Questions tagged [syslog-ng]

The syslog-ng application is a flexible and highly scalable system logging application that is ideal for creating centralized and trusted logging solutions.

The syslog-ng application is a flexible and highly scalable system logging application that is ideal for creating centralized and trusted logging solutions. The main features of syslog-ng are summarized below.

Reliable log transfer: The syslog-ng application enables you to send the log messages of your hosts to remote servers using the latest protocol standards. The logs of different servers can be collected and stored centrally on dedicated log servers. Transferring log messages using the TCP protocol ensures that no messages are lost.
Secure logging using TLS: Log messages may contain sensitive information that should not be accessed by third parties. Therefore, syslog-ng supports the Transport Layer Security (TLS) protocol to encrypt the communication. TLS also allows the mutual authentication of the host and the server using X.509 certificates.
Direct database access: Storing your log messages in a database allows you to easily search and query the messages and interoperate with log analyzing applications. The syslog-ng application supports the following databases: MSSQL, MySQL, Oracle, PostgreSQL, and SQLite.
Heterogeneous environments: The syslog-ng application is the ideal choice to collect logs in massively heterogeneous environments using several different operating systems and hardware platforms, including Linux, Unix, BSD, Sun Solaris, HP-UX, Tru64, and AIX.
Filter and classify: The syslog-ng application can sort the incoming log messages based on their content and various parameters like the source host, application, and priority. Directories, files, and database tables can be created dynamically using macros. Complex filtering using regular expressions and boolean operators offers almost unlimited flexibility to forward only the important log messages to the selected destinations.
Parse and rewrite: The syslog-ng application can segment log messages to named fields or columns, and also modify the values of these fields.
IPv4 and IPv6 support: The syslog-ng application can operate in both IPv4 and IPv6 network environments; it can receive and send messages to both types of networks.

190 questions

votes

2 answers

How to configure a log aggregator to authenticate data?

Background: Remote log aggregation is regarded as a way to improve security. Generally, this addresses the risk that an attacker who compromises a system can edit or delete logs to frustrate forensic analysis. I've been researching security options…

asked Aug 27 '15 at 17:01

Tim Otten

votes

2 answers

Avoiding log noise from cron jobs - with syslog-ng rather than syslog

On my small Debian squeeze web server, I have syslog-ng installed (not syslogd, like in this question). Generally, my logs are nice and quiet, with -- MARK -- lines. My /var/log/syslog, however, is littered with this Sep 23 23:09:01 bookchin…

cron syslog syslog-ng cleanup

asked Sep 27 '12 at 20:26

einpoklum

1,622
3
19
30

votes

1 answer

Permission denied when opening file as root with mode 777

I'm attempting to install and run syslog-ng but I'm blocked with the following error. Error opening configuration file; filename='/etc/syslog-ng/syslog-ng.conf', error='Permission denied (13)' I'm running this with sudo and the file and directory…

permissions chef syslog-ng

asked Sep 01 '11 at 21:24

Sarge

votes

2 answers

syslog-ng on Solaris 10 (how to install and configure)

If anyone has got syslog-ng working on Solaris 10, do you have a set of instructions I could follow to get it installed and working? I tried following this http://opensystems.wordpress.com/2006/06/01/replacing-syslog-on-solaris-10-with-syslog-ng/…

solaris-10 syslog-ng

asked Jan 26 '10 at 10:00

NickB

votes

1 answer

How are filters combined in syslog-ng?

If I've got an entry in syslog-ng log { source (src); filter (filter1); filter (filter2); filter (filter3); filter (filter4); destination (all_log) } And, say filter4 is a very permissive filter and filter3 is a filter to eradicate a…

logging filter syslog-ng

asked Apr 02 '15 at 21:09

Peter Turner

2,048
9
33
45

votes

1 answer

How can I run a shell script on a snort alert?

I have snort listening to the SPAN port of a cisco switch. I'd like to be able to add an iptables DROP rule on my webserver for specific snort alerts but having a hard time finding out exactly how to do that. I'd like the blocking to happen in…

linux iptables syslog-ng snort

asked Dec 11 '14 at 14:53

Server Fault

3,454
7
48
88

votes

0 answers

How do you use patterndb variables in syslog-ng?

I'd like to parse some custom (network appliance) syslog files to create my own formatted output. As I am new to syslog-ng & patterndb I have been trying to build an example using the documentation - my work so far is here:…

syslog syslog-ng

asked Jan 03 '14 at 09:45

Nick

votes

1 answer

Forwarding rsyslog to syslog-ng, with FQDN and facility separation

I'm attempting to configure my rsyslog clients to forward messages to my syslog-ng log repository systems. Forwarding messages works "out of the box", but my clients are logging short names, not FQDNs. As a result the messages on the syslog repo…

rsyslog syslog-ng

asked Oct 30 '13 at 14:31

Joshua Miller

1,368
2
11
14

votes

4 answers

An alternative to /usr/bin/logger for getting logs from Apache to syslog-ng

We currently use logger to get our Apache access logs to syslog-ng with a line like this one in each vhost: CustomLog "|/usr/bin/logger -p local1.info -t www_main" combined It seems that almost every tutorial or advice I can find regarding Apache…

apache-2.2 syslog-ng

asked Nov 10 '11 at 16:41

Ladadadada

25,847
7
57
90

votes

3 answers

Software to send windows notification eventlogs to linux syslog server and encode to utf8

I am trying to setup a windows 2008 server so it's able to send the eventlog messages to an syslog-ng server running linux. I'd prefer something native but I guess it won't be possible. UPDATE The first answer recommended to use snare, so far it's…

linux windows syslog syslog-ng

asked Feb 07 '11 at 16:25

aseques

votes

1 answer

How is "kernel.*" syslog spoofing prevented?

I'm finding instances of syslog-ng writing out garbage followed by a blank kernel.emerg line in one of our production environments. Example of one: Dec 21 00:14:56 someserver [syslog-ng.err] Error processing log message:

rhel5 syslog-ng

asked Dec 21 '13 at 05:57

Andrew B

31,858
12
90
128

votes

1 answer

Error setting capabilities, capability management disabled;

root@monitor:/opt/observium# service syslog-ng restart Stopping system logging: syslog-ng. Starting system logging: syslog-ngsyslog-ng: Error setting capabilities, capability management disabled; error='Operation not…

linux debian kernel syslog syslog-ng

asked Jul 18 '13 at 19:41

Tiffany Walker

6,541
13
53
77

votes

2 answers

iptables logging to diferent file via syslog-ng

I have the following configuration in my iptables and syslog files: IPTABLES -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT -A INPUT -p tcp -m tcp --dport 222 -j ACCEPT -A INPUT -p tcp -m tcp…

syslog-ng

asked Apr 06 '12 at 21:22

rahrahruby

votes

1 answer

syslog-ng: Switch logs on demand

How can I tell syslog-ng that I would like to switch the logfiles. I'm looking for a command or signal to tell syslog-ng to perform a logswitch. A search of the documentation and FAQ did not come up with a solution.

linux syslog-ng

asked Sep 06 '11 at 12:34

markus_b

votes

3 answers

Syslog-ng: how to log severity/facility?

Here is the system: SUSE Linux Enterprise Server 10 syslog-ng with predefined syslog-ng.conf messages in /var/log/messages look like: Feb 8 09:29:53 sles1 sshd[17529]: Accepted keyboard-interactive/pam for root from 10.30.34.64 port 4855…

sles sles10 syslog-ng

asked Feb 08 '10 at 15:04

user31462

2 3

…

12 13 Next