Questions tagged [syslog-ng]

The syslog-ng application is a flexible and highly scalable system logging application that is ideal for creating centralized and trusted logging solutions.

The syslog-ng application is a flexible and highly scalable system logging application that is ideal for creating centralized and trusted logging solutions. The main features of syslog-ng are summarized below.

Reliable log transfer: The syslog-ng application enables you to send the log messages of your hosts to remote servers using the latest protocol standards. The logs of different servers can be collected and stored centrally on dedicated log servers. Transferring log messages using the TCP protocol ensures that no messages are lost.
Secure logging using TLS: Log messages may contain sensitive information that should not be accessed by third parties. Therefore, syslog-ng supports the Transport Layer Security (TLS) protocol to encrypt the communication. TLS also allows the mutual authentication of the host and the server using X.509 certificates.
Direct database access: Storing your log messages in a database allows you to easily search and query the messages and interoperate with log analyzing applications. The syslog-ng application supports the following databases: MSSQL, MySQL, Oracle, PostgreSQL, and SQLite.
Heterogeneous environments: The syslog-ng application is the ideal choice to collect logs in massively heterogeneous environments using several different operating systems and hardware platforms, including Linux, Unix, BSD, Sun Solaris, HP-UX, Tru64, and AIX.
Filter and classify: The syslog-ng application can sort the incoming log messages based on their content and various parameters like the source host, application, and priority. Directories, files, and database tables can be created dynamically using macros. Complex filtering using regular expressions and boolean operators offers almost unlimited flexibility to forward only the important log messages to the selected destinations.
Parse and rewrite: The syslog-ng application can segment log messages to named fields or columns, and also modify the values of these fields.
IPv4 and IPv6 support: The syslog-ng application can operate in both IPv4 and IPv6 network environments; it can receive and send messages to both types of networks.

275 questions

vote

1 answer

Suppress repeated messages to SQL Destination, in syslog-ng

I am designing a centralize syslog server, to receive logs from different device, and write them to MySQL. While there are too many repeated messages, I am trying to find a solution. I found syslog-ng >= 2.1 has added support for suppressing…

logging syslog syslog-ng

asked Apr 30 '14 at 09:53

Brightshine

vote

0 answers

syslog port with multiple clients

I am having a syslog server configured in my localhost(Linux OS) which uses UDP 514 port. I have different hosts trying to access the same port but the server is allowing only one client to access the port at a time. Is there any chance or a way to…

syslog rsyslog syslog-ng syslog4j

asked Feb 05 '14 at 07:29

user2100556

vote

0 answers

Logstash will not bind the UDP hostname of the syslog server

I have a centralized Syslog-ng server that outputs logs to port 10150 and when I do a UDP dump on that port I am able to see the logs being written to that port and IP. On another server that contains the Logstash daemon on version 1.3+. I am…

sockets udp logstash syslog-ng

asked Jan 29 '14 at 23:42

Cole Shores

vote

0 answers

Unable to use rewrite and subst in Syslog-ng

When I write my logs without adding my substitution I am able to write just fine however since I am building upon a central logging server I need to add the host name from the source log to the existing message that is being processed. I intend of…

logging syslog logstash syslog-ng

asked Jan 28 '14 at 21:03

Cole Shores

vote

1 answer

syslog-ng to redis problems, able to write to file however unable to write to redis

I need to use Redis as a message key-value store for Logstash to read from. The idea is to use the existing Syslog-ng server to route the syslog for all servers to the Redis server so Logstash is able to read from it. I have my Redis server set up…

redis elasticsearch syslog logstash syslog-ng

asked Jan 21 '14 at 19:23

Cole Shores

vote

0 answers

Custom Solr Date Parser

I am pretty new to Solr and requires some help. Currently I am pushing all my logs to be indexed by Solr using Flume-ng and Syslog-ng. I would also like to index the date, but I keep on getting exception due to different time format. Syslog-ng…

linux apache datetime solr syslog-ng

asked Dec 24 '13 at 02:44

Shulhi Sapli

2,286
3
21
31

vote

0 answers

Splunk: Apache Access & Apache Errors in One Project

I want to use rsyslog to send to Splunkstorm. I want to send Apache Access & Apache Errors to the same project. According to this answer, I can either create two separate projects (which to me seems like a waste of the maximum 3 allowed) OR I can…

logging syslog splunk rsyslog syslog-ng

asked Oct 10 '13 at 00:15

Gaia

2,872
1
41
59

vote

1 answer

Using a PHP script as syslog-ng program() destination

I want to send log entries from syslog-ng to a php script. Looking at this question: How do you know if syslog-ng stops your listening daemon? I tried to use the loop described in it: while (!feof(STDIN)) { $input = fgets(STDIN); // do…

php syslog-ng

asked Aug 08 '13 at 21:46

jsd

7,673
5
27
47

vote

0 answers

Why does syslogd-ng print items in square brackets twice

I'm using syslogd-ng and have noticed that the command: logger [test] message results in the following log message: Sep 17 15:39:09 Test: [test] [test] message where the priority has been removed. Why does adding the square brackets around the word…

syslog syslog-ng

asked Sep 27 '12 at 23:24

Terminal

votes

1 answer

syslog-ng hungup using afmongo

i'm using syslog-ng to send data to mongo after a while the process hung up. tcpdump shows no data outgoing. debuggint syslog-ng, i found Destination queue full, dropping message;... appears several times, then back to normal. for last time it never…

mongodb syslog-ng

asked Feb 22 '12 at 03:37

whi

2,685
6
33
40

votes

1 answer

How does syslog-ng validate the header?

I am wondering how syslog-ng validates that the header is in the correct format (pri, timestamp, hostname). Does it use regular expressions for this purpose?

regex syslog syslog-ng

asked Dec 22 '11 at 14:27

Eton B.

6,121
5
31
43

votes

0 answers

Using .env files with Syslog-ng.conf

Hi guys how do I reference and use variable from .env file in syslog-ng.conf destination d_elasticsearch_http { elasticsearch-http( index("syslog-ng") type("") url("http://elasticsearch:9200/_bulk") …

elasticsearch syslog-ng .env

asked Aug 29 '23 at 06:06

Levick

votes

0 answers

Syslog-ng how to escape all data inside ${MESSAGE}, i need to send it to http endpoint as json

i need to send all received syslog message as an json payload. syslog entry it self contains double quotes and other special chars, that ruins my json payload, any idea how it can automatically escape those ? That's the current configuration that i…

json escaping endpoint payload syslog-ng

asked Aug 10 '23 at 15:01

porlock

votes

0 answers

Syslog-ng missing logs when network is interrupted

I am using syslog-ng to retrieve logs from a file to another host which is in the same network with the sender. My configuration looks like this: source file_source { file("/var/log/messages" follow-freq(2)); }; destination remote_host { …

networking syslog syslog-ng

asked Jul 30 '23 at 21:51

Umut Can Alaçam

votes

0 answers

How to send rotated logfiles with Syslog-ng

Right now I am sending suricata eve.json raw logs(just the message) through Syslog-ng TLS transport to a Syslog-ng server which receives them, stores them, and sends them to ElasticSearch and Kibana using the Filebeat suricata module. And it works…

elk logrotate syslog-ng suricata

asked Jul 27 '23 at 12:48

19mike95

Prev 1 2 3

…

18 19 Next