Questions tagged [syslog-ng]

The syslog-ng application is a flexible and highly scalable system logging application that is ideal for creating centralized and trusted logging solutions.

The syslog-ng application is a flexible and highly scalable system logging application that is ideal for creating centralized and trusted logging solutions. The main features of syslog-ng are summarized below.

Reliable log transfer: The syslog-ng application enables you to send the log messages of your hosts to remote servers using the latest protocol standards. The logs of different servers can be collected and stored centrally on dedicated log servers. Transferring log messages using the TCP protocol ensures that no messages are lost.
Secure logging using TLS: Log messages may contain sensitive information that should not be accessed by third parties. Therefore, syslog-ng supports the Transport Layer Security (TLS) protocol to encrypt the communication. TLS also allows the mutual authentication of the host and the server using X.509 certificates.
Direct database access: Storing your log messages in a database allows you to easily search and query the messages and interoperate with log analyzing applications. The syslog-ng application supports the following databases: MSSQL, MySQL, Oracle, PostgreSQL, and SQLite.
Heterogeneous environments: The syslog-ng application is the ideal choice to collect logs in massively heterogeneous environments using several different operating systems and hardware platforms, including Linux, Unix, BSD, Sun Solaris, HP-UX, Tru64, and AIX.
Filter and classify: The syslog-ng application can sort the incoming log messages based on their content and various parameters like the source host, application, and priority. Directories, files, and database tables can be created dynamically using macros. Complex filtering using regular expressions and boolean operators offers almost unlimited flexibility to forward only the important log messages to the selected destinations.
Parse and rewrite: The syslog-ng application can segment log messages to named fields or columns, and also modify the values of these fields.
IPv4 and IPv6 support: The syslog-ng application can operate in both IPv4 and IPv6 network environments; it can receive and send messages to both types of networks.

195 questions

vote

1 answer

syslog-ng: Timezone change and $HOUR macro

Here's a log line from an appliance coming in as UTC: <166>2023-06-13T16:03:44Z .................. We store this as in files, in Europe/London timezone: destination d_all { file("/srv/logs/$HOST-$FACILITY-$YEAR-$MONTH-$DAY-$HOUR.log" …

syslog-ng

asked Jun 13 '23 at 16:16

Christopher Causer

vote

2 answers

syslog-ng filter log by frequency to destination file

I have a syslog-ng that receives too many logs and I am trying a way to 'sample' them using some filter. I assume editing the /etc/syslog-ng/syslog-ng.conf with something like log { source(s_udp514); filter(every XXmin); destination(d_udp514);…

asked Mar 21 '23 at 20:15

asasa178

vote

1 answer

Find process that makes outbound HTTP calls, trying auditd with syslog-ng

Some of application (it's unknown) makes sporadic nonregular rare short outbound HTTP(S) requests to a known host/port/url (this is a WAF honeypot, host/url/port is known) using HTTPS protocol. Requests may occur once per 3-5 days. It's literally…

linux http syslog-ng auditd

asked Dec 02 '22 at 18:41

lospejos

vote

1 answer

Why would you want to change the log_msg_size from syslog-ng's default of 64k?

Per the syslog-ng admin guide, the log_msg_size defaults to 64k (65536 bytes) However, I have seen some sample syslog-ng config files (like this one) that drop this to <18k (18192 bytes) Why would you want to change the default behavior -…

logging syslog syslog-ng

asked Aug 11 '22 at 20:14

warren

18,369
23
84
135

vote

1 answer

syslog-ng freezes when reloading config changes in log msg size

I'm having a weird case of syslog-ng freezing on some reloads and under some conditions. syslog-ng version is ubuntu 20.04's default 3.25.1. It has to be something related to log_msg_size as this started to happen when it was reconfigured from…

syslog-ng

asked Feb 23 '22 at 11:55

theist

1,229
2
10
24

vote

1 answer

running syslog-ng in verbose mode

EDIT1: syslog-ng launch command : /usr/sbin/syslog-ng -u syslog -g syslog -R /tmp/syslog-ng.persist -F commands used: syslog-ng-ctl verbose --set=on and syslog-ng-ctl verbose I am trying to run syslog-ng in verbose mode, but getting errors: Error…

syslog syslog-ng

asked Jan 12 '21 at 07:40

Cheppy

vote

1 answer

"EOF occurred while idle" when using network directive in syslog-ng

I want to forward logs from a local machine to a distant server. Thanks to an SSH tunnel, the distant server is reachable through localhost:5514. I wrote the following conf: # Filters filter f_local0 { facility(local0); }; filter f_worker {…

tcp syslog syslog-ng

asked Oct 22 '20 at 09:43

vvvvv

votes

1 answer

Set a Macro before sending log over network with syslog-ng

I have created a syslog server and client. I want to set client serial number in SOURCE macro in all logs being sent to server so that on server side I can retrieve the macro and can create the log file based on client serial number. Following is my…

syslog-ng

asked Nov 15 '19 at 22:54

Darshan Prajapati

votes

1 answer

How to set-up Syslog-NG with MonitorWare schema?

we are setting up a centralized logging server which receives logs from many devices and servers and stored them into a database. The syslog on the central server is syslog-ng. It is chosen because of simplicity of its configuration and easier…

mysql rsyslog syslog-ng

asked Oct 30 '19 at 08:33

Nikita Kipriyanov

10,947
2
24
45

votes

1 answer

Disable process id showing in Syslog-ng logs

I configured syslog-ng (version 3.21.1) on a CentOS7 server and found that logs are in following format. Aug 26 12:59:28 xyz74hd.com radiusd[20142]: 92djvd4654654164nadskj795234dc Reason: pldap: Forind credentials incorrect: Invalid credentials…

centos7 syslog-ng logparser

asked Aug 29 '19 at 11:40

Aghori

votes

2 answers

syslog-ng.conf listen for remote servers

I'm configuring /etc/syslog-ng/syslog-ng.conf on version 3.5.6-2 to listen to remote hosts on port 514 by changing the configuration like #source s_src { # system(); # internal(); #}; # If you wish to get logs from remote machine you should…

syslog-ng

asked Mar 22 '19 at 18:59

batflaps

votes

1 answer

using mysql to send a database of log messages to syslog-ng?

I want to create a database of my proxy-server log messages and then modify and change them then finally send them to syslog-ng!! Is it possible?

mysql proxy syslog-ng

asked Jan 21 '19 at 08:38

Morteza

votes

0 answers

Wifi appliance not sending syslog

I am struggling a bit with my new syslog server which is not receiving log from my wifi appliance. My wifi appliance is an aerohive, there is almost nothing about configuring syslog on it on internet, but I think I figured it out. screen of the…

logging wifi syslog syslog-ng

asked Aug 29 '18 at 15:49

user7394492

votes

1 answer

systemd unit alias (symlink) missing for syslog-ng / syslog

I am having issues with an Ubuntu 16.04.4 machine running systemd and syslog-ng (3.5.6-2.1), where messages logged to syslog by a process (let's call it X) were not received by syslog-ng. Digging into this revealed that journald was hijacking the…

systemd syslog syslog-ng

asked Jun 28 '18 at 12:12

Roman

votes

1 answer

syslog-ng parses $MSG oddly

I am working on migrating a large syslog farm from syslog-ng 2.0.9 to 3.8.1. I have incoming datagrams that look like this: <14>Aug 14 21:28:49 pa01.foo.com 1,2017/08/14 21:28:49,009401031978,THREAT,url,... The actual message starts just after the…

syslog-ng

asked Aug 15 '17 at 16:40

Douglas Wegscheid

Prev 1 2 3

…

12 13 Next