 6 machine)

Problem is, when I try to start syslog-ng, I'm getting this error:

"[root@nagios log]# service syslog-ng start
Starting syslog-ng: syntax error at 49
Parse error reading configuration file, exiting. (line 49)
                                                           [FAILED]"

Line 49 signifies the start of the desination parameters.  Can anyone help?  I've attached my syslog-ng.conf file to this post.  Hopefully I have it configured right.  I've also included mysql support to inject data into our mysql database.

Thanks in advance.



# syslog-ng configuration file.

#

# This should behave pretty much like the original syslog on RedHat. But

# it could be configured a lot smarter.

#

# See syslog-ng(8) and syslog-ng.conf(5) for more information.

#

# 20000925 gb@sysfive.com

#

# Updated by Frank Crawford (<Frank.Crawford@ac3.com.au>) - 10 Aug 2002

#       - for Red Hat 7.3

#       - totally do away with klogd

#       - add message "kernel:" as is done with klogd.

#

# Updated by Frank Crawford (<Frank.Crawford@ac3.com.au>) - 22 Aug 2002

#       - use the log_prefix option as per Balazs Scheidler's email

#

# Updated by Jose Pedro Oliveira (<jpo at di.uminho.pt>) - 05 Apr 2003

#       - corrected filters 'f_filter2' and 'f_filter6'

#     these filters were only allowing messages of one specific

#     priority level; they should be allowing messages from that

#     priority and upper levels.

#

# Updated by Jose Pedro Oliveira (<jpo at di.uminho.pt>) - 25 Jan 2005

#   - Don't sync the d_mail destination

#

# Updated by Jose Pedro Oliveira (<jpo at di.uminho.pt>) - 01 Feb 2005

#   - /proc/kmsg is a file not a pipe.

#     (https://lists.balabit.hu/pipermail/syslog-ng/2005-February/006963.html)

#
 

options {

    sync (0);

    time_reopen (10);

    log_fifo_size (1000);

    long_hostnames (off);

    use_dns (no);

    use_fqdn (no);

    create_dirs (no);

    keep_hostname (yes);

};
 

# SonicWall syslog

source sonicwall {

    internal();

    udp(ip(0.0.0.0) port(514));

    tcp(ip(0.0.0.0) port(514));
 

destination d_cons { file("/dev/console"); };

destination d_mesg { file("/var/log/messages"); };

destination d_auth { file("/var/log/secure"); };

destination d_mail { file("/var/log/maillog" sync(10)); };

destination d_spol { file("/var/log/spooler"); };

destination d_boot { file("/var/log/boot.log"); };

destination d_cron { file("/var/log/cron"); };

destination d_mlal { usertty("*"); };
 

# MySQL added

destination d_mysql {

pipe("/tmp/mysql.pipe"

template("INSERT INTO logs (host, facility, priority, level, tag, date,

time, program, msg) VALUES ( '$HOST', '$FACILITY', '$PRIORITY', '$LEVEL','$TAG',

'$YEAR-$MONTH-$DAY', '$HOUR:$MIN:$SEC', '$PROGRAM', '$MSG' );\n") template-escape(yes));

};
 

log {

    source(sonicwall); destination(d_mysql);

 };
 

# end of MySQL added
 

#filter f_filter1   { facility(kern); };

filter f_filter2   { level(info..emerg) and

                     not facility(mail,authpriv,cron); };

filter f_filter3   { facility(authpriv); };

filter f_filter4   { facility(mail); };

filter f_filter5   { level(emerg); };

filter f_filter6   { facility(uucp) or

                     (facility(news) and level(crit..emerg)); };

filter f_filter7   { facility(local7); };

filter f_filter8   { facility(cron); };
 

#log { source(s_sys); filter(f_filter1); destination(d_cons); };

log { source(s_sys); filter(f_filter2); destination(d_mesg); };

log { source(s_sys); filter(f_filter3); destination(d_auth); };

log { source(s_sys); filter(f_filter4); destination(d_mail); };

log { source(s_sys); filter(f_filter5); destination(d_mlal); };

log { source(s_sys); filter(f_filter6); destination(d_spol); };

log { source(s_sys); filter(f_filter7); destination(d_boot); };

log { source(s_sys); filter(f_filter8); destination(d_cron); };

Open in new window

0
Comment
Question by:JWeb Admin
2 Comments
 

Author Comment

by:JWeb Admin
Comment Utility
OK, update.  Here is my new syslog-ng.conf file.  It starts, but I don't see any data being injected into the SQL database "logs"

I have 1 Sonicwall pointing to our syslog-ng server, but no results yet?

Can anyone help?
# syslog-ng configuration file.

