Questions tagged [syslog-ng]
The syslog-ng application is a flexible and highly scalable system logging application that is ideal for creating centralized and trusted logging solutions.
196
questions
8
votes
2
answers
1k
views
How to configure a log aggregator to authenticate data?
Background: Remote log aggregation is regarded as a way to improve security. Generally, this addresses the risk that an attacker who compromises a system can edit or delete logs to frustrate forensic ...
- 183
6
votes
2
answers
4k
views
Avoiding log noise from cron jobs - with syslog-ng rather than syslog
On my small Debian squeeze web server, I have syslog-ng installed (not syslogd, like in this question). Generally, my logs are nice and quiet, with
-- MARK --
lines. My /var/log/syslog, however, is ...
- 1,672
6
votes
1
answer
4k
views
Permission denied when opening file as root with mode 777
I'm attempting to install and run syslog-ng but I'm blocked with the following error.
Error opening configuration file; filename='/etc/syslog-ng/syslog-ng.conf', error='Permission denied (13)'
I'm ...
- 189
6
votes
2
answers
8k
views
syslog-ng on Solaris 10 (how to install and configure)
If anyone has got syslog-ng working on Solaris 10, do you have a set of instructions I could follow to get it installed and working?
I tried following this http://opensystems.wordpress.com/2006/06/01/...
- 273
5
votes
4
answers
10k
views
An alternative to /usr/bin/logger for getting logs from Apache to syslog-ng
We currently use logger to get our Apache access logs to syslog-ng with a line like this one in each vhost:
CustomLog "|/usr/bin/logger -p local1.info -t www_main" combined
It seems that almost ...
- 26.4k
5
votes
3
answers
6k
views
Software to send windows notification eventlogs to linux syslog server and encode to utf8
I am trying to setup a windows 2008 server so it's able to send the eventlog messages to an syslog-ng server running linux. I'd prefer something native but I guess it won't be possible.
UPDATE
The ...
- 718
5
votes
1
answer
6k
views
How are filters combined in syslog-ng?
If I've got an entry in syslog-ng
log {
source (src);
filter (filter1);
filter (filter2);
filter (filter3);
filter (filter4);
destination (all_log)
}
And, say filter4 is a very ...
- 2,198
5
votes
1
answer
3k
views
How can I run a shell script on a snort alert?
I have snort listening to the SPAN port of a cisco switch. I'd like to be able to add an iptables DROP rule on my webserver for specific snort alerts but having a hard time finding out exactly how to ...
- 3,732
5
votes
1
answer
12k
views
Forwarding rsyslog to syslog-ng, with FQDN and facility separation
I'm attempting to configure my rsyslog clients to forward messages to my syslog-ng log repository systems. Forwarding messages works "out of the box", but my clients are logging short names, not ...
- 1,388
5
votes
0
answers
1k
views
How do you use patterndb variables in syslog-ng?
I'd like to parse some custom (network appliance) syslog files to create my own formatted output.
As I am new to syslog-ng & patterndb I have been trying to build an example using the ...
- 51
4
votes
3
answers
7k
views
Syslog-ng: how to log severity/facility?
Here is the system:
SUSE Linux Enterprise Server 10
syslog-ng with predefined syslog-ng.conf
messages in /var/log/messages look like:
Feb 8 09:29:53 sles1 sshd[17529]: Accepted keyboard-interactive/...
- 77
4
votes
1
answer
8k
views
Error setting capabilities, capability management disabled;
root@monitor:/opt/observium# service syslog-ng restart
Stopping system logging: syslog-ng.
Starting system logging: syslog-ngsyslog-ng: Error setting capabilities, capability management disabled; ...
- 6,681
4
votes
2
answers
10k
views
iptables logging to diferent file via syslog-ng
I have the following configuration in my iptables and syslog files:
IPTABLES
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -p tcp -m ...
- 587
4
votes
1
answer
664
views
syslog-ng: Switch logs on demand
How can I tell syslog-ng that I would like to switch the logfiles.
I'm looking for a command or signal to tell syslog-ng to perform a logswitch. A search of the documentation and FAQ did not come up ...
- 371
4
votes
1
answer
424
views
How is "kernel.*" syslog spoofing prevented?
I'm finding instances of syslog-ng writing out garbage followed by a blank kernel.emerg line in one of our production environments. Example of one:
Dec 21 00:14:56 someserver [syslog-ng.err] Error ...
- 32.8k
3
votes
2
answers
2k
views
How to redirect third party logs to log server in Centos
I want to setup a simple log server to accept logs from all clients. I am not talking about standard system logs such as /var/log/mail , message, boot etc. I want to redirect or send application logs ...
- 867
3
votes
8
answers
3k
views
How best to monitor and alert on the absence of an event in the logs?
