LinkBack URL
About LinkBacks
[SOLVED] Upgrade 5.0.23 to 6.06 stomps on my syslog-ng RHEL5 64 bit
Upgraded two days ago from 5.0.23 to 6.06 on a Redhat 5 64 bit system.
I do not have syslog installed on my system, only syslog-ng is used and even with zimbra v5, I have always had to "fix" my syslog-ng after zimbra hoses it during each upgrade (logrotate, etc).
FYI I am not a syslog-ng expert (ok, I really dont know jack about syslog-ng), so I am looking for help with my syslog-ng.conf.
I browsed quite a bit of forum notes on this very subject as it seems to be a common problem, but I am not able to fix what the zimbra upgrade did based on how different everyone's syslog-ng.conf seems to be.
After the upgrade killed my syslog-ng functionality (would not even start), zimbra support offered a new syslog-ng.conf file for me that partially works.
The problem is, the new zimbra stats log function (zimbra-stats.log) is also being sent to my /var/log/messages file.
On top of that problem I notice that my incremental backup last night completed "sucessfully" after only 30 seconds of backup time. The previous night I did a full backup of 5.0.23 and a full of 6.0.6 after I installed it. I am not sure if these items are related or not, but having a lot of the logs messed up seems like a plausible scenario (or maybe I am just way too tired).
Anyways,
Here is my syslog-ng file that shows the zimbra related items at the end, and following that, my entire syslog-ng.conf file. All of the extra hashes are from previous edits that zimbra hosed when upgrading:
Zimbra relevant portion of syslog-ng.conf:
#Zimbra logger settings
#Original source line from zimbra upgrade
#source zimbra_src { unix-stream("/dev/log"; keep-alive(yes); max-connections(20); }; # zimbra
#Source line from Zimbra support:
#source zimbra_src { unix-stream("/dev/log" keep-alive(yes) max-connections(20)); }; # zimbra
filter zimbra_local0 { facility(local0); }; # zimbra
filter zimbra_local1 { facility(local1); }; # zimbra
filter zimbra_auth { facility(auth); }; # zimbra
filter zimbra_mail { facility(mail); }; # zimbra
#IMPORTANT! Ensure one and only one of the Destination sections below
#is active, and that it is the correct section for the server role!
#Destinations To Be Used on the syslog server:
destination zimbra_mail { file("/var/log/zimbra.log" owner("zimbra")); }; # zimbra
destination zimbra_local1 { file("/var/log/zimbra-stats.log" owner("zimbra")); }; # zimbra
destination zimbra_local0 { file("/var/log/zimbra.log" owner("zimbra")); }; # zimbra
destination zimbra_auth { file("/var/log/zimbra.log" owner("zimbra")); }; # zimbra
#Changed all sources from "source(zimbra_src);..." to "source(src);"..."
