Results 1 to 3 of 3

Thread: [SOLVED] Upgrade 5.0.23 to 6.06 stomps on my syslog-ng RHEL5 64 bit

  1. #1
    eightball is offline New Member
    Join Date
    Apr 2010
    Location
    Washington DC
    Posts
    4
    Rep Power
    5

    Default [SOLVED] Upgrade 5.0.23 to 6.06 stomps on my syslog-ng RHEL5 64 bit

    Upgraded two days ago from 5.0.23 to 6.06 on a Redhat 5 64 bit system.

    I do not have syslog installed on my system, only syslog-ng is used and even with zimbra v5, I have always had to "fix" my syslog-ng after zimbra hoses it during each upgrade (logrotate, etc).

    FYI I am not a syslog-ng expert (ok, I really dont know jack about syslog-ng), so I am looking for help with my syslog-ng.conf.

    I browsed quite a bit of forum notes on this very subject as it seems to be a common problem, but I am not able to fix what the zimbra upgrade did based on how different everyone's syslog-ng.conf seems to be.

    After the upgrade killed my syslog-ng functionality (would not even start), zimbra support offered a new syslog-ng.conf file for me that partially works.

    The problem is, the new zimbra stats log function (zimbra-stats.log) is also being sent to my /var/log/messages file.

    On top of that problem I notice that my incremental backup last night completed "sucessfully" after only 30 seconds of backup time. The previous night I did a full backup of 5.0.23 and a full of 6.0.6 after I installed it. I am not sure if these items are related or not, but having a lot of the logs messed up seems like a plausible scenario (or maybe I am just way too tired).

    Anyways,

    Here is my syslog-ng file that shows the zimbra related items at the end, and following that, my entire syslog-ng.conf file. All of the extra hashes are from previous edits that zimbra hosed when upgrading:


    Zimbra relevant portion of syslog-ng.conf:

    #Zimbra logger settings

    #Original source line from zimbra upgrade
    #source zimbra_src { unix-stream("/dev/log"; keep-alive(yes); max-connections(20); }; # zimbra

    #Source line from Zimbra support:
    #source zimbra_src { unix-stream("/dev/log" keep-alive(yes) max-connections(20)); }; # zimbra

    filter zimbra_local0 { facility(local0); }; # zimbra
    filter zimbra_local1 { facility(local1); }; # zimbra
    filter zimbra_auth { facility(auth); }; # zimbra
    filter zimbra_mail { facility(mail); }; # zimbra

    #IMPORTANT! Ensure one and only one of the Destination sections below
    #is active, and that it is the correct section for the server role!

    #Destinations To Be Used on the syslog server:
    destination zimbra_mail { file("/var/log/zimbra.log" owner("zimbra")); }; # zimbra
    destination zimbra_local1 { file("/var/log/zimbra-stats.log" owner("zimbra")); }; # zimbra
    destination zimbra_local0 { file("/var/log/zimbra.log" owner("zimbra")); }; # zimbra
    destination zimbra_auth { file("/var/log/zimbra.log" owner("zimbra")); }; # zimbra

    #Changed all sources from "source(zimbra_src);..." to "source(src);"..."
    log { source(s_sys); filter(zimbra_mail); destination(zimbra_mail); }; # zimbra
    log { source(s_sys); filter(zimbra_local0); destination(zimbra_local0); }; # zimbra
    log { source(s_sys); filter(zimbra_local1); destination(zimbra_local1); }; # zimbra
    log { source(s_sys); filter(zimbra_auth); destination(zimbra_auth); }; # zimbra



    Complete syslog-ng.conf file:

