Stack Overflow
Stack Overflow

Questions tagged [syslog-ng]

The syslog-ng application is a flexible and highly scalable system logging application that is ideal for creating centralized and trusted logging solutions.

The syslog-ng application is a flexible and highly scalable system logging application that is ideal for creating centralized and trusted logging solutions. The main features of syslog-ng are summarized below.

  • Reliable log transfer: The syslog-ng application enables you to send the log messages of your hosts to remote servers using the latest protocol standards. The logs of different servers can be collected and stored centrally on dedicated log servers. Transferring log messages using the TCP protocol ensures that no messages are lost.
  • Secure logging using TLS: Log messages may contain sensitive information that should not be accessed by third parties. Therefore, syslog-ng supports the Transport Layer Security (TLS) protocol to encrypt the communication. TLS also allows the mutual authentication of the host and the server using X.509 certificates.
  • Direct database access: Storing your log messages in a database allows you to easily search and query the messages and interoperate with log analyzing applications. The syslog-ng application supports the following databases: MSSQL, MySQL, Oracle, PostgreSQL, and SQLite.
  • Heterogeneous environments: The syslog-ng application is the ideal choice to collect logs in massively heterogeneous environments using several different operating systems and hardware platforms, including Linux, Unix, BSD, Sun Solaris, HP-UX, Tru64, and AIX.
  • Filter and classify: The syslog-ng application can sort the incoming log messages based on their content and various parameters like the source host, application, and priority. Directories, files, and database tables can be created dynamically using macros. Complex filtering using regular expressions and boolean operators offers almost unlimited flexibility to forward only the important log messages to the selected destinations.
  • Parse and rewrite: The syslog-ng application can segment log messages to named fields or columns, and also modify the values of these fields.
  • IPv4 and IPv6 support: The syslog-ng application can operate in both IPv4 and IPv6 network environments; it can receive and send messages to both types of networks.
275 questions
0
votes
0 answers

SSL error while reading stream; tls_error='SSL routines:ssl3_read_bytes:tlsv1 alert unknown , location='/etc/syslog-ng/syslog-ng.conf:40:9'

I have installed syslog-ng for syslog over TLS using the instructions from syslog-ng Open Source Edition 3.16 - Mutual authentication using TLS. I am using my DUT as client and debian PC as syslog server, but when i loading the cacert.pem on my DUT,…
vikas
  • 1
0
votes
0 answers

Why does Syslog-ng still add data when I use no-parse and store-raw-message

So this is my syslog-ng configuration: template raw_log { template("${MESSAGE}\n"); }; source s_eve { network( transport(tls) port(6514) tls( key-file("/etc/syslog-ng/ca.d/privkey.pem") …
19mike95
  • 506
  • 2
  • 4
  • 19
0
votes
0 answers

Syslog-ng doesn't recognize syslog-ng-mod-http (both version 4.2.0-1)

I'm currently trying to set up syslog-ng as a medium between suricata and elasticsearch. According to the syslog-ng-documentation, the latter requires me to use the "elasticsearch-http"-option when defining the destination. And that option requires…
Calvy93
  • 1
0
votes
0 answers

Not able to compile Syslog-ng 3.8.1 on RHEL 8.5. Getting error message after issuing "make". Anyone have this issue?

I have installed the dependencies before building syslog-ng from source. However, I'm getting the compiling error below: make --no-print-directory all-recursive CC lib/lib_libsyslog_ng_la-tlscontext.lo lib/tlscontext.c: In function…
Leonardo
  • 1
0
votes
1 answer

how to syslog-ng to remote facility

i have a host running syslog-ng. it does all it's stuff locally fine (creating log files etc). however, i would like to forward ALL of it's logs to a remote machine - specifically to one facility on the remote machine (local4). i tried playing…
yee379
  • 6,498
  • 10
  • 56
  • 101
0
votes
0 answers

Syslog ng connectivity issue

I am new to syslog ng and wanted to know if there is any way to check the combination of ip, port and protocol configuration for a syslog ng connection? I know that one can check the ip and port, but wasnt sure how to handle scenarios where the ip…
Ninja
  • 1
0
votes
1 answer

Customize JSON formatted syslog messages to have lowercase keys with Syslog-NG

I managed to configure my Syslog-ng v3.38 to receive logs on port 514 and forward them to a remote Kafka topic. I am also adding some custom tags to the messages before sending. So far so good. The default macros such as HOST, FACILITY and others…
Palezvar
  • 15
  • 2
0
votes
0 answers

syslog-ng parser using grouping-by() fails due to syntax error

So, here is a quite mysterious problem regarding syslog-ng and a custom parser, using grouping-by. Here is the parser as defined in the configurations (I left the line numbers to make it easier to identify the error message): 16 parser…
phanxen
  • 21
  • 5
0
votes
0 answers

Relation between Log Stash Output Syslog and Rsyslog server

I have a query in relation to log messages which gets dumped in the configurable file in Rsyslog server via following flow. log event -> Log Transformer component -> Log Stash Output Syslog -> Rsyslog Server Log event is consumed by Log…
Anshul Singhal
  • 1,983
  • 20
  • 25
0
votes
0 answers

Can syslog-ng system/system-journald sources handle journal lines longer than 64kb

I'm running syslog-ng 3.35, and have been doing some experimentation around using the "system" and "system-journald" sources. Using system and system-journald sources, I don't seem to be able to send journal log lines greater than 64kb. I was…
lol
  • 1
  • 1
0
votes
0 answers

how to see client's ip address instead of hostname in remote syslogs

my client machine has syslog-ng and my remote machine has rsyslog configuration. my server/remote machine manages many clients and I need to differentiate which machine is sending which logs. normally I would use syslog-ng on the server side but…
error
  • 1
  • 3
0
votes
0 answers

Why the logs sent to syslog-ng are not saved?

I have an application which I run with docker-compose. Now I'd like to add logging to my application so I added this image to my compose -file: syslog-ng: image: lscr.io/linuxserver/syslog-ng:latest container_name: syslog-ng …
lr_optim
  • 299
  • 1
  • 10
  • 30
0
votes
0 answers

syslog-ng mysql queue's but never writes

I have a mysql destination that is queueing the logs, but never writing them, I have removed explicit-commits which from my understanding is the part that tells it to enable queueing, but it still does not seem to ever write it destination d_sql { …
Tim Holum
  • 697
  • 1
  • 11
  • 24
0
votes
1 answer

syslog-ng mysql TLS 1.1

I am in the process of migrating one of my server's from Ubuntu 18.04 to Ubuntu 22.04, I am copying over my syslog-ng config, and have gotten it to mostly work except for it will not connect to my mysql server ( Currently in need of an upgrade, it…
Tim Holum
  • 697
  • 1
  • 11
  • 24
0
votes
1 answer

extract/filter syslog-ng log on linux

I have configured syslog-ng to receive log from another machine, the logs are coming every minute but contains , how to filter unrequired messages from row data ? Example: date=2021-06-01 time=10:01:01 ABC="1" cde=2 Xyz="aaa" name=UK date=2021-06-01…
arm
  • 1
  • 1
1 2 3
18 19