?
Solved

Error in  syslog-ng.conf file on syslog-ng Client

Posted on 2008-11-06
15
Medium Priority
?
3,382 Views
Last Modified: 2013-11-17
I have redhat server as my syslog-ng server and AIX as my client server. I am not able to forward syslog-ng messages on AIX to my syslog-ng server. Here is the error

820>syslog-ng -f syslog-ng.conf
Error binding socket; addr='AF_INET(0.0.0.0:514)', error='Address already in use (67)'
Error initializing source driver; source='s_local'
Here is the Client Configuration file

#
# syslog-ng client configuration: some local logs, in addition to TCP
# logging to central loghost.
#

options
  {
    sync (0);
    stats (0);
    chain_hostnames(no);
    create_dirs (yes);
    dir_perm(0755);
    dns_cache(yes);
    keep_hostname(yes);
    log_fifo_size(2048);
    long_hostnames(on);
    perm(0644);
    time_reopen (10);
    use_dns(yes);
  };

source s_local  { unix-stream ("/dev/log"); udp( ip(0.0.0.0) port(514));  internal(); };

#----------------------------------------------------------------------
#  Standard Log file locations
#----------------------------------------------------------------------
destination d_cons      { file("/dev/console"); };
destination d_mesg      { file("/var/adm/messages"); };
destination d_mail      { file("/var/log/syslog"); };
destination d_auth      { file("/var/log/authlog"); };
destination d_mlop      { usertty("operator"); };
destination d_mlrt      { usertty("root"); };
destination d_mlal      { usertty("*"); };

#----------------------------------------------------------------------
#  Forward to a loghost server
#----------------------------------------------------------------------
destination d_loghostdr   { tcp("10.92.35.31" port(514)); };

#----------------------------------------------------------------------
#  Standard filters for the standard destinations.
#----------------------------------------------------------------------
filter f_filter1   { level(err) or
                     (level(notice) and facility (auth, kern)); };
filter f_filter2   { level(err) or
                     (facility(kern) and level(notice)) or
                     (facility(daemon) and level(notice)) or
                     (facility(mail) and level(crit)); };
filter f_filter3   { level(alert) or
                     (facility(kern) and level(err)) or
                     (facility(daemon) and level(err)); };
filter f_filter4   { level(alert); };
filter f_filter5   { level(emerg); };
filter f_filter6   { facility(kern) and level(notice); };
filter f_filter7   { facility(mail) and level(debug); };
filter f_filter8   { facility(user) and level(err); };
filter f_filter9   { facility(user) and level(alert); };

#----------------------------------------------------------------------
#  Standard logging
#----------------------------------------------------------------------
log { source(s_local); filter(f_filter1); destination(d_cons); };
log { source(s_local); filter(f_filter2); destination(d_mesg); };
log { source(s_local); filter(f_filter3); destination(d_mlop); };
log { source(s_local); filter(f_filter4); destination(d_mlrt); };
log { source(s_local); filter(f_filter5); destination(d_mlal); };
log { source(s_local); filter(f_filter6); destination(d_auth); };
log { source(s_local); filter(f_filter7); destination(d_mail); };
log { source(s_local); filter(f_filter8); destination(d_cons);
                                        destination(d_mesg); };
log { source(s_local); filter(f_filter9); destination(d_mlop);
                                        destination(d_mlrt); };

#----------------------------------------------------------------------
#  Send to a remote loghost
#----------------------------------------------------------------------
log { source(s_local); destination(d_loghostdr); };
----------------------------------------------------------------------------------------------------------
0
Comment
Question by:jdenver247
  • 8
  • 7
15 Comments
 
LVL 68

Expert Comment

by:woolmilkporc
ID: 22899689
Hi,
seems that the port syslog-ng wants to use is already occupied by AIXs own syslog.
Since you don't need this any longer with syslog-ng, stop it with 'stopsrc -s syslog'

You should also remove it from /etc/rc.tcpip (comment it out wih 2 #'s) -
# # start /usr/sbin/syslogd "$src_running"

0
 
LVL 68

Expert Comment

by:woolmilkporc
ID: 22899696
Sorry, the stop command is of course

 'stopsrc -s syslogd'

0
 

Author Comment

by:jdenver247
ID: 22900107
Hello,
 Looks like syslogd is not running and I also commented the start /usr/sbin/syslogd "$src_running". Here are my port info

834>lsof -i :514
lsof: WARNING: compiled for AIX version 5.1.0.0; this is 5.3.0.0.
COMMAND      PID USER   FD   TYPE             DEVICE SIZE/OFF NODE NAME
inetd     139488 root    5u  IPv6 0xf10002000019fb98      0t0  TCP *:shell (LISTEN)
syslog-ng 241754 root    4u  IPv4 0xf100020000aca400      0t0  UDP *:syslog

837>netstat -an |grep 514
tcp        0      0  *.514                  *.*                    LISTEN
udp4       0      0  *.514                  *.*

838>cat /etc/services|grep 514
shell                    514/tcp                # cmd
syslog                  514/udp         #

So I really dont know why its throwing this error...
0
Free Backup Tool for VMware and Hyper-V

Restore full virtual machine or individual guest files from 19 common file systems directly from the backup file. Schedule VM backups with PowerShell scripts. Set desired time, lean back and let the script to notify you via email upon completion.  

