Re: Syslog-NG Centralized Log Collector

[Timothy M Butterworth <timothy.m.butterworth@gmail.com>]

On Sun, Apr 13, 2025 at 11:00 PM Timothy M Butterworth <timothy.m.butterworth@gmail.com> wrote:

On Sun, Apr 13, 2025 at 10:51 PM Timothy M Butterworth <timothy.m.butterworth@gmail.com> wrote:

On Sun, Apr 13, 2025 at 10:31 PM Timothy M Butterworth <timothy.m.butterworth@gmail.com> wrote:

All,

I modified /etc/syslog-ng/syslog-ng.conf to the following:

########################
# Sources
########################
# Add the following line
source s_net { tcp(ip(0.0.0.0) port(514) max-connections (5000)); udp(); };

########################
# Destinations
########################
# comment out the following line - if  two d_syslog entries are present syslog-ng will fail to start.
# destination d_syslog { file("/var/log/syslog"); };

# Add the following line
# Remote syslog collection
destination d_syslog { file("/var/log/remotelogs/$HOST/syslog"); };

# Create RemoteLogs Directory

mkdir /var/log/remotelogs

ls -la /var/log/
drwxr-xr-x   2 root        root                  4096 Apr 12 17:32 remotelogs

I have multiple Cisco switches configured to log to the Syslog-NG Server but I am not getting any logs. Any ideas? 

I ran a netstat -l -n and there is no socket bound to port 514.

I was missing 

# Add a log statement log {source(s_net); destination(d_syslog);};

 

I added it and restarted the service daemon and it works now.

I spoke too soon. The socket is bound to both TCP and UDP on port 514 and is listening. I am still not having any log messages written to disk though.

 

Thanks

Tim

--

⢀⣴⠾⠻⢶⣦⠀
⣾⠁⢠⠒⠀⣿⡁ Debian - The universal operating system
⢿⡄⠘⠷⠚⠋⠀ https://www.debian.org/
⠈⠳⣄⠀⠀

--

⢀⣴⠾⠻⢶⣦⠀
⣾⠁⢠⠒⠀⣿⡁ Debian - The universal operating system
⢿⡄⠘⠷⠚⠋⠀ https://www.debian.org/
⠈⠳⣄⠀⠀

--

⢀⣴⠾⠻⢶⣦⠀
⣾⠁⢠⠒⠀⣿⡁ Debian - The universal operating system
⢿⡄⠘⠷⠚⠋⠀ https://www.debian.org/
⠈⠳⣄⠀⠀

--

⢀⣴⠾⠻⢶⣦⠀
⣾⠁⢠⠒⠀⣿⡁ Debian - The universal operating system
⢿⡄⠘⠷⠚⠋⠀ https://www.debian.org/
⠈⠳⣄⠀⠀