Re: Syslog-NG Centralized Log Collector

Mon, 14 Apr 2025 01:05:59 -0700 

On Sun, Apr 13, 2025 at 11:59 PM Timothy M Butterworth <
timothy.m.butterwo...@gmail.com> wrote:

>
>
> On Sun, Apr 13, 2025 at 11:00 PM Timothy M Butterworth <
> timothy.m.butterwo...@gmail.com> wrote:
>
>>
>>
>> On Sun, Apr 13, 2025 at 10:51 PM Timothy M Butterworth <
>> timothy.m.butterwo...@gmail.com> wrote:
>>
>>>
>>>
>>> On Sun, Apr 13, 2025 at 10:31 PM Timothy M Butterworth <
>>> timothy.m.butterwo...@gmail.com> wrote:
>>>
>>>> All,
>>>>
>>>> I modified /etc/syslog-ng/syslog-ng.conf to the following:
>>>>
>>>> ########################
>>>> # Sources
>>>> ########################
>>>> # Add the following line
>>>> source s_net { tcp(ip(0.0.0.0) port(514) max-connections (5000));
>>>> udp(); };
>>>>
>>>> ########################
>>>> # Destinations
>>>> ########################
>>>> # comment out the following line - if  two d_syslog entries are present
>>>> syslog-ng will fail to start.
>>>> # destination d_syslog { file("/var/log/syslog"); };
>>>>
>>>> # Add the following line
>>>> # Remote syslog collection
>>>> destination d_syslog { file("/var/log/remotelogs/$HOST/syslog"); };
>>>>
>>>> # Create RemoteLogs Directory
>>>>
>>>> mkdir /var/log/remotelogs
>>>>
>>>> ls -la /var/log/
>>>> drwxr-xr-x   2 root        root                  4096 Apr 12 17:32
>>>> remotelogs
>>>>
>>>> I have multiple Cisco switches configured to log to the Syslog-NG
>>>> Server but I am not getting any logs. Any ideas?
>>>>
>>>>
>>> I ran a netstat -l -n and there is no socket bound to port 514.
>>>
>>> I was missing
>>
>> # Add a log statement log {source(s_net); destination(d_syslog);};
>>
>> I added it and restarted the service daemon and it works now.
>>
>
> I spoke too soon. The socket is bound to both TCP and UDP on port 514 and
> is listening. I am still not having any log messages written to disk though.
>

I added the following filter statement:
filter myfilter { ( level(notice) ); };

and modified the log statement.
log {source(s_net); filter(myfilter); destination(d_syslog);};


>
>
>>
>>> Thanks
>>>>
>>>> Tim
>>>>
>>>> --
>>>> ⢀⣴⠾⠻⢶⣦⠀
>>>> ⣾⠁⢠⠒⠀⣿⡁ Debian - The universal operating system
>>>> ⢿⡄⠘⠷⠚⠋⠀ https://www.debian.org/
>>>> ⠈⠳⣄⠀⠀
>>>>
>>>
>>>
>>> --
>>> ⢀⣴⠾⠻⢶⣦⠀
>>> ⣾⠁⢠⠒⠀⣿⡁ Debian - The universal operating system
>>> ⢿⡄⠘⠷⠚⠋⠀ https://www.debian.org/
>>> ⠈⠳⣄⠀⠀
>>>
>>
>>
>> --
>> ⢀⣴⠾⠻⢶⣦⠀
>> ⣾⠁⢠⠒⠀⣿⡁ Debian - The universal operating system
>> ⢿⡄⠘⠷⠚⠋⠀ https://www.debian.org/
>> ⠈⠳⣄⠀⠀
>>
>
>
> --
> ⢀⣴⠾⠻⢶⣦⠀
> ⣾⠁⢠⠒⠀⣿⡁ Debian - The universal operating system
> ⢿⡄⠘⠷⠚⠋⠀ https://www.debian.org/
> ⠈⠳⣄⠀⠀
>


-- 
⢀⣴⠾⠻⢶⣦⠀
⣾⠁⢠⠒⠀⣿⡁ Debian - The universal operating system
⢿⡄⠘⠷⠚⠋⠀ https://www.debian.org/
⠈⠳⣄⠀⠀

Reply via email to