<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<div class="moz-cite-prefix">Hello,<br>
<br>
On 11/06/2018 01:57 PM, Rodney Bizzell wrote:<br>
</div>
<blockquote type="cite"
cite="mid:CABCJT8v8ZLsDY2=hVGfOqQYY+TKCxE1XOVmVaD_LtsveRVBWNA@mail.gmail.com">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<div dir="ltr">If you look to the bottom of the config I have made
changes to source(sys) pointing it to my graylog server. I am
reading through the documentation I am thinking that should send
the logs to graylog server I am just asking I apologize if I
am making assumptions. The documentation isn't always clear, so
I am just asking if I want to send /var/logs to my graylog
server do I need to add a new source for var log?</div>
</blockquote>
<br>
There is no such thing as /var/logs, please be much more precise. It
doesn't make any sense to read back contents of files written by
syslog-ng itself, such potential logging loops should get avoided
anyway. If you've got additional stuff under /var/log (some apps
could log there directly) then you can add these files as sources to
process them by syslog-ng. Your current configuration doesn't
contain such source definitions.<br>
<br>
<blockquote type="cite"
cite="mid:CABCJT8v8ZLsDY2=hVGfOqQYY+TKCxE1XOVmVaD_LtsveRVBWNA@mail.gmail.com">
<div dir="ltr">
<div> <span style="font-family:"Helvetica
Neue";font-size:12px">options {</span></div>
<p class="gmail-p1"
style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:"Helvetica
Neue""><span class="gmail-Apple-converted-space"> </span>flush_lines
(0);</p>
<p class="gmail-p1"
style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:"Helvetica
Neue""><span class="gmail-Apple-converted-space"> </span>time_reopen
(10);</p>
<p class="gmail-p1"
style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:"Helvetica
Neue""><span class="gmail-Apple-converted-space"> </span>log_fifo_size
(250000);</p>
<p class="gmail-p1"
style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:"Helvetica
Neue""><span class="gmail-Apple-converted-space"> </span>chain_hostnames
(off);</p>
<p class="gmail-p1"
style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:"Helvetica
Neue""><span class="gmail-Apple-converted-space"> </span>use_dns
(no);</p>
<p class="gmail-p1"
style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:"Helvetica
Neue""><span class="gmail-Apple-converted-space"> </span>use_fqdn
(no);</p>
<p class="gmail-p1"
style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:"Helvetica
Neue""><span class="gmail-Apple-converted-space"> </span>create_dirs
(no);</p>
<p class="gmail-p1"
style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:"Helvetica
Neue""><span class="gmail-Apple-converted-space"> </span>keep_hostname
(yes);</p>
<p class="gmail-p1"
style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:"Helvetica
Neue"">};</p>
<p class="gmail-p2"
style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:"Helvetica
Neue";min-height:14px"><br>
</p>
<p class="gmail-p1"
style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:"Helvetica
Neue"">source s_sys {</p>
<p class="gmail-p1"
style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:"Helvetica
Neue""><span class="gmail-Apple-converted-space"> </span>system();</p>
<p class="gmail-p1"
style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:"Helvetica
Neue""><span class="gmail-Apple-converted-space"> </span>internal();</p>
<p class="gmail-p1"
style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:"Helvetica
Neue""><span class="gmail-Apple-converted-space"> </span>udp(ip(0.0.0.0)
port(514));</p>
<p class="gmail-p1"
style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:"Helvetica
Neue"">};</p>
<p class="gmail-p2"
style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:"Helvetica
Neue";min-height:14px"><br>
</p>
<p class="gmail-p1"
style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:"Helvetica
Neue"">source s_net {</p>
<p class="gmail-p1"
style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:"Helvetica
Neue"">udp(ip(0.0.0.0) port(514));</p>
<p class="gmail-p1"
style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:"Helvetica
Neue"">tcp(ip(0.0.0.0) port(514) max-connections(256));</p>
<p class="gmail-p1"
style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:"Helvetica
Neue"">};</p>
</div>
</blockquote>
Note: you're using the same udp() source twice (the first occurence
is in the s_sys source) so one of them won't receive messages
<blockquote type="cite"
cite="mid:CABCJT8v8ZLsDY2=hVGfOqQYY+TKCxE1XOVmVaD_LtsveRVBWNA@mail.gmail.com">
<div dir="ltr">
<p class="gmail-p1"
style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:"Helvetica
Neue"">destination d_cons { file("/dev/console"); };</p>
<p class="gmail-p1"
style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:"Helvetica
Neue"">destination d_mesg { file("/var/log/messages"); };</p>
<p class="gmail-p1"
style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:"Helvetica
Neue"">destination d_auth { file("/var/log/secure"); };</p>
<p class="gmail-p1"
style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:"Helvetica
Neue"">destination d_mail { file("/var/log/maillog"
flush_lines(10)); };</p>
<p class="gmail-p1"
style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:"Helvetica
Neue"">destination d_spol { file("/var/log/spooler"); };</p>
<p class="gmail-p1"
style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:"Helvetica
Neue"">destination d_boot { file("/var/log/boot.log"); };</p>
<p class="gmail-p1"
style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:"Helvetica
Neue"">destination d_cron { file("/var/log/cron"); };</p>
<p class="gmail-p1"
style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:"Helvetica
Neue"">destination d_kern { file("/var/log/kern"); };</p>
<p class="gmail-p1"
style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:"Helvetica
Neue"">destination d_mlal { usertty("*"); };</p>
<p class="gmail-p2"
style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:"Helvetica
Neue";min-height:14px"><br>
</p>
<p class="gmail-p2"
