syslog-ng loghost

Started by mbr89, November 09, 2021, 04:33:24 PM

Previous topic - Next topic
Print
Go Down Pages 1 2
User actions
November 16, 2021, 01:45:49 PM #15
I see. So caveats aside - our conversation started, because I pointed out that with "ip(127.0.0.1)" in your config, the syslog server will not be reachable from the outside. That still stands. You probably need to change that to "ip(0.0.0.0)" if I read the syslog-ng docs correctly.

After restarting the syslog daemon you can check with
Code Select
netstat -na | grep 514
if it is still listening on "127.0.0.1.514" only or if that changed to "*.514" as necessary to send log data to this host.

HTH,
Patrick
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
November 18, 2021, 08:52:30 PM #16
@mbr89
QuoteWithout ip("127.0.0.1")It is not showing up in netstat
hm.
Code Select
syslog( transport("udp") max-connections(8) );
is tested and working source config line ("UDP source with defaults.")
(https://www.syslog-ng.com/technical-documents/doc/syslog-ng-open-source-edition/3.33/administration-guide/26#TOPIC-1663252)
April 12, 2022, 04:10:06 PM #17
You can enable remote logging on syslog-ng like this:

create a file /usr/local/etc/syslog-ng.conf.d/remote.conf with this:
Code Select

source s_network {
    network(
        ip("192.168.1.1")
        transport("udp")
    );
};

destination d_syslog {
file("/var/log/syslog-ng/messages_${HOST}"); };

log { source(s_network); destination(d_syslog); };


# Create the directory
mkdir /var/log/syslog-ng

Stop syslog-ng
pkill -f /usr/local/sbin/syslog-ng

Start syslog-ng
/usr/local/sbin/syslog-ng -f /usr/local/etc/syslog-ng.conf -p /var/run/syslog-ng.pid

If you have a malicious client it can hammer your drive, and too much activity will bog you down.
Print
Go Up Pages 1 2
User actions