Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [syslog-ng]

The syslog-ng application is a flexible and highly scalable system logging application that is ideal for creating centralized and trusted logging solutions.

The syslog-ng application is a flexible and highly scalable system logging application that is ideal for creating centralized and trusted logging solutions. The main features of syslog-ng are summarized below.

  • Reliable log transfer: The syslog-ng application enables you to send the log messages of your hosts to remote servers using the latest protocol standards. The logs of different servers can be collected and stored centrally on dedicated log servers. Transferring log messages using the TCP protocol ensures that no messages are lost.
  • Secure logging using TLS: Log messages may contain sensitive information that should not be accessed by third parties. Therefore, syslog-ng supports the Transport Layer Security (TLS) protocol to encrypt the communication. TLS also allows the mutual authentication of the host and the server using X.509 certificates.
  • Direct database access: Storing your log messages in a database allows you to easily search and query the messages and interoperate with log analyzing applications. The syslog-ng application supports the following databases: MSSQL, MySQL, Oracle, PostgreSQL, and SQLite.
  • Heterogeneous environments: The syslog-ng application is the ideal choice to collect logs in massively heterogeneous environments using several different operating systems and hardware platforms, including Linux, Unix, BSD, Sun Solaris, HP-UX, Tru64, and AIX.
  • Filter and classify: The syslog-ng application can sort the incoming log messages based on their content and various parameters like the source host, application, and priority. Directories, files, and database tables can be created dynamically using macros. Complex filtering using regular expressions and boolean operators offers almost unlimited flexibility to forward only the important log messages to the selected destinations.
  • Parse and rewrite: The syslog-ng application can segment log messages to named fields or columns, and also modify the values of these fields.
  • IPv4 and IPv6 support: The syslog-ng application can operate in both IPv4 and IPv6 network environments; it can receive and send messages to both types of networks.
195 questions
0
votes
1 answer

Configure rsyslog client to send different log filename to a syslog-ng server

I have multiple servers with rsyslog configured to write logs to a remote syslog-ng server configured like this: # Log anything of level info or higher. # Don't log private authentication messages! *.info;authpriv.none …
xergiopd
  • 111
  • 4
0
votes
1 answer

cygwin64 on Windows server, syslog data prints out all in one line

I am trying to automatically format syslog data from cygwin64 to print out with line breaks at the end of each line, so I can do some parsing later on. However, I don't see any configs that could yield a solution. How can I properly format the…
M. Barbieri
  • 113
  • 1
  • 1
  • 6
0
votes
1 answer

syslog-ng logs storing with hostname year date

I have syslog-ng on Ubuntu 12.4 to store mikrotik router logs. At a moment its working fine and log gets stored in a file i set. Howto add store logs in a file/folder according to source IP so that each log file name may contain month year as well…
Syed Jahanzaib
  • 169
  • 2
  • 11
0
votes
1 answer

Reading syslog-ng logs being sent to a remote server

I have a Docker container which is sending syslog logs to logentries.com. This is working fine, but for times when logentries is down or delayed, I want a way to read logs generated in realtime inside the container. I know I could just write the…
Matt Parlane
  • 3
  • 1
0
votes
1 answer

Send tomcat logs with syslog-ng in Ubuntu Linux

I am trying to setup syslog-ng to send tomcat logs (as well as all the other system logs) to a log server but it doesn't seem to be working, this is the line I have: destination d_tomcat { file("/opt/tomcat/logs/*.log"); }; And then of course…
Ulukai
  • 909
  • 2
  • 12
  • 29
0
votes
2 answers

syslog-ng "log_msg_size" maximum possible value

I read from syslog-ng doc and forums that log_msg_size to defaults to 8192. What is the possible maximum limit of this parameter? My application supports either syslog-ng or rsyslog depending upon situation and need. I wanted to set "log_msg_size"…
Suman S
  • 3
  • 2
0
votes
1 answer

syslog clipping for particular applications

I have a few particular applications that are causing a LOT of logs in my syslog server. I would like to keep all of their logging in /var/log/messages or somewhere on the server, but I am trying to find a way to only send syslog messages to the…
JustNobody30
  • 21
  • 1
  • 1
  • 4
0
votes
1 answer

Use syslog service to capture data logged to a file not managed by syslog?

Some services (nginx, buildbot, et cetera) only support logging to a file. Is there a way to reliably capture these log messages using syslog and friends, so that the log message can be reflected in the system logs and/or forwarded to a log service…
Monica For CEO
  • 330
  • 1
  • 17
0
votes
2 answers

How to resolve ssh/sftp log data not getting picked up by syslog-ng in cywgin64?

I've installed ssh and syslog-ng through cygwin (V3.2) on a Windows Server 2012 and attempting to get log output out of sshd. I'm using the default /etc/syslog-ng/syslog-ng.conf file... @version: 3.2 @include "scl.conf" source s_local { …
Tony
  • 1
  • 1
0
votes
1 answer

Syslog-ng reverse dns lookup for data fields

I would like to try a reverse-dns before storing the firewall logs. I know this is possibile in logstash but i don't know if syslog-ng can be configured to do the same. Actually my logs coming from pfsense are parsed with a csv parser: parser…
Tobia
  • 1,272
  • 9
  • 41
  • 81
0
votes
1 answer

How to filter cron messages in syslog-ng

I have a litte problem. I dont know ho to filter cron jobs in syslog-ng. It's spamming my log. Jun 05 16:09:01 CRON: pam_unix(cron:session): session opened for user root by (uid=0) Jun 05 16:09:01 /USR/SBIN/CRON: (root) CMD ( [ -x…
Jakub Doležal
  • 21
  • 3
0
votes
0 answers

How to log changes made in a particular file to syslog

How to log changes made in a particular file using syslog-ng. The log must contain the timestamp, hostname, user who modified the file and action performed. Is there any option other than audit in Linux, as audit generates more data in the log. Can…
Arun
  • 83
  • 1
  • 3
  • 12
0
votes
1 answer

Syslog-ng and Logrotate creating sparse files

We've been using syslog-ng to log our postgres logs. On top of it we run logrotate every 5 minutes which also gzips the files. Recently, we've noted that these postgres logs contain a lot of null characters at the beginning of the file. We later…
Rohit Nair
  • 1
0
votes
1 answer

SFTP and syslog-ng custom logging format

I have modified sshd_config and syslog-ng configs to log sftp connections into separate files. Now I would like to create custom logging like: [date] [source_ip] has downloaded the [filename] [size] for the config I have used: SFTP: log to a…
meso_2600
  • 121
  • 3
0
votes
1 answer

syslog-ng error on CentOS, works fine on other distributions

I want to add to a CentOS box (EL6) the same syslog-ng (3.2.5 from EPEL) configuration I have on other (Debian based) machines. It is intended to add events log in JSON to a single file for further processing: # /etc/syslog-ng/syslog-ng.conf #…
WoJ
  • 3,607
  • 9
  • 49
  • 79
1 2 3
12 13