Subject: Error accepting AF_UNIX connection, opened connections: 100, max: 100 - msg#00064

Previous Message by Date: click to view message preview

Re: AIX Syslog-ng 2.0rc3 does not reconnect after timout

OK, where do I go from here. The reconnect feature is mandatory to get TCP/IP syslog functioning in a useful manner. Evan. Evan Rempel wrote: Running Syslog-ng 2.0rc3 compiled on AIX 5.2 with xlc TCP connection to syslong-ng 1.6.9 on Linux. AIX config has options { sync(0); log_fifo_size(10000); use_fqdn(yes); keep_hostname(no); chain_hostnames(no); time_reap(60); time_reopen(5); }; When I hup the receiving syslong-ng, the TCP connection is dropped. The AIX syslog-ng 2.0rc3 does NOT reconnect after 5 seconds. sending a SIGHUP to the sylog-ng process causes it to reconnect, but the queued messages do not get sent. I am not sure if syslog-ng was unaware of the failed connection, resulting in it not queueing the messages, or if syslong-ng dropped its queued messages when it recieved a SIGHUP. local files continue to get the messages and remote udp continue to get the messages, but they don't get delivered to the tcp destination. Evan. _______________________________________________ syslog-ng maillist - syslog-ng@xxxxxxxxxxxxxxxx https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html -- Evan Rempel erempel@xxxxxxx Senior Programmer Analyst 250.721.7691 Computing Services University of Victoria _______________________________________________ syslog-ng maillist - syslog-ng@xxxxxxxxxxxxxxxx https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html

Next Message by Date: click to view message preview

Destination regex question

My question is about using regex and breaking up the parts of a string to use in the destination.  Here's the situation.  We have all of our firewalls logging into one box that is running syslog-ng.  We want to break them up into a directory structures such as: /logs/location1/firewall/host1//logs/location2/firewall/host1//logs/location2/firewall/host2/ Now the hostname contains all the information needed to do this.  For example, a host name might be:firewallname.firewall.location1anothername.firewall.location2Up to this point, for each location I've had to do the following in syslog to map to the correct directory: destination location1_firewall { file("/logs/location1/firewall/$HOST/$R_YEAR-$R_MONTH-$R_DAY.log"); };filter location1_firewall { host(.firewall.location1$); };log { source(external); filter(location1_firewall); destination(location1_firewall); }; This works completely fine.  The only issue is that we have over 80 different locations, so this would need to have these three lines modified and added for each location.  We're also adding more over time, so each time another location is set up, we need to go through the configuration and update.  I was hoping  there woud be a way to just combine them all together.  Something like: destination firewall {     host(.firewall.(.+)$);     file("/logs/$1/firewall/$HOST/$R_YEAR-$R_MONTH-$R_DAY.log"); };filter firewall { host(.firewall.); };log { source(external); filter(firewall); destination(firewall); }; I know the regex syntax might be different, but was curious if this kind of situation is possible. _______________________________________________ syslog-ng maillist - syslog-ng@xxxxxxxxxxxxxxxx https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html

Previous Message by Thread: click to view message preview

building 2.0 on freebsd

I'm attempting to install 2.0 daily snapshot from 12 october onto a freebsd 6.1 system. From the FAQ I see that it needs to have glib installed, which was easy. However, the configure is not able to find the eventlib library. I cannot find what provides this library. My searches all keep pointing to something which is part of bind, which seems not right to me. What do I need to install to get eventlib on this system? smime.p7s Description: S/MIME cryptographic signature _______________________________________________ syslog-ng maillist - syslog-ng@xxxxxxxxxxxxxxxx https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html

Next Message by Thread: click to view message preview

Re: Error accepting AF_UNIX connection, opened connections: 100, max: 100

On Wed, 2006-10-18 at 13:43 +0100, Hari Sekhon wrote: > I'm getting the following on a host that is sending logs to a remote > central logserver: > > syslog-ng[2390]: Error accepting AF_UNIX connection, opened connections: > 100, max: 100 > > Why is this happening? It isn't accepting logs, it's only sending them. > And I also increased the remote logserver's max to 100 with the > following line > > source s_tcp { tcp( port(<someport>) max-connections(1000)); }; > > For a start, I don't have 100 hosts logging to the remote logserver. > Second, this host isn't the logserver so it shouldn't have this in it's > /var/log/messages!!!! > syslog-ng clearly states that it is AF_UNIX connection, thus it is /dev/log that it complains about. You probably have more than 100 processes writing /dev/log. -- Bazsi _______________________________________________ syslog-ng maillist - syslog-ng@xxxxxxxxxxxxxxxx https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html