With logs getting captured in syslog-ng, I'd like to be able to automatically monitor the logs and receive an alert if NO log events appear that match a certain criteria. For instance, for a ...
- 837
3
votes
2
answers
8k
views
Install syslog-ng on RHEL 7
I'm very surprised at how much trouble this is giving me.
I have a RHEL 7 machine I'm trying to install syslog-ng on. I added the EPEL repository, I get the following output:
# yum install syslog-ng....
- 143
3
votes
2
answers
2k
views
Syslog-ng 3.0 %95CPU usage?
I am using syslog-ng 3.0 in my machines. There is one machine, which gets logs from other three machines. But lately, when I use top to monitor cpu usage (in the main one), I see syslog-ng uses appr....
- 360
3
votes
3
answers
2k
views
How to collect logs with syslog-ng from www servers in dmz and send them to server behind firewall(NAT). Can Zabbix proxy solve this?
I have several www servers in DMZ. My monitoring and log gathering server lays in my LAN. There is no comunication like
WWW server in DMZ ----> monitor server in LAN.
I can connect DMZ from my ...
- 5,208
3
votes
2
answers
23k
views
Excluding some messages from syslog-ng
I'm trying to exclude some messages from being logged by syslog-ng, such as this LDAP log entry:
Sep 18 15:18:34 myserver slapd[9682]: conn=1043 op=24 SEARCH RESULT tag=101 err=0 nentries=1 text=
I'...
- 95
3
votes
2
answers
15k
views
Can a hostname be added to syslog-ng?
How can syslog-ng be configured to send both the hostname and the IP address. Currently, logs are sent with the IP address of the device/machine, but we want to add the hostname so I could keep my ip ...
- 143
3
votes
1
answer
3k
views
How can I compare ${HOST} and ${HOST_FROM} (or why ${HOST} != ${HOST})?
I have a setup which can be summarized as follow:
service --> syslog-ng relay --> syslog-ng server
On the syslog-ng server, I would have the log organized as follow:
/var/log/ ----> syslog-...
- 268
3
votes
2
answers
608
views
Zensyslog Clear Events
I've hooked up Zenoss' Zensyslog so that messages from a distributed list of client machines are all conglomerated into events on the Zenoss server. This is all fantastic, and I can bump messages by ...
- 322
3
votes
3
answers
3k
views
Filtering bad requests from Apache -> logger -> rsyslog to syslog-ng on a remote logging server possible?
EDIT: Thanks for the help
Here is a quick idea of the setup:
webserver X
In apache httpd.conf:
LogFormat "%v %h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" vcombined
CustomLog "|/...
- 33
3
votes
0
answers
2k
views
Sending certain logs to a remote syslog-ng server
I am unable to send /var/log/audit/audit.log to remote server.
I have tried below methods but no luck.
After done below configuration am not able to restart the syslog-ng service.
syslog-ng version ...
- 31
3
votes
2
answers
2k
views
Getting syslog-ng to recognize a java stacktrace
We are using the log4j SyslogAppender to send our logging statements to syslog-ng. Once the messages are in syslog-ng, we are having trouble getting syslog-ng to recognize that a stacktrace goes with ...
- 183
2
votes
1
answer
7k
views
How could I send the windows eventlog to the network logging of a linux server?
In Windows, I am using the "Eventlog to Syslog" utility to send event logs to the Linux syslog server (syslog-ng). But I am can't do the same with some log files, especially in the case of the IIS log....
- 93
2
votes
2
answers
880
views
syslog-ng mongodb plugin configuration
I am using syslog-ng's mongodb plugin and it works great, but I can't find a way to customize the format of the saved log entries ("DATE", "FACILITY",...). Does anyone know how to do this?
All ...
- 125
2
votes
3
answers
2k
views
Is there a reason to use /dev/lognull instead of /dev/null when logging with syslog-ng?
At my office I recently wondered aloud to all, "Why shouldn't these logs be redirected to /dev/null instead of /dev/lognull?" I was told that there is (or was) a reason, but no one could remember it. ...
- 1,545
2
votes
1
answer
8k
views
syslog-ng and nginx logs to mysql
So couple of days ago I asked
how to log php and nginx logs to centralized MySQL database, and m0ntassar gave a perfect answer :) cheer !
The problem I am facing now is that I can not seem to get it ...
- 523
2
votes
2
answers
385
views
Managing and configuring syslog-ng for very large logs
I have the logs traditionally kept in /var/log/ piped through syslog-ng. The logs can reach to the terabyte size on a daily basis. In order to make them more manageable. I would like break them out ...
- 1,110
2
votes
1
answer
5k
views
Forwarding from rsyslog to syslog-ng over TCP not working (although packets are reaching server)
We use syslog-ng on our central syslog server (syslog-ng-2.1.4-9.el5 on CentOS 5.9). We were happily sending logs using syslogd and rsyslog from a mixture of Linux and Solaris hosts over UDP until ...
