Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [syslog-ng]

The syslog-ng application is a flexible and highly scalable system logging application that is ideal for creating centralized and trusted logging solutions.

The syslog-ng application is a flexible and highly scalable system logging application that is ideal for creating centralized and trusted logging solutions. The main features of syslog-ng are summarized below.

  • Reliable log transfer: The syslog-ng application enables you to send the log messages of your hosts to remote servers using the latest protocol standards. The logs of different servers can be collected and stored centrally on dedicated log servers. Transferring log messages using the TCP protocol ensures that no messages are lost.
  • Secure logging using TLS: Log messages may contain sensitive information that should not be accessed by third parties. Therefore, syslog-ng supports the Transport Layer Security (TLS) protocol to encrypt the communication. TLS also allows the mutual authentication of the host and the server using X.509 certificates.
  • Direct database access: Storing your log messages in a database allows you to easily search and query the messages and interoperate with log analyzing applications. The syslog-ng application supports the following databases: MSSQL, MySQL, Oracle, PostgreSQL, and SQLite.
  • Heterogeneous environments: The syslog-ng application is the ideal choice to collect logs in massively heterogeneous environments using several different operating systems and hardware platforms, including Linux, Unix, BSD, Sun Solaris, HP-UX, Tru64, and AIX.
  • Filter and classify: The syslog-ng application can sort the incoming log messages based on their content and various parameters like the source host, application, and priority. Directories, files, and database tables can be created dynamically using macros. Complex filtering using regular expressions and boolean operators offers almost unlimited flexibility to forward only the important log messages to the selected destinations.
  • Parse and rewrite: The syslog-ng application can segment log messages to named fields or columns, and also modify the values of these fields.
  • IPv4 and IPv6 support: The syslog-ng application can operate in both IPv4 and IPv6 network environments; it can receive and send messages to both types of networks.
195 questions
2
votes
1 answer

syslog-ng doesn't parse messages

I'm trying to set up syslog-ng to properly parse RFC5424-compilant messages, thus far, with little success. According to the syslog-ng documentation, The syslog-ng OSE application can automatically parse log messages that conform to the RFC3164…
Lacek
  • 7,233
  • 24
  • 28
2
votes
2 answers

syslog-ng working as foreground process but not as daemon

I'm working to implement syslog-ng OSE in my environment. Eventually I'd like to setup a central logging server, but in order to get my feet wet, I'm starting with a simple configuration. I've created a config that contains a single source, a…
NevDull
  • 21
  • 4
2
votes
1 answer

How to write logs in JSON format?

I want to centralize logging on my servers using syslog-ng which will write a JSON-formatted line to a file, which in turn will be picked up by logstash, which will forward it to elasticsearch. This setup works, except for some specific JSON…
WoJ
  • 3,607
  • 9
  • 49
  • 79
2
votes
1 answer

How to format log data before forwarding them as JSON to elasticsearch?

I log all events on a system to a JSON file via syslog-ng: destination d_json { file("/var/log/all_syslog_in_json.log" perm(0666) template("{\"@timestamp\": \"$ISODATE\", \"facility\": \"$FACILITY\", \"priority\": \"$PRIORITY\", \"level\":…
WoJ
  • 3,607
  • 9
  • 49
  • 79
2
votes
1 answer

Syslog-ng service hanging on restart

I've been a long time lurker of the site but this is my first question. So please let me know if there are any issues with my post. Two of the servers in our Ubuntu server farm (25+ machines) take a long time (10+ mins) to restart the syslog-ng…
EugeneRomero
  • 125
  • 7
2
votes
1 answer

Is someone trying to hack into my VPS?

I was browsing my logs on papertail and I saw this. Jun 03 03:26:01 /USR/SBIN/CRON: (root) CMD (test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.daily )) Jun 03 03:26:04 su: Successful su for www-data by root Jun 03…
Jakub Doležal
  • 21
  • 3
2
votes
1 answer

How could I send the windows eventlog to the network logging of a linux server?

In Windows, I am using the "Eventlog to Syslog" utility to send event logs to the Linux syslog server (syslog-ng). But I am can't do the same with some log files, especially in the case of the IIS log. Why is it impossible with the named tool? How…
Arun
  • 83
  • 1
  • 3
  • 12
2
votes
2 answers

How to collect logs for statistics in site?

I want to collect logs from nginx ( several servers, 1 000 000 lines in logs for minute for all servers ) to central stat server for statistics processing. I see 2 variants: write logs to local log files for each servers rename logs for template…
Bdfy
  • 181
  • 1
  • 1
  • 3
2
votes
1 answer

Forwarding from rsyslog to syslog-ng over TCP not working (although packets are reaching server)

We use syslog-ng on our central syslog server (syslog-ng-2.1.4-9.el5 on CentOS 5.9). We were happily sending logs using syslogd and rsyslog from a mixture of Linux and Solaris hosts over UDP until yesterday when it finally became clear to me that…
Paul Haldane
  • 4,517
  • 1
  • 21
  • 32
2
votes
1 answer

syslog-ng and nginx logs to mysql

So couple of days ago I asked how to log php and nginx logs to centralized MySQL database, and m0ntassar gave a perfect answer :) cheer ! The problem I am facing now is that I can not seem to get it working. syslog-ng version: # syslog-ng…
Katafalkas
  • 523
  • 2
  • 8
  • 20
2
votes
2 answers

Puppet language configuration file editing

I am trying to create a puppet recipe for a log server and client using syslog-ng. I know I can have custom configuration files using template erb files and replace certain variables in the erb files. I know also that the file resource just replaces…
chandank
  • 847
  • 3
  • 14
  • 31
2
votes
1 answer

Linux logger doesn't write tags to log files?

I have a problem with logger command. After upgrading syslog-ng to 3.3th version (maybe it is not directly depend on it), logger (using command below) doesn't log tag names: logger -t "BLABLA" some_log_string How can I solve it? I searched around…
0xmtn
  • 360
  • 3
  • 15
2
votes
1 answer

Moving from syslog.conf to syslogng.conf

I'm moving a Solaris box from syslogd to syslog-ng, because the Solaris version of syslogd obliterates the original source hostname on the logs. I'm looking through the syslogng.conf documentation, but am not sure I understand it all fully. We…
coding_hero
  • 241
  • 3
  • 6
  • 11
2
votes
1 answer

Capture only certain logs with syslong-NG

I'm new to Syslog-ng. sofar I deployed it and it is running fine pushing some logs to MongoDB. Now, what I really want to do is push some logs (e.g. /var/log/secure) to MongoDb while pushing some other logs to file system and yet ignoring some other…
Klaus
  • 21
  • 1
2
votes
2 answers

syslog-ng mongodb plugin configuration

I am using syslog-ng's mongodb plugin and it works great, but I can't find a way to customize the format of the saved log entries ("DATE", "FACILITY",...). Does anyone know how to do this? All information I could find is here (useful, but outdated)…
johndodo
  • 125
  • 1
  • 6
1 2
3
12 13