    #

    options {
    sync (0);
    time_reopen (10);
    log_fifo_size (1000);
    long_hostnames (off);
    use_dns (no);
    use_fqdn (no);
    create_dirs (no);
    keep_hostname (yes);
    stats (43200);
    };

    source s_sys {
    file ("/proc/kmsg" log_prefix("kernel: "));
    unix-stream ("/dev/log");
    internal();
    # udp(ip(0.0.0.0) port(514));
    };

    destination d_cons { file("/dev/console"); };
    destination d_mesg { file("/var/log/messages"); };
    destination d_auth { file("/var/log/secure"); };
    destination d_spol { file("/var/log/spooler"); };
    destination d_boot { file("/var/log/boot.log"); };
    destination d_cron { file("/var/log/cron"); };
    destination d_kern { file("/var/log/kern"); };
    destination d_mlal { usertty("*"); };

    filter f_filter1 { facility(kern); };
    filter f_filter2 { level(info..emerg) and
    not (facility(mail)
    or facility(authpriv)
    or facility(cron)); };
    filter f_filter3 { facility(authpriv); };
    filter f_filter4 { facility(mail); };
    filter f_filter5 { level(emerg); };
    filter f_filter6 { facility(uucp) or
    (facility(news)
    and level(crit..emerg)); };
    filter f_filter7 { facility(local7); };
    filter f_filter8 { facility(cron); };

    #log { source(s_sys); filter(f_filter1); destination(d_cons); };
    log { source(s_sys); filter(f_filter1); destination(d_kern); };
    log { source(s_sys); filter(f_filter2); destination(d_mesg); };
    log { source(s_sys); filter(f_filter3); destination(d_auth); };
    #log { source(s_sys); filter(f_filter4); destination(d_mail); };
    log { source(s_sys); filter(f_filter5); destination(d_mlal); };
    log { source(s_sys); filter(f_filter6); destination(d_spol); };
    log { source(s_sys); filter(f_filter7); destination(d_boot); };
    log { source(s_sys); filter(f_filter8); destination(d_cron); };

    ################################################## ############
    # Log Logic config

    destination loglogic {
    tcp("X.X.X.X" port(514)
    template("<$PRI> $R_DATE X.X.X $MSG\n")
    );
    };
    destination ksyslog02 {
    udp("X.X.X.X" port(514)
    template("<$PRI> $R_DATE X.X.X.X $MSG\n")
    );
    };

    filter f_level_at_least_notice {
    level(notice..emerg);
    };
    filter f_level_info {
    level(info);
    };
    filter f_facility_auth_authpriv {
    facility(auth) or facility(authpriv);
    };
    filter f_exclude_nagios_sudo {
    not (
    facility(authpriv) and
    level(notice) and
    match("sudo: nagios :")
    );
    };

    # send *.notice and above to Log Logic
    # exclude Nagios sudo messages since there are several every minute on some servers
    log {
    source(s_sys);
    filter(f_level_at_least_notice);
    filter(f_exclude_nagios_sudo);
    destination(loglogic);

    };

    # send auth.info/authpriv.info messages to Log Logic as well
    log {
    source(s_sys);
    filter(f_facility_auth_authpriv);
    filter(f_level_info);
    destination(loglogic);

    };
    #Zimbra logger settings

    #Original source line from zimbra upgrade
    #source zimbra_src { unix-stream("/dev/log"; keep-alive(yes); max-connections(20); }; # zimbra

    #Source line from Zimbra support:
    #source zimbra_src { unix-stream("/dev/log" keep-alive(yes) max-connections(20)); }; # zimbra

    filter zimbra_local0 { facility(local0); }; # zimbra
    filter zimbra_local1 { facility(local1); }; # zimbra
    filter zimbra_auth { facility(auth); }; # zimbra
    filter zimbra_mail { facility(mail); }; # zimbra

    #IMPORTANT! Ensure one and only one of the Destination sections below
    #is active, and that it is the correct section for the server role!

