Skip to main content

Questions tagged [syslog-ng]

The syslog-ng application is a flexible and highly scalable system logging application that is ideal for creating centralized and trusted logging solutions.

Filter by
Sorted by
Tagged with
8 votes
2 answers
1k views

How to configure a log aggregator to authenticate data?

Background: Remote log aggregation is regarded as a way to improve security. Generally, this addresses the risk that an attacker who compromises a system can edit or delete logs to frustrate forensic ...
Tim Otten's user avatar
  • 183
7 votes
2 answers
5k views

Avoiding log noise from cron jobs - with syslog-ng rather than syslog

On my small Debian squeeze web server, I have syslog-ng installed (not syslogd, like in this question). Generally, my logs are nice and quiet, with -- MARK -- lines. My /var/log/syslog, however, is ...
einpoklum's user avatar
  • 1,744
6 votes
1 answer
7k views

How are filters combined in syslog-ng?

If I've got an entry in syslog-ng log { source (src); filter (filter1); filter (filter2); filter (filter3); filter (filter4); destination (all_log) } And, say filter4 is a very ...
Peter Turner's user avatar
  • 2,350
6 votes
1 answer
5k views

Permission denied when opening file as root with mode 777

I'm attempting to install and run syslog-ng but I'm blocked with the following error. Error opening configuration file; filename='/etc/syslog-ng/syslog-ng.conf', error='Permission denied (13)' I'm ...
Sarge's user avatar
  • 189
6 votes
2 answers
8k views

syslog-ng on Solaris 10 (how to install and configure)

If anyone has got syslog-ng working on Solaris 10, do you have a set of instructions I could follow to get it installed and working? I tried following this http://opensystems.wordpress.com/2006/06/01/...
NickB's user avatar
  • 273
5 votes
1 answer
8k views

Error setting capabilities, capability management disabled;

root@monitor:/opt/observium# service syslog-ng restart Stopping system logging: syslog-ng. Starting system logging: syslog-ngsyslog-ng: Error setting capabilities, capability management disabled; ...
Tiffany Walker's user avatar
5 votes
4 answers
10k views

An alternative to /usr/bin/logger for getting logs from Apache to syslog-ng

We currently use logger to get our Apache access logs to syslog-ng with a line like this one in each vhost: CustomLog "|/usr/bin/logger -p local1.info -t www_main" combined It seems that almost ...
Ladadadada's user avatar
  • 26.9k
5 votes
3 answers
6k views

Software to send windows notification eventlogs to linux syslog server and encode to utf8

I am trying to setup a windows 2008 server so it's able to send the eventlog messages to an syslog-ng server running linux. I'd prefer something native but I guess it won't be possible. UPDATE The ...
aseques's user avatar
  • 709
5 votes
1 answer
3k views

How can I run a shell script on a snort alert?

I have snort listening to the SPAN port of a cisco switch. I'd like to be able to add an iptables DROP rule on my webserver for specific snort alerts but having a hard time finding out exactly how to ...
Server Fault's user avatar
  • 3,804
5 votes
1 answer
12k views

Forwarding rsyslog to syslog-ng, with FQDN and facility separation

I'm attempting to configure my rsyslog clients to forward messages to my syslog-ng log repository systems. Forwarding messages works "out of the box", but my clients are logging short names, not ...
Joshua Miller's user avatar
5 votes
0 answers
1k views

How do you use patterndb variables in syslog-ng?

I'd like to parse some custom (network appliance) syslog files to create my own formatted output. As I am new to syslog-ng & patterndb I have been trying to build an example using the ...
Nick's user avatar
  • 51
4 votes
3 answers
7k views

Syslog-ng: how to log severity/facility?

