Questions tagged [syslog-ng]

The syslog-ng application is a flexible and highly scalable system logging application that is ideal for creating centralized and trusted logging solutions.

The syslog-ng application is a flexible and highly scalable system logging application that is ideal for creating centralized and trusted logging solutions. The main features of syslog-ng are summarized below.

Reliable log transfer: The syslog-ng application enables you to send the log messages of your hosts to remote servers using the latest protocol standards. The logs of different servers can be collected and stored centrally on dedicated log servers. Transferring log messages using the TCP protocol ensures that no messages are lost.
Secure logging using TLS: Log messages may contain sensitive information that should not be accessed by third parties. Therefore, syslog-ng supports the Transport Layer Security (TLS) protocol to encrypt the communication. TLS also allows the mutual authentication of the host and the server using X.509 certificates.
Direct database access: Storing your log messages in a database allows you to easily search and query the messages and interoperate with log analyzing applications. The syslog-ng application supports the following databases: MSSQL, MySQL, Oracle, PostgreSQL, and SQLite.
Heterogeneous environments: The syslog-ng application is the ideal choice to collect logs in massively heterogeneous environments using several different operating systems and hardware platforms, including Linux, Unix, BSD, Sun Solaris, HP-UX, Tru64, and AIX.
Filter and classify: The syslog-ng application can sort the incoming log messages based on their content and various parameters like the source host, application, and priority. Directories, files, and database tables can be created dynamically using macros. Complex filtering using regular expressions and boolean operators offers almost unlimited flexibility to forward only the important log messages to the selected destinations.
Parse and rewrite: The syslog-ng application can segment log messages to named fields or columns, and also modify the values of these fields.
IPv4 and IPv6 support: The syslog-ng application can operate in both IPv4 and IPv6 network environments; it can receive and send messages to both types of networks.

195 questions

vote

0 answers

Syslog-ng not triggering Python script

I am currently trying to setup a Syslog application to trigger a certain python script when a certain message is found however I'm having trouble calling the python script. Below is the current config file. To confirm, I am seeing logs into the log…

python syslog-ng

asked Jan 25 '18 at 21:23

ggjono

vote

1 answer

syslog-ng logs sent to multiple destination

I'm getting remote nginx syslogs going to both /var/log/nginx and /var/log/splunk on my syslog-ng server. How do I only get it to go to /var/log/nginx? #/etc/syslog-ng/syslog-ng.conf source s_sys { system(); internal(); udp(ip(0.0.0.0)…

syslog syslog-ng

asked Jan 24 '18 at 01:24

bayman

vote

1 answer

Filtering dpkg logs in syslog-ng

I am new to syslog-ng, and I am setting a syslog-ng, where I am receiving logs of syslog, auth.log and dpkg.log. Although I was able to get the logs for syslog and auth.log, but I am unable to write the dpkg logs to seperate file and it is getting…

ubuntu-14.04 syslog-ng filter

asked Dec 13 '17 at 08:52

Bidyut

vote

0 answers

syslog-ng not recognizing "python" as a parser keyword

( Yes, I've seen syslog-ng does not recognize "python" keyword . However, 1) the mentioned solution doesn't help me because I checked and mod-python is loaded, and 2) it applies to file destination rather than the parser) After having some trouble…

syslog-ng mod-python

asked Oct 12 '17 at 13:50

Shadur

1,337
1
11
20

vote

2 answers

how to transfer log file to another linux server for processing

Is there an reliable way to transfer logs from one server to another? Currently i'm using cron script to transfer file with scp to another server every 5 minutes. */5 * * * * root scp ~/my_log_file.txt user@remote_host.com:/remote/log/directory