log { source(s_sys); filter(zimbra_mail); destination(zimbra_mail); }; # zimbra
log { source(s_sys); filter(zimbra_local0); destination(zimbra_local0); }; # zimbra
log { source(s_sys); filter(zimbra_local1); destination(zimbra_local1); }; # zimbra
log { source(s_sys); filter(zimbra_auth); destination(zimbra_auth); }; # zimbra
Complete syslog-ng.conf file:
#
options {
sync (0);
time_reopen (10);
log_fifo_size (1000);
long_hostnames (off);
use_dns (no);
use_fqdn (no);
create_dirs (no);
keep_hostname (yes);
stats (43200);
};
source s_sys {
file ("/proc/kmsg" log_prefix("kernel: "));
unix-stream ("/dev/log");
internal();
# udp(ip(0.0.0.0) port(514));
};
destination d_cons { file("/dev/console"); };
destination d_mesg { file("/var/log/messages"); };
destination d_auth { file("/var/log/secure"); };
destination d_spol { file("/var/log/spooler"); };
destination d_boot { file("/var/log/boot.log"); };
destination d_cron { file("/var/log/cron"); };
destination d_kern { file("/var/log/kern"); };
destination d_mlal { usertty("*"); };
filter f_filter1 { facility(kern); };
filter f_filter2 { level(info..emerg) and
not (facility(mail)
or facility(authpriv)
or facility(cron)); };
filter f_filter3 { facility(authpriv); };
filter f_filter4 { facility(mail); };
filter f_filter5 { level(emerg); };
filter f_filter6 { facility(uucp) or
(facility(news)
and level(crit..emerg)); };
filter f_filter7 { facility(local7); };
filter f_filter8 { facility(cron); };
#log { source(s_sys); filter(f_filter1); destination(d_cons); };
log { source(s_sys); filter(f_filter1); destination(d_kern); };
log { source(s_sys); filter(f_filter2); destination(d_mesg); };
log { source(s_sys); filter(f_filter3); destination(d_auth); };
#log { source(s_sys); filter(f_filter4); destination(d_mail); };
log { source(s_sys); filter(f_filter5); destination(d_mlal); };
log { source(s_sys); filter(f_filter6); destination(d_spol); };
log { source(s_sys); filter(f_filter7); destination(d_boot); };
log { source(s_sys); filter(f_filter8); destination(d_cron); };
################################################## ############
# Log Logic config
destination loglogic {
tcp("X.X.X.X" port(514)
template("<$PRI> $R_DATE X.X.X $MSG\n")
);
};
destination ksyslog02 {
udp("X.X.X.X" port(514)
template("<$PRI> $R_DATE X.X.X.X $MSG\n")
);
};
filter f_level_at_least_notice {
level(notice..emerg);
};
filter f_level_info {
level(info);
};
filter f_facility_auth_authpriv {
facility(auth) or facility(authpriv);
};
filter f_exclude_nagios_sudo {
not (
facility(authpriv) and
level(notice) and
match("sudo: nagios :")
);
};
# send *.notice and above to Log Logic
# exclude Nagios sudo messages since there are several every minute on some servers
log {
source(s_sys);
filter(f_level_at_least_notice);
filter(f_exclude_nagios_sudo);
destination(loglogic);
};
# send auth.info/authpriv.info messages to Log Logic as well
log {
source(s_sys);
filter(f_facility_auth_authpriv);
filter(f_level_info);
destination(loglogic);
};
#Zimbra logger settings
#Original source line from zimbra upgrade
#source zimbra_src { unix-stream("/dev/log"; keep-alive(yes); max-connections(20)
#Source line from Zimbra support:
#source zimbra_src { unix-stream("/dev/log" keep-alive(yes) max-connections(20)); }; # zimbra
filter zimbra_local0 { facility(local0); }; # zimbra
filter zimbra_local1 { facility(local1); }; # zimbra
filter zimbra_auth { facility(auth); }; # zimbra
filter zimbra_mail { facility(mail); }; # zimbra
#IMPORTANT! Ensure one and only one of the Destination sections below
#is active, and that it is the correct section for the server role!
#Destinations To Be Used on the syslog server:
destination zimbra_mail { file("/var/log/zimbra.log" owner("zimbra")); }; # zimbra
destination zimbra_local1 { file("/var/log/zimbra-stats.log" owner("zimbra")); }; # zimbra
destination zimbra_local0 { file("/var/log/zimbra.log" owner("zimbra")); }; # zimbra
destination zimbra_auth { file("/var/log/zimbra.log" owner("zimbra")); }; # zimbra
#Changed all sources from "source(zimbra_src);..." to "source(src);"..."
log { source(s_sys); filter(zimbra_mail); destination(zimbra_mail); }; # zimbra
log { source(s_sys); filter(zimbra_local0); destination(zimbra_local0); }; # zimbra
log { source(s_sys); filter(zimbra_local1); destination(zimbra_local1); }; # zimbra
log { source(s_sys); filter(zimbra_auth); destination(zimbra_auth); }; # zimbra
Regards,
-john
