# syslog Bad directive @version: at 0

## carpman

Having issues with syslog-ng since upgrade, it not writing to my log files and when i try and view it via webmin i get error

```

Bad directive @version: at 0

```

It starts and restarts ok with reporting errors from console?

cat /etc/syslog-ng/syslog-ng.conf

```

@version: 3.0                                 

# $Header: /var/cvsroot/gentoo-x86/app-admin/syslog-ng/files/syslog-ng.conf.gentoo.3.0,v 1.1 2009/05/25 20:07:21 mr_bones_ Exp $

#                                                                                                                               

# Syslog-ng default configuration file for Gentoo Linux                                                                         

options { 

        chain_hostnames(no); 

        # The default action of syslog-ng is to log a STATS line

        # to the file every 10 minutes.  That's pretty ugly after a while.

        # Change it to every 12 hours so you get a nice daily update of   

        # how many messages syslog-ng missed (0).                         

        stats_freq(43200);                                                

};                                                                        

source src {

    unix-stream("/dev/log" max-connections(256));

    internal();                                  

    file("/proc/kmsg");                          

};                                               

#destination messages { file("/var/log/messages"); };

# By default messages are logged to tty12...

destination console_all { file("/dev/tty12"); };

# ...if you intend to use /dev/console for programs like xconsole

# you can comment out the destination line above that references /dev/tty12

# and uncomment the line below.                                            

#destination console_all { file("/dev/console"); };                        

#log { source(src); destination(messages); };

#log { source(src); destination(console_all); };

#source where to read log

source src { unix-stream("/dev/log"); internal(); };

source kernsrc { file("/proc/kmsg"); };             

#define destinations

destination authlog { file("/var/log/auth.log"); };

#destination syslog { file("/var/log/syslog"); };  

destination cron { file("/var/log/cron.log"); };   

destination daemon { file("/var/log/daemon.log"); };

destination kern { file("/var/log/kern.log"); };    

destination lpr { file("/var/log/lpr.log"); };      

destination user { file("/var/log/user.log"); };    

destination mail { file("/var/log/mail.log"); };    

destination mailinfo { file("/var/log/mail.info"); };

destination mailwarn { file("/var/log/mail.warn"); };

destination mailerr { file("/var/log/mail.err"); };  

destination newscrit { file("/var/log/news/news.crit"); };

destination newserr { file("/var/log/news/news.err"); };  

destination newsnotice { file("/var/log/news/news.notice"); };

destination debug { file("/var/log/debug"); };

destination messages { file("/var/log/messages"); };

destination console { usertty("root"); };           

destination console_all { file("/dev/tty12"); };    

destination xconsole { pipe("/dev/xconsole"); };    

destination d_shorewall{ file ("/var/log/shorewall/shorewall.log"); }; 

#create filters

filter f_authpriv { facility(auth, authpriv); };

filter f_syslog { not facility(authpriv, mail); };

filter f_cron { facility(cron); };                

filter f_daemon { facility(daemon); };            

filter f_kern { facility(kern); };                

filter f_lpr { facility(lpr); };                  

filter f_mail { facility(mail); };                

filter f_user { facility(user); };                

filter f_debug { not facility(auth, authpriv, news, mail); };

filter f_messages { level(info..warn)                        

        and not facility(auth, authpriv, mail, news); };     

filter f_emergency { level(emerg); };                        

filter f_shorewall { match ("Shorewall"); };                 

filter f_not_shorewall { not match ("Shorewall"); };         

filter f_info { level(info); };

filter f_notice { level(notice); };

filter f_warn { level(warn); };

filter f_crit { level(crit); };

filter f_err { level(err); };

filter f_failed { match("failed"); };

filter f_denied { match("denied"); };

#connect filter and destination

log { source(src); filter(f_authpriv); destination(authlog); };

#log { source(src); filter(f_syslog); destination(syslog); };

log { source(src); filter(f_cron); destination(cron); };

log { source(src); filter(f_daemon); destination(daemon); };

log { source(kernsrc); filter(f_kern); destination(kern); };

log { source(src); filter(f_lpr); destination(lpr); };

log { source(src); filter(f_mail); destination(mail); };

log { source(src); filter(f_user); destination(user); };

log { source(src); filter(f_mail); filter(f_info); destination(mailinfo); };

log { source(src); filter(f_mail); filter(f_warn); destination(mailwarn); };

log { source(src); filter(f_mail); filter(f_err); destination(mailerr); };

log { source(src); filter(f_debug); destination(debug); };

log { source(src); filter(f_messages); destination(messages); };

log { source(src); filter(f_emergency); destination(console); };

log { source(src); filter (f_shorewall); destination (d_shorewall); };

#default log

log { source(src); destination(console_all); };

options { long_hostnames(off); sync(0); stats(0); };

destination d_bandwidth {

  file("/var/log/bandwidth");

  };

filter f_bandwidth {

  facility(kern) and priority(debug);

  };

log {

  source(src);

  filter(f_bandwidth);

  destination(d_bandwidth);

  };

destination RKHunter {

  file("/var/log/rkhunter.log");

  };

#destination syslog {

#  file("/var/log/syslog");

#  };

destination Procmail {

  file("/var/log/procmail.log");

  };

destination DenyHosts {

  file("/var/log/denyhosts");

  };

#!spamd

#           daemon.err;daemon.warn;daemon.info      /var/log/spamd

