On Sun, Apr 13, 2025 at 10:51 PM Timothy M Butterworth <
timothy.m.butterwo...@gmail.com> wrote:
>
>
> On Sun, Apr 13, 2025 at 10:31 PM Timothy M Butterworth <
> timothy.m.butterwo...@gmail.com> wrote:
>
>> All,
>>
>> I modified /etc/syslog-ng/syslog-ng.conf to the following:
>>
>> ########################
>> # Sources
>> ########################
>> # Add the following line
>> source s_net { tcp(ip(0.0.0.0) port(514) max-connections (5000)); udp();
>> };
>>
>> ########################
>> # Destinations
>> ########################
>> # comment out the following line - if two d_syslog entries are present
>> syslog-ng will fail to start.
>> # destination d_syslog { file("/var/log/syslog"); };
>>
>> # Add the following line
>> # Remote syslog collection
>> destination d_syslog { file("/var/log/remotelogs/$HOST/syslog"); };
>>
>> # Create RemoteLogs Directory
>>
>> mkdir /var/log/remotelogs
>>
>> ls -la /var/log/
>> drwxr-xr-x 2 root root 4096 Apr 12 17:32
>> remotelogs
>>
>> I have multiple Cisco switches configured to log to the Syslog-NG Server
>> but I am not getting any logs. Any ideas?
>>
>>
> I ran a netstat -l -n and there is no socket bound to port 514.
>
> I was missing
# Add a log statement log {source(s_net); destination(d_syslog);};
I added it and restarted the service daemon and it works now.
> Thanks
>>
>> Tim
>>
>> --
>> ⢀⣴⠾⠻⢶⣦⠀
>> ⣾⠁⢠⠒⠀⣿⡁ Debian - The universal operating system
>> ⢿⡄⠘⠷⠚⠋⠀ https://www.debian.org/
>> ⠈⠳⣄⠀⠀
>>
>
>
> --
> ⢀⣴⠾⠻⢶⣦⠀
> ⣾⠁⢠⠒⠀⣿⡁ Debian - The universal operating system
> ⢿⡄⠘⠷⠚⠋⠀ https://www.debian.org/
> ⠈⠳⣄⠀⠀
>
--
⢀⣴⠾⠻⢶⣦⠀
⣾⠁⢠⠒⠀⣿⡁ Debian - The universal operating system
⢿⡄⠘⠷⠚⠋⠀ https://www.debian.org/
⠈⠳⣄⠀⠀