- 4,527
2
votes
2
answers
243
views
Puppet language configuration file editing
I am trying to create a puppet recipe for a log server and client using syslog-ng. I know I can have custom configuration files using template erb files and replace certain variables in the erb files. ...
- 867
2
votes
1
answer
2k
views
Moving from syslog.conf to syslogng.conf
I'm moving a Solaris box from syslogd to syslog-ng, because the Solaris version of syslogd obliterates the original source hostname on the logs. I'm looking through the syslogng.conf documentation, ...
- 241
2
votes
1
answer
2k
views
syslog-ng doesn't parse messages
I'm trying to set up syslog-ng to properly parse RFC5424-compilant messages, thus far, with little success. According to the syslog-ng documentation,
The syslog-ng OSE application can automatically ...
- 7,313
2
votes
1
answer
2k
views
How to format log data before forwarding them as JSON to elasticsearch?
I log all events on a system to a JSON file via syslog-ng:
destination d_json { file("/var/log/all_syslog_in_json.log" perm(0666) template("{\"@timestamp\": \"$ISODATE\", \"facility\": \"$FACILITY\", ...
- 3,607
2
votes
1
answer
417
views
Is someone trying to hack into my VPS? [duplicate]
I was browsing my logs on papertail and I saw this.
Jun 03 03:26:01 /USR/SBIN/CRON: (root) CMD (test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.daily ))
Jun 03 03:26:...
2
votes
2
answers
313
views
How to collect logs for statistics in site?
I want to collect logs from nginx ( several servers, 1 000 000 lines in logs for minute for all servers ) to central stat server for statistics processing.
I see 2 variants:
write logs to local log ...
- 181
2
votes
1
answer
1k
views
Syslog-NG Error processing log message using IETF format
we've just changed our logging application on our AS/400 partitions and are now using a product called PowerTech SIEM agent for IBM I
The tool used to format messages using the old syslog convention ...
- 524
2
votes
1
answer
5k
views
Syslog-ng Time Format & Time Zone
I'm currently using a fairly old version of syslog-ng, 2.1.4, and yes I know I need to update it as soon as possible, but for now I need help on modifying the date/time format and time zone.
...
- 1,393
2
votes
1
answer
4k
views
Avoid logging in /var/log/syslog only using /etc/syslog-ng/conf.d/
How to tell syslog to send custom app's logs to a separate file and NOT into /var/log/syslog WITHOUT changing /etc/syslog-ng/syslog-ng.conf ?
I have a custom application that sends messages to syslog'...
- 53
2
votes
1
answer
185
views
Capture only certain logs with syslong-NG
I'm new to Syslog-ng. sofar I deployed it and it is running fine pushing some logs to MongoDB. Now, what I really want to do is push some logs (e.g. /var/log/secure) to MongoDb while pushing some ...
- 21
2
votes
1
answer
3k
views
How does syslog-ng handles flush_lines(0)?
I wanted to make sure my syslog-ng was doing async logging.
Reading through the documentation I see the flush_lines() option for file() destinations, if unspecified, will use the global default. Then ...
- 5,826
2
votes
2
answers
2k
views
syslog-ng working as foreground process but not as daemon
I'm working to implement syslog-ng OSE in my environment. Eventually I'd like to setup a central logging server, but in order to get my feet wet, I'm starting with a simple configuration. I've ...
- 21
2
votes
1
answer
2k
views
Syslog-ng service hanging on restart
I've been a long time lurker of the site but this is my first question. So please let me know if there are any issues with my post.
Two of the servers in our Ubuntu server farm (25+ machines) take a ...
- 125
2
votes
1
answer
2k
views
Linux logger doesn't write tags to log files?
I have a problem with logger command. After upgrading syslog-ng to 3.3th version (maybe it is not directly depend on it), logger (using command below) doesn't log tag names:
logger -t "BLABLA" ...
- 360
2
votes
1
answer
425
views
using syslog-ng and patterndb, how do I specify an "empty" pattern?
When I receive kernel traces in my logs, the last line is empty. I'd like to filter/ignore these empty kernel messages using syslog-ng and patterndb. Here is the pattern I have so far that is not ...
- 632
2
votes
1
answer
12k
views
How to write logs in JSON format?
I want to centralize logging on my servers using syslog-ng which will write a JSON-formatted line to a file, which in turn will be picked up by logstash, which will forward it to elasticsearch. This ...
- 3,607
2
votes
1
answer
17k
views
logrotate configuration on linux to rotate syslog-ng log files correctly
I am having some trouble trying to configure log rotation for some syslog-ng local log files I'm trying to keep.
for some reason, the size is not respected and logs are filling my filesystem quickly.
...
- 524