Re: Syslog-NG Centralized Log Collector

Timothy M Butterworth Sun, 13 Apr 2025 22:19:34 -0700

On Sun, Apr 13, 2025 at 10:31 PM Timothy M Butterworth <
timothy.m.butterwo...@gmail.com> wrote:


> All,
>
> I modified /etc/syslog-ng/syslog-ng.conf to the following:
>
> ########################
> # Sources
> ########################
> # Add the following line
> source s_net { tcp(ip(0.0.0.0) port(514) max-connections (5000)); udp(); };
>
> ########################
> # Destinations
> ########################
> # comment out the following line - if  two d_syslog entries are present
> syslog-ng will fail to start.
> # destination d_syslog { file("/var/log/syslog"); };
>
> # Add the following line
> # Remote syslog collection
> destination d_syslog { file("/var/log/remotelogs/$HOST/syslog"); };
>
> # Create RemoteLogs Directory
>
> mkdir /var/log/remotelogs
>
> ls -la /var/log/
> drwxr-xr-x   2 root        root                  4096 Apr 12 17:32
> remotelogs
>
> I have multiple Cisco switches configured to log to the Syslog-NG Server
> but I am not getting any logs. Any ideas?
>
>
I ran a netstat -l -n and there is no socket bound to port 514.


Thanks
>
> Tim
>
> --
> ⢀⣴⠾⠻⢶⣦⠀
> ⣾⠁⢠⠒⠀⣿⡁ Debian - The universal operating system
> ⢿⡄⠘⠷⠚⠋⠀ https://www.debian.org/
> ⠈⠳⣄⠀⠀
>


-- 
⢀⣴⠾⠻⢶⣦⠀
⣾⠁⢠⠒⠀⣿⡁ Debian - The universal operating system
⢿⡄⠘⠷⠚⠋⠀ https://www.debian.org/
⠈⠳⣄⠀⠀

Re: Syslog-NG Centralized Log Collector

Reply via email to