Here is the system: SUSE Linux Enterprise Server 10 syslog-ng with predefined syslog-ng.conf messages in /var/log/messages look like: Feb 8 09:29:53 sles1 sshd[17529]: Accepted keyboard-interactive/...
user31462's user avatar
4 votes
2 answers
11k views

iptables logging to diferent file via syslog-ng

I have the following configuration in my iptables and syslog files: IPTABLES -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT -A INPUT -p tcp -m ...
rahrahruby's user avatar
4 votes
1 answer
675 views

syslog-ng: Switch logs on demand

How can I tell syslog-ng that I would like to switch the logfiles. I'm looking for a command or signal to tell syslog-ng to perform a logswitch. A search of the documentation and FAQ did not come up ...
markus_b's user avatar
  • 381
4 votes
1 answer
434 views

How is "kernel.*" syslog spoofing prevented?

I'm finding instances of syslog-ng writing out garbage followed by a blank kernel.emerg line in one of our production environments. Example of one: Dec 21 00:14:56 someserver [syslog-ng.err] Error ...
Andrew B's user avatar
  • 33.2k
3 votes
8 answers
4k views

How best to monitor and alert on the absence of an event in the logs?

With logs getting captured in syslog-ng, I'd like to be able to automatically monitor the logs and receive an alert if NO log events appear that match a certain criteria. For instance, for a ...
Matt V.'s user avatar
  • 837
3 votes
2 answers
2k views

How to redirect third party logs to log server in Centos

I want to setup a simple log server to accept logs from all clients. I am not talking about standard system logs such as /var/log/mail , message, boot etc. I want to redirect or send application logs ...
chandank's user avatar
  • 857
3 votes
2 answers
9k views

Install syslog-ng on RHEL 7

I'm very surprised at how much trouble this is giving me. I have a RHEL 7 machine I'm trying to install syslog-ng on. I added the EPEL repository, I get the following output: # yum install syslog-ng....
Peter's user avatar
  • 143
3 votes
2 answers
2k views

Syslog-ng 3.0 %95CPU usage?

I am using syslog-ng 3.0 in my machines. There is one machine, which gets logs from other three machines. But lately, when I use top to monitor cpu usage (in the main one), I see syslog-ng uses appr....
0xmtn's user avatar
  • 360
3 votes
3 answers
3k views

How to collect logs with syslog-ng from www servers in dmz and send them to server behind firewall(NAT). Can Zabbix proxy solve this?

I have several www servers in DMZ. My monitoring and log gathering server lays in my LAN. There is no comunication like WWW server in DMZ ----> monitor server in LAN. I can connect DMZ from my ...
B14D3's user avatar
  • 5,278
3 votes
2 answers
25k views

Excluding some messages from syslog-ng

I'm trying to exclude some messages from being logged by syslog-ng, such as this LDAP log entry: Sep 18 15:18:34 myserver slapd[9682]: conn=1043 op=24 SEARCH RESULT tag=101 err=0 nentries=1 text= I'...
ricksebak's user avatar
3 votes
2 answers
16k views

Can a hostname be added to syslog-ng?

How can syslog-ng be configured to send both the hostname and the IP address. Currently, logs are sent with the IP address of the device/machine, but we want to add the hostname so I could keep my ip ...
Ed Gl's user avatar
  • 143
3 votes
1 answer
3k views

How can I compare ${HOST} and ${HOST_FROM} (or why ${HOST} != ${HOST})?

I have a setup which can be summarized as follow: service --> syslog-ng relay --> syslog-ng server On the syslog-ng server, I would have the log organized as follow: /var/log/ ----> syslog-...
WhiteWinterWolf's user avatar
3 votes
2 answers
611 views

Zensyslog Clear Events

I've hooked up Zenoss' Zensyslog so that messages from a distributed list of client machines are all conglomerated into events on the Zenoss server. This is all fantastic, and I can bump messages by ...
Stefan Mai's user avatar
3 votes
3 answers
3k views

Filtering bad requests from Apache -> logger -> rsyslog to syslog-ng on a remote logging server possible?

