syslog-ng-users June 2011 archive
Main Archive Page > Month Archives  > syslog-ng-users archives
syslog-ng-users: [syslog-ng] Having trouble with syslog-ng not c

[syslog-ng] Having trouble with syslog-ng not continuously pushing logs out a port

From: Mike Gracy <mike_at_nospam>
Date: Fri Jun 10 2011 - 19:20:14 GMT
To: syslog-ng@lists.balabit.hu

I am trying to use syslog-ng to monitor some files and push anything added
to the file out to a splunk instance. Everytime syslong-ng starts, there is
a burst of traffic, but nothing after that.
I've run it manually in debug mode to see if there is anything, but I don't
get any output. I'm thinking there is an issue with the config file, but I'm
not sure what the problem might be.
I took the stock config file (as it comes from Ubuntu 10.04.2: syslog-ng
2.0.9-4.2) and added several sources, filters and log directives all going
to one destination:
# Additional sources to monitor IW

destination d_remote { tcp("10.170.230.60" , port(4957)); };

source s_nginx_20 { file ("/iw-deploy/log/access-client-internal.log"
log-prefix("access-client-internal: ")); };
source s_nginx_21 { file ("/iw-deploy/log/access-client.log"
log-prefix("access-client: ")); };
source s_nginx_22 { file ("/iw-deploy/log/access-server.log"
log-prefix("access-client-server: ")); };
source s_nginx_23 { file ("/iw-deploy/log/celeryd.log" log-prefix("celeryd:
")); };
source s_nginx_24 { file ("/iw-deploy/log/error.log" log-prefix("error-log:
")); };
source s_nginx_25 { file ("/iw-deploy/log/installer.log"
log-prefix("installer: ")); };
source s_nginx_26 { file ("/iw-deploy/log/island_gen.log"
log-prefix("island_gen: ")); };
source s_nginx_27 { file ("/iw-deploy/log/persistence.log"
log-prefix("persistence: ")); };
source s_nginx_28 { file ("/iw-deploy/log/sec.log" log-prefix("sec: ")); };
source s_nginx_29 { file ("/iw-deploy/log/worship1.log"
log-prefix("worship1: ")); };
source s_nginx_30 { file ("/iw-deploy/log/worship2.log"
log-prefix("worship2: ")); };
source s_nginx_31 { file ("/iw-deploy/log/worship_ff1.log"
log-prefix("worship_ff1: ")); };
source s_nginx_32 { file ("/iw-deploy/log/worship_router.log"
log-prefix("worship_router: ")); };
source s_nginx_33 { file ("/iw-deploy/log/persistence.err"
log-prefix("persistence_err: ")); };

filter f_nginx_20 { match("access-client-internal: "); };
filter f_nginx_21 { match("access-client: "); };
filter f_nginx_22 { match("access-client-server: "); };
filter f_nginx_23 { match("celeryd: "); };
filter f_nginx_24 { match("error-log: "); };
filter f_nginx_25 { match("installer: "); };
filter f_nginx_26 { match("island_gen: "); };
filter f_nginx_27 { match("persistence: "); };
filter f_nginx_28 { match("sec: "); };
filter f_nginx_29 { match("worship1: "); };
filter f_nginx_30 { match("worship2: "); };
filter f_nginx_31 { match("worship_ff1: "); };
filter f_nginx_32 { match("worship_router: "); };
filter f_nginx_33 { match("persistence_err: "); };

log { source(s_nginx_20); filter(f_nginx_20); destination(d_remote);
flags(catchall); };
log { source(s_nginx_21); filter(f_nginx_21); destination(d_remote);
flags(catchall); };
log { source(s_nginx_22); filter(f_nginx_22); destination(d_remote);
flags(catchall); };
log { source(s_nginx_23); filter(f_nginx_23); destination(d_remote);
flags(catchall); };
log { source(s_nginx_24); filter(f_nginx_24); destination(d_remote);
flags(catchall); };
log { source(s_nginx_25); filter(f_nginx_25); destination(d_remote);
flags(catchall); };
log { source(s_nginx_26); filter(f_nginx_26); destination(d_remote);
flags(catchall); };
log { source(s_nginx_27); filter(f_nginx_27); destination(d_remote);
flags(catchall); };
log { source(s_nginx_28); filter(f_nginx_28); destination(d_remote);
flags(catchall); };
log { source(s_nginx_29); filter(f_nginx_29); destination(d_remote);
flags(catchall); };
log { source(s_nginx_30); filter(f_nginx_30); destination(d_remote);
flags(catchall); };
log { source(s_nginx_31); filter(f_nginx_31); destination(d_remote);
flags(catchall); };
log { source(s_nginx_32); filter(f_nginx_32); destination(d_remote);
flags(catchall); };
log { source(s_nginx_33); filter(f_nginx_33); destination(d_remote);
flags(catchall); };

######

______________________________________________________________________________
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
FAQ: http://www.balabit.com/wiki/syslog-ng-faq