Questions tagged [syslog-ng]

The syslog-ng application is a flexible and highly scalable system logging application that is ideal for creating centralized and trusted logging solutions.

The syslog-ng application is a flexible and highly scalable system logging application that is ideal for creating centralized and trusted logging solutions. The main features of syslog-ng are summarized below.

Reliable log transfer: The syslog-ng application enables you to send the log messages of your hosts to remote servers using the latest protocol standards. The logs of different servers can be collected and stored centrally on dedicated log servers. Transferring log messages using the TCP protocol ensures that no messages are lost.
Secure logging using TLS: Log messages may contain sensitive information that should not be accessed by third parties. Therefore, syslog-ng supports the Transport Layer Security (TLS) protocol to encrypt the communication. TLS also allows the mutual authentication of the host and the server using X.509 certificates.
Direct database access: Storing your log messages in a database allows you to easily search and query the messages and interoperate with log analyzing applications. The syslog-ng application supports the following databases: MSSQL, MySQL, Oracle, PostgreSQL, and SQLite.
Heterogeneous environments: The syslog-ng application is the ideal choice to collect logs in massively heterogeneous environments using several different operating systems and hardware platforms, including Linux, Unix, BSD, Sun Solaris, HP-UX, Tru64, and AIX.
Filter and classify: The syslog-ng application can sort the incoming log messages based on their content and various parameters like the source host, application, and priority. Directories, files, and database tables can be created dynamically using macros. Complex filtering using regular expressions and boolean operators offers almost unlimited flexibility to forward only the important log messages to the selected destinations.
Parse and rewrite: The syslog-ng application can segment log messages to named fields or columns, and also modify the values of these fields.
IPv4 and IPv6 support: The syslog-ng application can operate in both IPv4 and IPv6 network environments; it can receive and send messages to both types of networks.

195 questions

vote

2 answers

syslog-ng: Disable suppressing repeated messages

How can I disable last message repeated X times compression in syslog-ng? I use certain log messages as triggers and this effectively hides them. Defining suppress(0) doesn't do what I want.

syslog-ng

asked Aug 28 '15 at 13:36

mdw

vote

1 answer

Is it possible to use syslog-ng to forward logs to SecurityOnion ELSA?

I have installed Snort IDS and syslog-ng on my VM, and I want to use syslog-ng to forward my logs to another vm which is SecurityOnion. So I want to know can syslog-ng forward logs to ELSA which is in SecurityOnion? Any help would be great. Thank…

linux syslog-ng snort

asked Aug 02 '15 at 03:04

technoob

vote

0 answers

Syslog-ng and Stunnel between two hosts (Connection refused)

I'd like to setup syslog-ng over stunnel between a host on my LAN and a host in my DMZ but can't quite figure out the configuration. The stunnel config seems to be correct. If I shutdown syslog on both machines, I can run nc -l 5140 on the dmzhost…

linux syslog-ng stunnel

asked Jul 27 '15 at 21:24

Server Fault

3,714
12
54
89

vote

1 answer

syslog-ng EC2 TLS

I am attempting to add TLS support to my syslog-ng service running on an AWS EC2 instance (logs are being sent to loggly). The basic configuration without TLS works, but when I replace the destination in the config with : destination d_loggly { …

amazon-ec2 tls syslog-ng

asked Jul 18 '15 at 15:23

MarcF

vote

1 answer

Example syslog-ng configuration to replicate rsyslog filename & locations?

ng 3.6.3 from source compilation on CentOS 6.6 64bit to play with and was wondering if anyone has pointers or example syslog-ng.conf that would as close as possible replicate the default rsyslog filenames and locations for logging. The default…

centos rsyslog syslog-ng

asked Jun 13 '15 at 18:54

p4guru

vote

1 answer

Why does syslog-ng drop debug messages when logging remote?

In the local log output, I can see debug messages but these won't show up on the remote logging server. It seems to ignore these but it does print warning and error level messages just fine. These are the local (Ubuntu 14.04.2 LTS) syslog-ng.conf…

logging remote syslog syslog-ng

asked May 12 '15 at 12:19

foraidt

vote

2 answers

Does syslog-ng config file support log rotating files every 15 mins?

I using syslog-ng config file destination configuration to create hourly log files. The config I'm using for this is as follows: destination d_hourly {file("/var/log/tracker/pid$PID-track-$YEAR-$MONTH-$DAY-$HOUR.log");}; I now have a requirement to…

syslog-ng

asked Jan 23 '15 at 07:28

Akshay Surve

vote

1 answer

syslog-ng fails to log on lxc host

we are running CentOS 6 servers with multiple lxc-containers. For system logging we are using syslog-ng. After a while the syslog-ng daemon stops logging messages, but the daemon keeps running. This happens on the host and inside the containers…

centos lxc syslog-ng

asked May 28 '14 at 14:59

john.dough

vote

1 answer

Forwarding Syslog/Event Log Across Networks

I am trying to Forward syslogs and Event Logs across networks (internet). Win Computer ----| (There will be multiples of these forwarding to a single source) Win Server ------| >>…

vpn syslog rsyslog syslog-ng

asked Mar 22 '14 at 03:34

m3rl1n

vote

0 answers

capture Parse.com application logs with syslog-ng

I need to setup a log drain for an application running on Parse. My source looks like this: source s_parse { #internal(); program("/home/ubuntu/parse/tailparse.sh" flags(no-parse)); }; and tailparse.sh looks like…

syslog-ng parse-server

asked Mar 19 '14 at 02:43

emkman

vote

2 answers

Trying to convert syslog-ng to rsyslog

I'me trying to get nginx to log direct to piwik. I am having problems getting rsyslog to accecpt some syslog-ng syntax. The rsyslog doc says syslog-ng conf is compatible with it. source s_nginx_20 { pipe("/var/lib/nginx/access.log"…

nginx rsyslog syslog-ng piwik

asked Mar 03 '14 at 04:19

Techwolf Lupindo

vote

0 answers

Syslog-ng not logging on debian

I have syslog-ng running but it does not seem to be logging to /var/log anymore. Looking at the logs it apparently used to awhile back: -rw------- 1 root root 0 Sep 8 00:55 messages -rw------- 1 root root 569157 Sep 4 01:27…

linux monitoring logging syslog syslog-ng

asked Dec 17 '13 at 14:41

Jason

3,931
19
66
107

vote

1 answer

sending json based messages using syslog-ng and amqp

How do you properly format json messages and send them over amqp with syslog-ng? The json format should look something like this. {"log":"This is the error message...", "date":"xxx", "source":"xxx"} The problem I have is that the message is not…

syslog-ng rabbitmq json

asked Nov 17 '13 at 02:12

eandersson

vote

1 answer

Amazon EC2 Servers with syslog-ng communication

I have 3 Amazon EC instances with ubuntu 12.04 Production Server (LAMP Server w/o MYSQL, syslog-ng client) Development Server (LAMP w/ MYSQL, syslog-ng client) Logging Server (syslog-ng Server) I connect to all of these using an ssh connection…

amazon-ec2 iptables ubuntu-12.04 ufw syslog-ng

asked Aug 08 '13 at 04:37

deadmantfa

vote

2 answers

Syslog-ng Load Balancing

I am working on setting up a syslog-ng server to accept logs from various sources. The general setup is going to be: Device1 Device2 Syslog1 Device3 --> Load balancer --> Syslog2 --> Shared SAN…

load-balancing syslog-ng

asked May 10 '13 at 17:12

Eric

1,383
3
17
34

Prev 1 2 3

…

12 13 Next