EDIT: Thanks for the help Here is a quick idea of the setup: webserver X In apache httpd.conf: LogFormat "%v %h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" vcombined CustomLog "|/...
zeyus's user avatar
  • 33
3 votes
0 answers
2k views

Sending certain logs to a remote syslog-ng server

I am unable to send /var/log/audit/audit.log to remote server. I have tried below methods but no luck. After done below configuration am not able to restart the syslog-ng service. syslog-ng version ...
user210034's user avatar
3 votes
2 answers
2k views

Getting syslog-ng to recognize a java stacktrace

We are using the log4j SyslogAppender to send our logging statements to syslog-ng. Once the messages are in syslog-ng, we are having trouble getting syslog-ng to recognize that a stacktrace goes with ...
Matt Campbell's user avatar
2 votes
3 answers
2k views

Is there a reason to use /dev/lognull instead of /dev/null when logging with syslog-ng?

At my office I recently wondered aloud to all, "Why shouldn't these logs be redirected to /dev/null instead of /dev/lognull?" I was told that there is (or was) a reason, but no one could remember it. ...
thepocketwade's user avatar
2 votes
1 answer
7k views

How could I send the windows eventlog to the network logging of a linux server?

In Windows, I am using the "Eventlog to Syslog" utility to send event logs to the Linux syslog server (syslog-ng). But I am can't do the same with some log files, especially in the case of the IIS log....
Arun's user avatar
  • 93
2 votes
2 answers
890 views

syslog-ng mongodb plugin configuration

I am using syslog-ng's mongodb plugin and it works great, but I can't find a way to customize the format of the saved log entries ("DATE", "FACILITY",...). Does anyone know how to do this? All ...
johndodo's user avatar
  • 125
2 votes
2 answers
344 views

How to tell syslog-ng to ignore source files if they are absent

I'm trying to deploy a standard configuration file for syslog-ng on multiple linux servers. My infrastructure includes many services (apache, confluence, ...) with log file located at various places. ...
Suffren's user avatar
  • 29
2 votes
1 answer
8k views

syslog-ng and nginx logs to mysql

So couple of days ago I asked how to log php and nginx logs to centralized MySQL database, and m0ntassar gave a perfect answer :) cheer ! The problem I am facing now is that I can not seem to get it ...
Katafalkas's user avatar
2 votes
2 answers
467 views

Managing and configuring syslog-ng for very large logs

I have the logs traditionally kept in /var/log/ piped through syslog-ng. The logs can reach to the terabyte size on a daily basis. In order to make them more manageable. I would like break them out ...
Thomas Vincent's user avatar
2 votes
1 answer
5k views

Forwarding from rsyslog to syslog-ng over TCP not working (although packets are reaching server)

We use syslog-ng on our central syslog server (syslog-ng-2.1.4-9.el5 on CentOS 5.9). We were happily sending logs using syslogd and rsyslog from a mixture of Linux and Solaris hosts over UDP until ...
Paul Haldane's user avatar
  • 4,557
2 votes
2 answers
246 views

Puppet language configuration file editing

I am trying to create a puppet recipe for a log server and client using syslog-ng. I know I can have custom configuration files using template erb files and replace certain variables in the erb files. ...
chandank's user avatar
  • 857
2 votes
1 answer
2k views

Moving from syslog.conf to syslogng.conf

I'm moving a Solaris box from syslogd to syslog-ng, because the Solaris version of syslogd obliterates the original source hostname on the logs. I'm looking through the syslogng.conf documentation, ...
coding_hero's user avatar
2 votes
1 answer
2k views

syslog-ng doesn't parse messages

I'm trying to set up syslog-ng to properly parse RFC5424-compilant messages, thus far, with little success. According to the syslog-ng documentation, The syslog-ng OSE application can automatically ...
Lacek's user avatar
  • 7,483
2 votes
1 answer
2k views

How to format log data before forwarding them as JSON to elasticsearch?