    #Destinations To Be Used on the syslog server:
    destination zimbra_mail { file("/var/log/zimbra.log" owner("zimbra")); }; # zimbra
    destination zimbra_local1 { file("/var/log/zimbra-stats.log" owner("zimbra")); }; # zimbra
    destination zimbra_local0 { file("/var/log/zimbra.log" owner("zimbra")); }; # zimbra
    destination zimbra_auth { file("/var/log/zimbra.log" owner("zimbra")); }; # zimbra

    #Changed all sources from "source(zimbra_src);..." to "source(src);"..."
    log { source(s_sys); filter(zimbra_mail); destination(zimbra_mail); }; # zimbra
    log { source(s_sys); filter(zimbra_local0); destination(zimbra_local0); }; # zimbra
    log { source(s_sys); filter(zimbra_local1); destination(zimbra_local1); }; # zimbra
    log { source(s_sys); filter(zimbra_auth); destination(zimbra_auth); }; # zimbra

    Regards,

    -john

  2. #2
    LMStone's Avatar
    LMStone is offline Moderator
    Join Date
    Sep 2006
    Location
    477 Congress Street | Portland, ME 04101
    Posts
    1,373
    Rep Power
    10

    Default

    There are several bugzilla items related to syslog-ng, but to stop zimbra's syslogging from populating your normal system logs please try the following:

    Bug 43541 – rsyslog: exclude local1 and local0 from logging to /var/log/messages

    Hope that helps,
    Mark

  3. #3
    eightball is offline New Member
    Join Date
    Apr 2010
    Location
    Washington DC
    Posts
    4
    Rep Power
    5

    Default Issue Resolved

    Issue has been resolved with a new syslog-ng config. Thanks to Zimbra support for parsing through my config file.

    Relevant portions changed:

    To filter out all the stats messages from /var/log/messages:

    filter f_filter2 { level(info..emerg) and not facility(mail, local1, local0, authpriv, cron); };


    And the zimbra part:
    #Zimbra logger settings


    #Source line from Zimbra support:
    #source zimbra_src { unix-stream("/dev/log" keep-alive(yes) max-connections(20)); }; # zimbra

    filter zimbra_local0 { facility(local0); }; # zimbra
    filter zimbra_local1 { facility(local1); }; # zimbra
    filter zimbra_auth { facility(auth); }; # zimbra
    filter zimbra_mail { facility(mail); }; # zimbra

    #IMPORTANT! Ensure one and only one of the Destination sections below
    #is active, and that it is the correct section for the server role!

    #Destinations To Be Used on the syslog server:
    destination zimbra_mail { file("/var/log/zimbra.log" owner("zimbra")); }; # zimbra
    destination zimbra_local1 { file("/var/log/zimbra-stats.log" owner("zimbra")); }; # zimbra
    destination zimbra_local0 { file("/var/log/zimbra.log" owner("zimbra")); }; # zimbra
    destination zimbra_auth { file("/var/log/zimbra.log" owner("zimbra")); }; # zimbra

    #Changed all sources from "source(zimbra_src);..." to "source(src);"..."
    log { source(s_sys); filter(zimbra_mail); destination(zimbra_mail); }; # zimbra
    log { source(s_sys); filter(zimbra_local0); destination(zimbra_local0); }; # zimbra
    log { source(s_sys); filter(zimbra_local1); destination(zimbra_local1); }; # zimbra
    log { source(s_sys); filter(zimbra_auth); destination(zimbra_auth); }; # zimbra

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. 32 bit Server - 64 bit Server Upgrade Plan
    By 3RiversTechAdmin in forum Administrators
    Replies: 3
    Last Post: 10-14-2009, 09:46 AM
  2. Replies: 2
    Last Post: 02-11-2009, 09:13 AM
  3. Replies: 4
    Last Post: 08-24-2008, 05:45 AM
  4. [SOLVED] upgrade zimbra 5.0.2 32 bit to 64 bit
    By jwilson in forum Installation
    Replies: 1
    Last Post: 03-11-2008, 12:15 PM
  5. Upgrade from 4.0.2_GA_362.RHEL4 to 5.0 RHEL5
    By mluxton in forum Installation
    Replies: 1
    Last Post: 01-06-2008, 08:58 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •