Stack Overflow
Stack Overflow

Questions tagged [syslog-ng]

The syslog-ng application is a flexible and highly scalable system logging application that is ideal for creating centralized and trusted logging solutions.

The syslog-ng application is a flexible and highly scalable system logging application that is ideal for creating centralized and trusted logging solutions. The main features of syslog-ng are summarized below.

  • Reliable log transfer: The syslog-ng application enables you to send the log messages of your hosts to remote servers using the latest protocol standards. The logs of different servers can be collected and stored centrally on dedicated log servers. Transferring log messages using the TCP protocol ensures that no messages are lost.
  • Secure logging using TLS: Log messages may contain sensitive information that should not be accessed by third parties. Therefore, syslog-ng supports the Transport Layer Security (TLS) protocol to encrypt the communication. TLS also allows the mutual authentication of the host and the server using X.509 certificates.
  • Direct database access: Storing your log messages in a database allows you to easily search and query the messages and interoperate with log analyzing applications. The syslog-ng application supports the following databases: MSSQL, MySQL, Oracle, PostgreSQL, and SQLite.
  • Heterogeneous environments: The syslog-ng application is the ideal choice to collect logs in massively heterogeneous environments using several different operating systems and hardware platforms, including Linux, Unix, BSD, Sun Solaris, HP-UX, Tru64, and AIX.
  • Filter and classify: The syslog-ng application can sort the incoming log messages based on their content and various parameters like the source host, application, and priority. Directories, files, and database tables can be created dynamically using macros. Complex filtering using regular expressions and boolean operators offers almost unlimited flexibility to forward only the important log messages to the selected destinations.
  • Parse and rewrite: The syslog-ng application can segment log messages to named fields or columns, and also modify the values of these fields.
  • IPv4 and IPv6 support: The syslog-ng application can operate in both IPv4 and IPv6 network environments; it can receive and send messages to both types of networks.
275 questions
1
vote
0 answers

receive RFC5424 messages and write to file with syslog-ng

How do I get syslog-ng to receive syslog sent in rfc5424 format. I do see syslog-ng receiving the message in strace but it throws error while parsing. Here is the syslog-ng i'm trying out: /home/syslogng @us201.sjc# rpm -qi syslog-ng Name :…
user3282227
  • 131
  • 2
  • 10
1
vote
1 answer

Adding some custom input source to syslog-ng, and direct it to different file

We use syslog-ng to record metrics. We use systemd journal for logging, we added metrics as part of logs and then filtered by adding filter in /etc/syslog-ng.conf. This worked well but for certain process but if a process spams more log, due to…
Naveen Singh
  • 81
  • 4
1
vote
1 answer

Strip nulls from message in syslog-ng

I need to strip NULL's from the incoming message so I can forward it back out to another host. Syslog-ng does not forward messages properly that have any nulls in it. I've tried the following but cannot figure out how to target the NULL in the…
lifo
  • 2,791
  • 1
  • 25
  • 32
1
vote
2 answers

Syslog-NG with mysql phpmyamdin not storing data real time?

I have installed syslog-ng on an ubuntu 18.04.4lts. but it looks like mysql is missing some logs. when I run syslog-ng -d I can see logs are coming in real time. But in phpmyadmin they are at least 25-30min behind. Furthermore, it is happening…
nayeem
  • 11
  • 2
1
vote
0 answers

Syslog-ng docker container doesn't accept TCP connections on port 514?

I am sorry for my bad writing but this is my first question. So, the situation here is that i have a syslog-ng version 3.24 custom container, based on the Ubuntu:18.04 image, which should accept connections on port 514 in TCP, and after that it…
Mark7713
  • 11
  • 3
1
vote
1 answer

Rewriting log data

I am sending syslog data to my LogZilla server and am unable to rewrite the data using the Event message: …
user11890100
  • 11
  • 1
1
vote
2 answers

RSyslog / Syslog-ng - Running Log collector inside a container

Lets say we have a Kubernetes cluster (on production) that logs to Logstash. We want that a specific segment of the logs to be sent to our remote Splunk machine (VM). The design is to add Splunk forwarder that will collect the logs and send it…
Rot-man
  • 18,045
  • 12
  • 118
  • 124
1
vote
1 answer

Setting a variable path with syslog-ng python destination

Is this possible? From what I'm seeing, the only way to get options into the the python class is to hard code them in the python destination's options. I need to set a variable path based on macros like $HOST but python destination options don't…
Mark
  • 348
  • 4
  • 15
1
vote
1 answer

Sending logs from a syslog-ng client to a rsyslog server

I have a setup where logs from a syslog-ng client is sent to a rsyslog server. I want send logs via TCP. Following is the configuration of my syslog-ng client. destination d_remoteUdp { network("192.168.104.48" transport("udp")…
N.Chandimali
  • 799
  • 1
  • 8
  • 23
1
vote
3 answers

how to remove hostname and timestamp from logs coming from remote syslog server

I am using rsyslog to send all syslog files and few additional application log files to remote syslog server which has syslog-ng server running and it's sending to Splunk using splunk forwarder. My problem is, when rsyslog sending logs to remote…
Meet101
  • 711
  • 4
  • 18
  • 35
1
vote
0 answers

ignoring particular level kernel log in syslog-ng

I am dumping all of my logs which includes my python program in one particular file. There are too many logs from kernel and thus I want to ignore logs of some level. Is it possible to ignore just notice and warning level kernel using syslog-ng…
prattom
  • 1,625
  • 11
  • 42
  • 67
1
vote
0 answers

Adding tag to logs by syslog-ng before sending to a log collector

I need to add a tag "TCP" to the each row of logs which is generated in path #/var/log/tcp/s.log, before sending to a remote log collector. I prefer to use syslog-ng. Here there is a part of my syslog.conf file, but its incorrect. filter f_local (fa…
Unixer
  • 61
  • 9
1
vote
1 answer

syslog-ng sending message to console and file

I want to send syslog messages to console and file. For sending it to file I am using following configuration. destination d_mycode { file("/var/log/app.log"); }; filter f_mycode { program(mycode); }; log { source(s_src); filter(f_mycode);…
prattom
  • 1,625
  • 11
  • 42
  • 67
1
vote
1 answer

syslog-ng for multiple sources

I am using syslog-ng on Ubuntu 12.4 server. I have few Mikrotik routers . In syslog-ng I have managed to add single host for logging. It's being Configured as below : # Accept connection on UDP source s_net { udp (); }; # MIKROTIK ########### # Add…
Syed Jahanzaib
  • 333
  • 6
  • 18
1
vote
1 answer

Syslog-ng custom parser

Is it possible to implement custom parsers in syslog-ng ? For example, I want to implement a custom parser which will parse messages in ASN format and write the contents of the message to a file in ASCII format. Would it be possible ?
emrenak
  • 51
  • 7
1 2 3
18 19