I log all events on a system to a JSON file via syslog-ng: destination d_json { file("/var/log/all_syslog_in_json.log" perm(0666) template("{\"@timestamp\": \"$ISODATE\", \"facility\": \"$FACILITY\", ...
WoJ's user avatar
  • 3,677
2 votes
1 answer
432 views

Is someone trying to hack into my VPS? [duplicate]

I was browsing my logs on papertail and I saw this. Jun 03 03:26:01 /USR/SBIN/CRON: (root) CMD (test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.daily )) Jun 03 03:26:...
Jakub Doležal's user avatar
2 votes
2 answers
316 views

How to collect logs for statistics in site?

I want to collect logs from nginx ( several servers, 1 000 000 lines in logs for minute for all servers ) to central stat server for statistics processing. I see 2 variants: write logs to local log ...
Bdfy's user avatar
  • 181
2 votes
1 answer
1k views

Syslog-NG Error processing log message using IETF format

we've just changed our logging application on our AS/400 partitions and are now using a product called PowerTech SIEM agent for IBM I The tool used to format messages using the old syslog convention ...
olivierg's user avatar
  • 544
2 votes
1 answer
5k views

Syslog-ng Time Format & Time Zone

I'm currently using a fairly old version of syslog-ng, 2.1.4, and yes I know I need to update it as soon as possible, but for now I need help on modifying the date/time format and time zone. ...
Eric's user avatar
  • 1,393
2 votes
1 answer
5k views

Avoid logging in /var/log/syslog only using /etc/syslog-ng/conf.d/

How to tell syslog to send custom app's logs to a separate file and NOT into /var/log/syslog WITHOUT changing /etc/syslog-ng/syslog-ng.conf ? I have a custom application that sends messages to syslog'...
gr0bz's user avatar
  • 53
2 votes
1 answer
186 views

Capture only certain logs with syslong-NG

I'm new to Syslog-ng. sofar I deployed it and it is running fine pushing some logs to MongoDB. Now, what I really want to do is push some logs (e.g. /var/log/secure) to MongoDb while pushing some ...
Klaus's user avatar
  • 21
2 votes
1 answer
4k views

How does syslog-ng handles flush_lines(0)?

I wanted to make sure my syslog-ng was doing async logging. Reading through the documentation I see the flush_lines() option for file() destinations, if unspecified, will use the global default. Then ...
Luke404's user avatar
  • 5,918
2 votes
2 answers
2k views

syslog-ng working as foreground process but not as daemon

I'm working to implement syslog-ng OSE in my environment. Eventually I'd like to setup a central logging server, but in order to get my feet wet, I'm starting with a simple configuration. I've ...
NevDull's user avatar
  • 21
2 votes
1 answer
2k views

Syslog-ng service hanging on restart

I've been a long time lurker of the site but this is my first question. So please let me know if there are any issues with my post. Two of the servers in our Ubuntu server farm (25+ machines) take a ...
EugeneRomero's user avatar
2 votes
1 answer
2k views

Linux logger doesn't write tags to log files?

I have a problem with logger command. After upgrading syslog-ng to 3.3th version (maybe it is not directly depend on it), logger (using command below) doesn't log tag names: logger -t "BLABLA" ...
0xmtn's user avatar
  • 360
2 votes
1 answer
449 views

using syslog-ng and patterndb, how do I specify an "empty" pattern?

When I receive kernel traces in my logs, the last line is empty. I'd like to filter/ignore these empty kernel messages using syslog-ng and patterndb. Here is the pattern I have so far that is not ...
EdwardTeach's user avatar
2 votes
1 answer
14k views

How to write logs in JSON format?

I want to centralize logging on my servers using syslog-ng which will write a JSON-formatted line to a file, which in turn will be picked up by logstash, which will forward it to elasticsearch. This ...
WoJ's user avatar
  • 3,677

1
2 3 4 5