#

# This should behave pretty much like the original syslog on RedHat. But

# it could be configured a lot smarter.

#

# See syslog-ng(8) and syslog-ng.conf(5) for more information.

#

# 20000925 gb@sysfive.com

#

# Updated by Frank Crawford (<Frank.Crawford@ac3.com.au>) - 10 Aug 2002

#       - for Red Hat 7.3

#       - totally do away with klogd

#       - add message "kernel:" as is done with klogd.

#

# Updated by Frank Crawford (<Frank.Crawford@ac3.com.au>) - 22 Aug 2002

#       - use the log_prefix option as per Balazs Scheidler's email

#

# Updated by Jose Pedro Oliveira (<jpo at di.uminho.pt>) - 05 Apr 2003

#       - corrected filters 'f_filter2' and 'f_filter6'

#     these filters were only allowing messages of one specific

#     priority level; they should be allowing messages from that

#     priority and upper levels.

#

# Updated by Jose Pedro Oliveira (<jpo at di.uminho.pt>) - 25 Jan 2005

#   - Don't sync the d_mail destination

#

# Updated by Jose Pedro Oliveira (<jpo at di.uminho.pt>) - 01 Feb 2005

#   - /proc/kmsg is a file not a pipe.

#     (https://lists.balabit.hu/pipermail/syslog-ng/2005-February/006963.html)

#
 

options {

    sync (0);

    time_reopen (10);

    log_fifo_size (1000);

    long_hostnames (off);

    use_dns (no);

    use_fqdn (no);

    create_dirs (no);

    keep_hostname (yes);

};
 

# SonicWall syslog

source sonicwall {

    internal();

    udp(ip(0.0.0.0) port(514));

    tcp(ip(0.0.0.0) port(514));

};
 

#destination d_cons { file("/dev/console"); };

#destination d_mesg { file("/var/log/messages"); };

#destination d_auth { file("/var/log/secure"); };

#destination d_mail { file("/var/log/maillog" sync(10)); };

#destination d_spol { file("/var/log/spooler"); };

#destination d_boot { file("/var/log/boot.log"); };

#destination d_cron { file("/var/log/cron"); };

#destination d_mlal { usertty("*"); };
 

# MySQL added

destination d_mysql {

pipe("/tmp/mysql.pipe"

template("INSERT INTO logs (host, facility, priority, level, tag, date,

time, program, msg) VALUES ( '$HOST', '$FACILITY', '$PRIORITY', '$LEVEL','$TAG',

'$YEAR-$MONTH-$DAY', '$HOUR:$MIN:$SEC', '$PROGRAM', '$MSG' );\n") template-escape(yes));

};
 

log {

    source(sonicwall); destination(d_mysql);

 };
 

# end of MySQL added
 

#filter f_filter1   { facility(kern); };

filter f_filter2   { level(info..emerg) and

                     not facility(mail,authpriv,cron); };

filter f_filter3   { facility(authpriv); };

filter f_filter4   { facility(mail); };

filter f_filter5   { level(emerg); };

filter f_filter6   { facility(uucp) or

                     (facility(news) and level(crit..emerg)); };

filter f_filter7   { facility(local7); };

filter f_filter8   { facility(cron); };
 

#log { source(s_sys); filter(f_filter1); destination(d_cons); };

#log { source(s_sys); filter(f_filter2); destination(d_mesg); };

#log { source(s_sys); filter(f_filter3); destination(d_auth); };

#log { source(s_sys); filter(f_filter4); destination(d_mail); };

#log { source(s_sys); filter(f_filter5); destination(d_mlal); };

#log { source(s_sys); filter(f_filter6); destination(d_spol); };

#log { source(s_sys); filter(f_filter7); destination(d_boot); };

#log { source(s_sys); filter(f_filter8); destination(d_cron); };

Open in new window

0
 
LVL 1

Accepted Solution

by:
weisso5 earned 500 total points
Comment Utility
# SonicWall syslog
source sonicwall {
    internal();
    udp(ip(0.0.0.0) port(514));
    tcp(ip(0.0.0.0) port(514));


Try closing this command out, you have an open "{" but no close "}"
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Foreword In the years since this article was written, numerous hacking attacks have targeted password-protected web sites.  The storage of client passwords has become a subject of much discussion, some of it useful and some of it misguided.  Of cou…
This document is written for Red Hat Enterprise Linux AS release 4 and ORACLE 10g.  Earlier releases can be installed using this document as well however there are some additional steps for packages to be installed see Metalink. Disclaimer: I hav…
Polish reports in Access so they look terrific. Take yourself to another level. Equations, Back Color, Alternate Back Color. Write easy VBA Code. Tighten space to use less pages. Launch report from a menu, considering criteria only when it is filled…
You have products, that come in variants and want to set different prices for them? Watch this micro tutorial that describes how to configure prices for Magento super attributes. Assigning simple products to configurable: We assigned simple products…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now