Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [syslog-ng]

The syslog-ng application is a flexible and highly scalable system logging application that is ideal for creating centralized and trusted logging solutions.

The syslog-ng application is a flexible and highly scalable system logging application that is ideal for creating centralized and trusted logging solutions. The main features of syslog-ng are summarized below.

  • Reliable log transfer: The syslog-ng application enables you to send the log messages of your hosts to remote servers using the latest protocol standards. The logs of different servers can be collected and stored centrally on dedicated log servers. Transferring log messages using the TCP protocol ensures that no messages are lost.
  • Secure logging using TLS: Log messages may contain sensitive information that should not be accessed by third parties. Therefore, syslog-ng supports the Transport Layer Security (TLS) protocol to encrypt the communication. TLS also allows the mutual authentication of the host and the server using X.509 certificates.
  • Direct database access: Storing your log messages in a database allows you to easily search and query the messages and interoperate with log analyzing applications. The syslog-ng application supports the following databases: MSSQL, MySQL, Oracle, PostgreSQL, and SQLite.
  • Heterogeneous environments: The syslog-ng application is the ideal choice to collect logs in massively heterogeneous environments using several different operating systems and hardware platforms, including Linux, Unix, BSD, Sun Solaris, HP-UX, Tru64, and AIX.
  • Filter and classify: The syslog-ng application can sort the incoming log messages based on their content and various parameters like the source host, application, and priority. Directories, files, and database tables can be created dynamically using macros. Complex filtering using regular expressions and boolean operators offers almost unlimited flexibility to forward only the important log messages to the selected destinations.
  • Parse and rewrite: The syslog-ng application can segment log messages to named fields or columns, and also modify the values of these fields.
  • IPv4 and IPv6 support: The syslog-ng application can operate in both IPv4 and IPv6 network environments; it can receive and send messages to both types of networks.
195 questions
3
votes
1 answer

How can I compare ${HOST} and ${HOST_FROM} (or why ${HOST} != ${HOST})?

I have a setup which can be summarized as follow: service --> syslog-ng relay --> syslog-ng server On the syslog-ng server, I would have the log organized as follow: /var/log/ ----> syslog-ng server local log files... \--> ${FROM_HOST}/…
WhiteWinterWolf
  • 268
  • 5
  • 14
3
votes
2 answers

Install syslog-ng on RHEL 7

I'm very surprised at how much trouble this is giving me. I have a RHEL 7 machine I'm trying to install syslog-ng on. I added the EPEL repository, I get the following output: # yum install syslog-ng.x86_64 --enablerepo=epel syslog-ng Loaded plugins:…
Peter
  • 143
  • 1
  • 6
3
votes
0 answers

Sending certain logs to a remote syslog-ng server

I am unable to send /var/log/audit/audit.log to remote server. I have tried below methods but no luck. After done below configuration am not able to restart the syslog-ng service. syslog-ng version is syslog-ng-1.6.8-20.21.1 in sles10. method1…
user210034
  • 31
  • 2
3
votes
2 answers

Excluding some messages from syslog-ng

I'm trying to exclude some messages from being logged by syslog-ng, such as this LDAP log entry: Sep 18 15:18:34 myserver slapd[9682]: conn=1043 op=24 SEARCH RESULT tag=101 err=0 nentries=1 text= I've got this syslog-ng filter which I'm trying to…
ricksebak
  • 95
  • 1
  • 2
  • 10
3
votes
2 answers

How to redirect third party logs to log server in Centos

I want to setup a simple log server to accept logs from all clients. I am not talking about standard system logs such as /var/log/mail , message, boot etc. I want to redirect or send application logs and they may not be using syslog daemon at all to…
chandank
  • 847
  • 3
  • 14
  • 31
3
votes
8 answers

How best to monitor and alert on the absence of an event in the logs?

With logs getting captured in syslog-ng, I'd like to be able to automatically monitor the logs and receive an alert if NO log events appear that match a certain criteria. For instance, for a subscription-based website, if 6 hours elapse with no…
Matt V.
  • 837
  • 1
  • 9
  • 12
3
votes
2 answers

Syslog-ng 3.0 %95CPU usage?

I am using syslog-ng 3.0 in my machines. There is one machine, which gets logs from other three machines. But lately, when I use top to monitor cpu usage (in the main one), I see syslog-ng uses appr.95% of the cpu. I use 2nd depth inclusion in my…
0xmtn
  • 360
  • 3
  • 15
3
votes
2 answers

Can a hostname be added to syslog-ng?

How can syslog-ng be configured to send both the hostname and the IP address. Currently, logs are sent with the IP address of the device/machine, but we want to add the hostname so I could keep my ip management database up to date with the correct…
Ed Gl
  • 143
  • 1
  • 1
  • 4
3
votes
2 answers

Zensyslog Clear Events

I've hooked up Zenoss' Zensyslog so that messages from a distributed list of client machines are all conglomerated into events on the Zenoss server. This is all fantastic, and I can bump messages by simply using the logger command: logger -t…
Stefan Mai
  • 322
  • 2
  • 9
3
votes
3 answers

How to collect logs with syslog-ng from www servers in dmz and send them to server behind firewall(NAT). Can Zabbix proxy solve this?

I have several www servers in DMZ. My monitoring and log gathering server lays in my LAN. There is no comunication like WWW server in DMZ ----> monitor server in LAN. I can connect DMZ from my LAN LAN --via proxy--> WWW server in DMZ. I'm going…
B14D3
  • 5,188
  • 15
  • 64
  • 83
3
votes
3 answers

Filtering bad requests from Apache -> logger -> rsyslog to syslog-ng on a remote logging server possible?

EDIT: Thanks for the help Here is a quick idea of the setup: webserver X In apache httpd.conf: LogFormat "%v %h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" vcombined CustomLog "|/usr/bin/logger -p local6.info -t access " vcombined In…
zeyus
  • 33
  • 1
  • 7
3
votes
2 answers

Getting syslog-ng to recognize a java stacktrace

We are using the log4j SyslogAppender to send our logging statements to syslog-ng. Once the messages are in syslog-ng, we are having trouble getting syslog-ng to recognize that a stacktrace goes with the appropriate logging statement. Thus, when we…
Matt Campbell
  • 183
  • 5
2
votes
3 answers

Is there a reason to use /dev/lognull instead of /dev/null when logging with syslog-ng?

At my office I recently wondered aloud to all, "Why shouldn't these logs be redirected to /dev/null instead of /dev/lognull?" I was told that there is (or was) a reason, but no one could remember it. I was told that the reasons is in the syslog-ng…
thepocketwade
  • 1,545
  • 5
  • 17
  • 27
2
votes
1 answer

logrotate configuration on linux to rotate syslog-ng log files correctly

I am having some trouble trying to configure log rotation for some syslog-ng local log files I'm trying to keep. for some reason, the size is not respected and logs are filling my filesystem quickly. I want to keep something like 3 files of 100Mbs…
olivierg
  • 524
  • 2
  • 8
  • 27
2
votes
1 answer

Avoid logging in /var/log/syslog only using /etc/syslog-ng/conf.d/

How to tell syslog to send custom app's logs to a separate file and NOT into /var/log/syslog WITHOUT changing /etc/syslog-ng/syslog-ng.conf ? I have a custom application that sends messages to syslog's local3 facility. As each message sent by this…
gr0bz
  • 53
  • 2
  • 4
1
2
3
12 13