Show Posts
1
21.1 Legacy Series / Permit simultaneous logging to local log files and to remote syslog server
« on: June 12, 2021, 11:08:42 pm »
Team
Thanks so much for making and supporting this great product. I've been using it for a year and this is my first ungoogleable issue...
I'm using 21.1.7 and I'm unable to find a way to export logs to a remote syslog server and also still log to the local files (old clog is disabled), like 'tee'.
I suffer the problem whether I setup syslog-ng export via GUI (on port 514) or via TLS on port 6514 using an additional config file as per https://forum.opnsense.org/index.php?topic=16144.0.
A sledgehammer method I see is to edit /usr/local/etc/syslog-ng.conf's @include "/usr/local/etc/syslog-ng.conf.d/*.conf" to specifically only reference ./myfile.conf not *.conf...
But I can see /usr/local/etc/syslog-ng.conf.d/syslog-ng-local.conf is auto-generated and I would ideally like to keep it and make use of its definitions.
I suspect I'm missing something obvious. My attempts at re-using or re-defining s_all / unix-dgram("/var/run... or log final directives or at using junctions/channels all fail with 'acceptable' errors that I interpret to indicate my ignorance rather than technical issues.
Is anyone able to advise? Thanks so much for your help.
One version of my config is as follows, this results in everything logging to loggly.com remote server (only) and thus leaves my local log files empty from the point the syslog session is established...
Thanks again all. Keep well.
Thanks so much for making and supporting this great product. I've been using it for a year and this is my first ungoogleable issue...
I'm using 21.1.7 and I'm unable to find a way to export logs to a remote syslog server and also still log to the local files (old clog is disabled), like 'tee'.
I suffer the problem whether I setup syslog-ng export via GUI (on port 514) or via TLS on port 6514 using an additional config file as per https://forum.opnsense.org/index.php?topic=16144.0.
A sledgehammer method I see is to edit /usr/local/etc/syslog-ng.conf's @include "/usr/local/etc/syslog-ng.conf.d/*.conf" to specifically only reference ./myfile.conf not *.conf...
But I can see /usr/local/etc/syslog-ng.conf.d/syslog-ng-local.conf is auto-generated and I would ideally like to keep it and make use of its definitions.
I suspect I'm missing something obvious. My attempts at re-using or re-defining s_all / unix-dgram("/var/run... or log final directives or at using junctions/channels all fail with 'acceptable' errors that I interpret to indicate my ignorance rather than technical issues.
Is anyone able to advise? Thanks so much for your help.
One version of my config is as follows, this results in everything logging to loggly.com remote server (only) and thus leaves my local log files empty from the point the syslog session is established...
Code: [Select]
/usr/local/etc/syslog-ng.conf.d/myconfig.conf:
template LogglyFormat { template("<${PRI}>1 ${ISODATE} ${HOST} ${PROGRAM} ${PID} ${MSGID} [REDACTED tag=\"syslog-ng\" ] $MSG\n");
template_escape(no);
};
filter f_loggly_level {
level(warn,err,crit,alert,emerg)
};
destination d_loggly {
tcp("logs-01.loggly.com" port(6514)
tls( peer-verify(required-untrusted))
template(LogglyFormat) );
};
log {
# source(s_loggly);
source(s_all);
filter(f_loggly_level);
destination(d_loggly);
};
Thanks again all. Keep well.