syslog rsyslog syslog-ng

asked Sep 25 '17 at 20:19

Carmel

vote

0 answers

Get json output file for cisco router logs with syslog ng

Have cisco router logs as following Sep 18 20:55:30 2405:XXX:204:XXX:172:22:XXX:25 93596: 093382: Sep 18 20:53:17.848 IST: %TCP-6-BADAUTH: No MD5 digest from 2405:XXX:201:201:XXX:22:193:30(179) to 2405:XXX:201:XXX:172:22:XXX:25(15616) (RST) tableid…

cisco logging syslog-ng

asked Sep 18 '17 at 15:43

user436054

vote

0 answers

Syslog-ng - 6 day old log file touched when writing to today's log file

Nearly every time syslog-ng writes to the current log file, it touches the log file from 6 days prior. It is not writing any data into the old log files, just updating their last modified timestamp. Screenshot of log files I’m not 100% sure why it…

linux centos centos7 syslog syslog-ng

asked Aug 03 '17 at 18:31

psitsyseng

vote

1 answer

Syslog-ng Time Format & Time Zone

I'm currently using a fairly old version of syslog-ng, 2.1.4, and yes I know I need to update it as soon as possible, but for now I need help on modifying the date/time format and time zone. Currently everything comes into syslog-ng and gets dumped…

syslog-ng

asked May 01 '17 at 20:39

Eric

1,383
3
17
34

vote

2 answers

Upgrade the os of a syslog-ng or rsyslog server

I run a RHEL server with rsyslog to collect my network logs, and by receiving a security bulletin alert I have to upgrade this server. What is the strategy to upgrade this machine, knowing that many other machine's logs depend on this and on an OS…

linux rsyslog linux-kernel upgrade syslog-ng

asked Feb 07 '17 at 22:11

Ali Mezgani

3,850
2
24
36

vote

1 answer

Ignoring forwarder IP in syslog-ng

We are getting syslog-ng feeds from a forwarder that we don't control. The issue is that they are using an older version (RHEL 6), and while they have keep_hostnames set to 'yes' (chain_hostnames to 'no'), it's just not working. Their feed is still…

configuration syslog syslog-ng headers

asked Feb 07 '17 at 16:10

jasonmclose

vote

0 answers

Kafka module missing on syslog-ng.

I'm trying to install syslog-ng and its kafka module. I'm using docker debian:latest for this if that matters. After running 'apt-get install syslog-ng' the syslog-ng can't reach the kafka module even though they are both installed as I can see in…

syslog-ng kafka

asked Oct 31 '16 at 17:09

kub1x

vote

2 answers

Referencing journald fields when forwarding messages to syslog-ng

How can I change my syslog-ng template so that when the log originates from a systemd service / unit, the log message will include the unit's name? Using ${PROGRAM} just shows the name of the executable that the systemd service called / that the…

syslog systemd syslog-ng journald

asked Feb 20 '16 at 20:59

BSchlinker

vote

1 answer

Will Syslog-ng recreate syslog-ng.persist file if deleted?

I am running syslog-ng pe 4 lts on Centos 6. Syslog is recursing a local directory of web logs and moving them to a NAS. We are seeing that some old log lines are showing up on the NAS for current dates. For example, a log line with a timestamp of…

logging centos6 syslog-ng

asked Nov 05 '15 at 20:15

S.C.

vote

1 answer

How to check for platform within syslog-ng configuration?

I run syslog-ng on several platforms with the default /etc/syslog-ng/syslog-ng.conf, as well as an independent /etc/syslog-ng/conf.d/myconfig.conf In that specifc configuration I would like to reuse s_src from syslog-ng.conf, defined there as…

syslog-ng

asked Oct 23 '15 at 11:16

WoJ

3,607
9
49
79

vote

1 answer

Syslog-ng with mysql destination - increase log retention

I have this dusty syslog-ng 3.1.3 that writes to a database and all is working well however it seems to keep only 30 days of logs (last table is logs20150826) How can I increase that? I see nothing immediately clear in the documentation. There are…

ubuntu mysql syslog-ng

asked Sep 25 '15 at 11:24

Recct

Prev 1 2 3

…

12 13 Next