[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: how to configure syslog-ng to push log to log server
From: |
Gentoo |
Subject: |
Re: how to configure syslog-ng to push log to log server |
Date: |
Mon, 4 Jul 2005 18:20:55 +0800 |
after logging to local box, I found there is no duplicate entries.
so I doubt this caused by filter program (cfservd)
so would someone please explain filter progarm to me more detail?
thanks very much.
On 7/4/05, Tim Nelson <architect@webalive.biz> wrote:
> On Sun, 3 Jul 2005, Gentoo wrote:
>
> > Hi all
> > I want to configure syslog-ng on one of my cfengine client to collect
> > all cfengine log from all boxes.
> >
> > now I almost succeed, but have a problem.
> > entry in syslog-ng will duplicate! would someone take a look at it, please?
> > thanks for your time.
> >
> > Jul 3 05:22:29 sles9 cfservd[11975]: Unable to lookup hostname
> > (tux.**.**.com) or cfengine service: Name or service not known
> > Jul 3 05:22:29 geometry cfservd[11975]: Unable to lookup hostname
> > (tux.*.*.com) or cfengine service: Name or service not known
> >
> > and here is my syslog-ng.conf about cfengine --on syslog-ng loghost
> > destination cfengine { file("/var/log/cfengine.log"); };
> > filter f_cfengine { program("cfservd"); };
> > filter f_messages { not facility( mail, cron) and not filter
> > (f_cfengine); };
> > log { source(src); filter(f_cfengine); destination(cfengine); };
> >
> >
> > syslog-ng.conf about cfengine --on cfengine server
> >
> > filter f_cfengine { program("cfservd"); };
> > filter f_messages { not facility(news, mail, cron) and not filter
> > (f_cfengine); };
> >
> > destination d_loghost { udp("server IP"); };
> > log { source(src); filter(f_cfengine); destination(d_loghost); };
>
> The thing to do is to try to figure out whether the problem is
> being caused by cfengine or syslog-ng.
>
> First, try logging some other command in exactly the same way.
> Probably the best way to do this would be to add something else to the
> "program" bit in f_cfengine (but I don't use syslog-ng, so I'm just
> guessing). If you are also getting duplicates for these, then you should
> contact the syslog-ng mailing list, as they will be the people best able
> to help you.
>
> If there are no duplicates there, try logging cfengine locally
> (but still via syslog-ng) and see if it still produces duplicates. Let us
> know the results of this, and we'll see if we can help.
>
> :)
>
> --
> Kind Regards,
>
> Tim Nelson
> Server Administrator
>
> P: 03 9934 0888
> F: 03 9934 0899
> E: tim.nelson@webalive.biz
> W: www.webalive.biz
>
> WebAlive Technologies
> Level 1, Innovation Building
> Digital Harbour
> 1010 La Trobe Street
> Docklands Melbourne VIC 3008
>
> This email (including all attachments) is intended solely for the named
> addressee. It is confidential and may contain legally privileged information.
> If
> you receive it in error, please let us know by reply email, delete it from
> your system and destroy any copies. This email is also subject to copyright.
> No
> part of it should be reproduced, adapted or transmitted without the written
> consent of the copyright owner.
>
> Emails may be interfered with, may contain computer viruses or other defects
> and may not be successfully replicated on other systems. We give no
> warranties in relation to these matters. If you have any doubts about the
> authenticity of an email purportedly sent by us, please contact us
> immediately.
>
>
--
Life is hard