 

Author Comment

by:jdenver247
ID: 22900120
Also I am not able to use a logger command to log in  a sample message, I cgecked syslogng was active

841>lssrc -a |grep syslogng
 syslogng         ras              241754       active

840>logger system restart
Could not send msg system restart . Please retry
0
 
LVL 68

Expert Comment

by:woolmilkporc
ID: 22900128
Seems that your syslog-ng is already running -
syslog-ng 241754 root    4u  IPv4 0xf100020000aca400      0t0  UDP *:syslog

0
 
LVL 68

Expert Comment

by:woolmilkporc
ID: 22900177
I think you should not use a port for internal, perhaps this is also the cause of your problem.
Try it this way -
source src { unix-dgram("/dev/log"); internal(); };


0
 

Author Comment

by:jdenver247
ID: 22900226
Hello,
I tried taking off the internal port and seems its working...but here is what I have..

862>syslog-ng -d
root@aixue2:/etc/syslog-ng

863>syslog-ng -f syslog-ng.conf
root@aixue2:/etc/syslog-ng

864>logger -p auth.debug "this is a test"
Could not send msg this is a test . Please retry

So its not logging the sample messages and looks like its also not sending the data to the syslog server...
0
 

Author Comment

by:jdenver247
ID: 22900278
To add to my previous statement I see that its not connecting to my syslog server

Nov  6 17:13:15 aix1.xyzcompany.com syslog-ng[323640]: Log statistics; dropped='tcp(AF_INET(10.20.53.16:514))=0', processed='center(queued)=1178', processed='center(received)=589', processed='destination(console)=0', processed='destination(mail)=0', processed='destination(messages)=589', processed='destination(loghost)=589', processed='destination(lpr)=0', processed='destination(console_all)=0', processed='source(src)=589'


0
 
LVL 68

Expert Comment

by:woolmilkporc
ID: 22900283
Did you change 'src' in my example to your value 's_local'?
0
 

Author Comment

by:jdenver247
ID: 22900312
Yes I did...Here is how its looks now
source s_local  { unix-stream ("/dev/log");  internal(); };
0
 
LVL 68

Expert Comment

by:woolmilkporc
ID: 22900467
Well,
the only thing I see is the 'unix-stream' instead of my 'unix-dgram'. Not sure if this is a problem ...
I assume your loghost 10.92.35.31 has all the 'source' and 'log' statements for this host and has syslog-ng running and listening on port 514?
0
 

Author Comment

by:jdenver247
ID: 22900595
Yes.. syslog-ng is running on the server. Here is my port info

[root@reddev2 syslog-ng]# lsof -i :514
COMMAND     PID USER   FD   TYPE DEVICE SIZE NODE NAME
syslog-ng 12260 root    4u  IPv4 280160       UDP *:syslog
syslog-ng 13907 root    4u  IPv4 287237       UDP *:syslog
syslog-ng 13907 root    5u  IPv4 287238       TCP *:shell (LISTEN)
syslog-ng 13907 root    8u  IPv4 287240       TCP redhat.xyz.com:shell->aix.xyz.com:64880 (ESTABLISHED)
syslog-ng 13907 root   11u  IPv4 287244       TCP redhat.xyz.com:shell->aix.xyz.com:64882 (ESTABLISHED)
syslog-ng 13907 root   12u  IPv4 287245       TCP redhat.xyz.com:shell->aix.xyz.com:64883 (ESTABLISHED)
syslog-ng 13907 root   13u  IPv4 287269       TCP redhat.xyz.com:shell->aix.xyz.com:64894 (ESTABLISHED)
syslog-ng 13907 root   15u  IPv4 287275       TCP redhat.xyz.com:shell->aix.xyz.com:64895 (ESTABLISHED)
syslog-ng 13965 root    4u  IPv4 287496       UDP *:syslog
syslog-ng 13965 root    5u  IPv4 287497       UDP redhat.xyz.com:syslog
syslog-ng 13968 root    4u  IPv4 287505       UDP *:syslog
syslog-ng 13968 root    5u  IPv4 287506       UDP redhat.xyz.com:syslog

[root@redhat syslog-ng]# netstat -an|grep 514
tcp        0      0 0.0.0.0:514                 0.0.0.0:*                   LISTEN
tcp        0      0 10.92.35.31:514             10.92.35.28:64894           ESTABLISHED
tcp        0      0 10.92.35.31:514             10.92.35.28:64895           ESTABLISHED
tcp        0      0 10.92.35.31:514             10.92.35.28:64882           ESTABLISHED
tcp        0      0 10.92.35.31:514             10.92.35.28:64883           ESTABLISHED
tcp        0      0 10.92.35.31:514             10.92.35.28:64880           ESTABLISHED
udp        0      0 10.92.35.31:514             0.0.0.0:*
udp        0      0 0.0.0.0:514                 0.0.0.0:*
udp        0      0 10.92.35.31:514             0.0.0.0:*
udp        0      0 0.0.0.0:514                 0.0.0.0:*
udp        0      0 0.0.0.0:514                 0.0.0.0:*
udp        0      0 0.0.0.0:514                 0.0.0.0:*
0
 
LVL 68

Accepted Solution

by:
woolmilkporc earned 2000 total points
ID: 22900602
Seems that /dev/log is actually a SOCK_DGRAM socket!
Please try  'unix-dgram'!
 
 Despite my many years with AIX I didn't know (or remember) that!
 
 wmp
0
 

Author Comment

by:jdenver247
ID: 22902365
hello wmp,
I have changed it to unix-dgram..It worked..
0
 
LVL 68

Expert Comment

by:woolmilkporc
ID: 22902471
Great!
Have fun and success!
 
wmp
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

It’s 2016. Password authentication should be dead — or at least close to dying. But, unfortunately, it has not traversed Quagga stage yet. Using password authentication is like laundering hotel guest linens with a washboard — it’s Passé.
In part one, we reviewed the prerequisites required for installing SQL Server vNext. In this part we will explore how to install Microsoft's SQL Server on Ubuntu 16.04.
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…
Suggested Courses
Course of the Month13 days, 16 hours left to enroll

807 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question