```

cheers

----------

## MotivatedTea

It seems to be complaining about the "@version: 3.0" at the top of the .conf file. However, I have that at the top of my file and it works fine. Did you maybe downgrade from syslog-ng 3.x to 2.x recently? What does "equery list -i syslog-ng" say?

----------

## carpman

 *MotivatedTea wrote:*   

> It seems to be complaining about the "@version: 3.0" at the top of the .conf file. However, I have that at the top of my file and it works fine. Did you maybe downgrade from syslog-ng 3.x to 2.x recently? What does "equery list -i syslog-ng" say?

 

Thanks for reply, nope no downgrade and here is output:

```

equery list -i syslog-ng

[ Searching for package 'syslog-ng' in all categories among: ]

 * installed packages

[I--] [  ] app-admin/syslog-ng-3.0.4 (0)

```

cheers

----------

## MotivatedTea

Hmm... I have the same version installed as you do. I've been trying to duplicate the error. I haven't gotten the same error, but I have noticed that it is very, very picky about the first line of the file. It seems like the very first 14 characters of the must be exactly "@version: 3.0" (without the quotes) followed by a newline character. One space (not a tab) before the "3", no blank lines at the top of the file, and no extra spaces at the end of the line. If I do anything else with that first line, I get errors. Also check that the file is using UNIX line endings. Try double-checking all of those things and see if it helps? 

Alternatively, back up your file and copy a fresh template from "/usr/share/doc/syslog-ng-3.0.4". I've found sometimes I manage to get a nonprintable character stuck in text files by hitting strange keys -- characters that some editors won't display, but will keep in the file. Starting fresh sometimes helps. You'll probably want to copy and decompress "syslog-ng.conf.gentoo.lzma". (You may be using something other than lzma for PORTAGE_COMPRESS in make.conf.) If that works without errors, edit your changes back into it carefully.

----------

## carpman

Thanks for reply, i have replaced mine with one from 

/usr/share/doc/syslog-ng-3.0.4/syslog-ng.conf.gentoo.3.0.bz2

but still the same error?

----------

## MotivatedTea

In that case, I really don't know what to suggest. I suppose you could try re-emerging it... although that probably won't make a difference. (At least, it's not supposed to.)

I just re-read your initial post and noticed you talk about webmin. I missed that the first time; I don't use webmin. Does syslog-ng at least work on its own? Is it possible that webmin doesn't support this version of syslog-ng?

----------

## wilma_dammi_la_clava

a simple solution comment the 0 line with # and webmin modules work fine.

it's a kludge solution....

----------

