<div dir="ltr"><div>Hi,</div><div><br></div><div>The source declaration seems to be all right. If it still does not work, just a few more ideas what to check:</div><div><br></div><div>- make sure, that this source is actually used in a log path (other way it is not used)<br></div><div>- if you use SELinux, set it to permissive mode temporarily (setenforce 0)</div><div>- make sure that your firewall does not block it</div><div>- the syslog() source is for RFC5424 logs, make sure that you send your logs using this protocol version</div><div><br></div><div>Have a nice weekend!</div><div><br></div><div>Bye,<br></div><div><br></div><div><div><div dir="ltr" class="gmail_signature" data-smartmail="gmail_signature">Peter Czanik (CzP) <<a href="mailto:peter.czanik@balabit.com" target="_blank">peter.czanik@balabit.com</a>><br>Balabit (a OneIdentity company) / syslog-ng upstream<br><a href="https://syslog-ng.com/community/" target="_blank">https://syslog-ng.com/community/</a><br><a href="https://twitter.com/PCzanik" target="_blank">https://twitter.com/PCzanik</a></div></div><br></div></div><br><div class="gmail_quote"><div dir="ltr">On Sat, Nov 3, 2018 at 10:01 AM Fosiul Alam <<a href="mailto:fosiul@gmail.com">fosiul@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div dir="ltr">Hi<div>Thanks, </div><div>i have changed this to </div><div>source s_net { syslog(ip(192.168.1.13) port(514) transport("tcp")); };<br></div><div><br></div><div>still it does not listen to 514 or 601</div><div><br></div><div>do i need to do anthing in the config file to make it activate ? </div><div><br></div><div><br></div></div></div><br><div class="gmail_quote"><div dir="ltr">On Fri, Nov 2, 2018 at 9:18 PM Péter, Kókai <<a href="mailto:peter.kokai@oneidentity.com" target="_blank">peter.kokai@oneidentity.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span>Hello,</span><div><br></div><div>The syslog source by default listening on 601 port, you could change that with port(514) if you want to.</div><div><br></div><div>See the admin guide: <a href="https://www.syslog-ng.com/technical-documents/doc/syslog-ng-open-source-edition/3.16/administration-guide/23#TOPIC-956472" target="_blank">https://www.syslog-ng.com/technical-documents/doc/syslog-ng-open-source-edition/3.16/administration-guide/23#TOPIC-956472</a></div><div><br></div><div><br></div><div>--</div><div>Kokan<br><br><div class="gmail_quote"><div dir="ltr">On Fri, 2 Nov 2018, 7:29 pm Fosiul Alam, <<a href="mailto:fosiul@gmail.com" target="_blank">fosiul@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr">Hello<br>i have installed syslog-ng in our ubuntu server with version : 3.13</div><div dir="ltr"><div><br></div><div>its running fine, I am using the default syslog-ng file and i have change this line as per documentation </div><div><br></div><div>source s_net { syslog(ip(192.168.1.19) transport("tcp")); };<br></div><div><br></div><div>but its not listing on port 514</div><div><br></div><div>What Do i have to do make it listen ?</div><div><br></div><div>Thanks for the help</div><div><br></div><div><br></div><div><br></div><div><br></div><div><br></div><div><div>● syslog-ng.service - System Logger Daemon</div><div> Loaded: loaded (/lib/systemd/system/syslog-ng.service; enabled; vendor preset: enabled)</div><div> Active: active (running) since Fri 2018-11-02 18:22:46 UTC; 4min 5s ago</div><div> Docs: man:syslog-ng(8)</div><div> Main PID: 16470 (syslog-ng)</div><div> Tasks: 1 (limit: 2361)</div><div> CGroup: /system.slice/syslog-ng.service</div><div> └─16470 /usr/sbin/syslog-ng -F</div><div><br></div><div>Nov 02 18:22:46 syslog systemd[1]: Starting System Logger Daemon...</div><div>Nov 02 18:22:46 syslog systemd[1]: Started System Logger Daemon.</div></div></div></div></div></div><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div><div><br></div><div><br></div>-- <br><div dir="ltr" class="m_8886699239782949219m_5957009627078044265m_-3037436785505821643gmail_signature"><div dir="ltr">Regards<br>Fosiul Alam<br><br></div></div></div></div></div></div></div>
______________________________________________________________________________<br>
Member info: <a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" rel="noreferrer" target="_blank">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a><br>
Documentation: <a href="http://www.balabit.com/support/documentation/?product=syslog-ng" rel="noreferrer" target="_blank">http://www.balabit.com/support/documentation/?product=syslog-ng</a><br>
FAQ: <a href="http://www.balabit.com/wiki/syslog-ng-faq" rel="noreferrer" target="_blank">http://www.balabit.com/wiki/syslog-ng-faq</a><br>
<br>
</blockquote></div></div>
______________________________________________________________________________<br>
Member info: <a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" rel="noreferrer" target="_blank">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a><br>
Documentation: <a href="http://www.balabit.com/support/documentation/?product=syslog-ng" rel="noreferrer" target="_blank">http://www.balabit.com/support/documentation/?product=syslog-ng</a><br>
FAQ: <a href="http://www.balabit.com/wiki/syslog-ng-faq" rel="noreferrer" target="_blank">http://www.balabit.com/wiki/syslog-ng-faq</a><br>
<br>
</blockquote></div><br clear="all"><div><br></div>-- <br><div dir="ltr" class="m_8886699239782949219gmail_signature" data-smartmail="gmail_signature"><div dir="ltr">Regards<br>Fosiul Alam<br><br></div></div>
______________________________________________________________________________<br>
Member info: <a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" rel="noreferrer" target="_blank">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a><br>
Documentation: <a href="http://www.balabit.com/support/documentation/?product=syslog-ng" rel="noreferrer" target="_blank">http://www.balabit.com/support/documentation/?product=syslog-ng</a><br>
FAQ: <a href="http://www.balabit.com/wiki/syslog-ng-faq" rel="noreferrer" target="_blank">http://www.balabit.com/wiki/syslog-ng-faq</a><br>
<br>
</blockquote></div>