style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:"Helvetica
Neue";min-height:14px"><br>
</p>
<p class="gmail-p1"
style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:"Helvetica
Neue"">destination d_graylog {</p>
<p class="gmail-p1"
style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:"Helvetica
Neue"">tcp("graylog.server”</p>
<p class="gmail-p1"
style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:"Helvetica
Neue"">port (12201)</p>
<p class="gmail-p1"
style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:"Helvetica
Neue"">);</p>
<p class="gmail-p1"
style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:"Helvetica
Neue"">};</p>
<p class="gmail-p2"
style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:"Helvetica
Neue";min-height:14px"><br>
</p>
<p class="gmail-p2"
style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:"Helvetica
Neue";min-height:14px"><br>
</p>
<p class="gmail-p1"
style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:"Helvetica
Neue"">filter f_kernel <span
class="gmail-Apple-converted-space"> </span>{
facility(kern); };</p>
<p class="gmail-p1"
style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:"Helvetica
Neue"">filter f_default<span
class="gmail-Apple-converted-space"> </span>{
level(info..emerg) and</p>
<p class="gmail-p1"
style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:"Helvetica
Neue""><span class="gmail-Apple-converted-space">
</span>not (facility(mail)</p>
<p class="gmail-p1"
style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:"Helvetica
Neue""><span class="gmail-Apple-converted-space">
</span>or facility(authpriv)</p>
<p class="gmail-p1"
style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:"Helvetica
Neue""><span class="gmail-Apple-converted-space">
</span>or facility(cron)); };</p>
<p class="gmail-p1"
style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:"Helvetica
Neue"">filter f_auth <span
class="gmail-Apple-converted-space"> </span>{
facility(authpriv); };</p>
<p class="gmail-p1"
style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:"Helvetica
Neue"">filter f_mail <span
class="gmail-Apple-converted-space"> </span>{
facility(mail); };</p>
<p class="gmail-p1"
style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:"Helvetica
Neue"">filter f_emergency<span
class="gmail-Apple-converted-space"> </span>{
level(emerg); };</p>
<p class="gmail-p1"
style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:"Helvetica
Neue"">filter f_news <span
class="gmail-Apple-converted-space"> </span>{
facility(uucp) or</p>
<p class="gmail-p1"
style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:"Helvetica
Neue""><span class="gmail-Apple-converted-space">
</span>(facility(news)</p>
<p class="gmail-p1"
style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:"Helvetica
Neue""><span class="gmail-Apple-converted-space">
</span>and level(crit..emerg)); };</p>
<p class="gmail-p1"
style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:"Helvetica
Neue"">filter f_boot <span
class="gmail-Apple-converted-space"> </span>{
facility(local7); };</p>
<p class="gmail-p1"
style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:"Helvetica
Neue"">filter f_cron <span
class="gmail-Apple-converted-space"> </span>{
facility(cron); };</p>
<p class="gmail-p2"
style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:"Helvetica
Neue";min-height:14px"><br>
</p>
<p class="gmail-p1"
style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:"Helvetica
Neue"">log { source(s_sys); filter(f_kernel);
destination(d_cons); };</p>
<p class="gmail-p1"
style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:"Helvetica
Neue"">log { source(s_sys); filter(f_kernel);
destination(d_kern); };</p>
<p class="gmail-p1"
style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:"Helvetica
Neue"">log { source(s_sys); filter(f_default);
destination(d_mesg); };</p>
<p class="gmail-p1"
style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:"Helvetica
Neue"">log { source(s_sys); filter(f_auth);
destination(d_auth); };</p>
<p class="gmail-p1"
style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:"Helvetica
Neue"">log { source(s_sys); filter(f_mail);
destination(d_mail); };</p>
<p class="gmail-p1"
style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:"Helvetica
Neue"">log { source(s_sys); filter(f_emergency);
destination(d_mlal); };</p>
<p class="gmail-p1"
style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:"Helvetica
Neue"">log { source(s_sys); filter(f_news);
destination(d_spol); };</p>
<p class="gmail-p1"
style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:"Helvetica
Neue"">log { source(s_sys); filter(f_boot);
destination(d_boot); };</p>
<p class="gmail-p1"
style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:"Helvetica
Neue"">log { source(s_sys); filter(f_cron);
destination(d_cron); };</p>
<p class="gmail-p2"
style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:"Helvetica
Neue";min-height:14px"><br>
</p>
<p class="gmail-p2"
style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:"Helvetica
Neue";min-height:14px"><br>
</p>
<p class="gmail-p2"
style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:"Helvetica
Neue";min-height:14px"><br>
</p>
<p class="gmail-p1"
style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:"Helvetica
Neue"">log { source(s_net); destination(d_graylog); };</p>
<p class="gmail-p1"
style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:"Helvetica
Neue"">log { source(s_sys); filter(f_default);
destination(d_graylog);};</p>
<p class="gmail-p1"
style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:"Helvetica
Neue"">log { source(s_sys); filter(f_kernel);
destination(d_graylog); };</p>
<p class="gmail-p1"
style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:"Helvetica
Neue"">log { source(s_sys); filter(f_default);
destination(d_graylog); };</p>
</div>
</blockquote>
Note: the last line is a duplicate of the entry two lines earlier so
will duplicate the data sent to d_graylog so it should get deleted.
Also note that the intersection of the f_kernel and f_default
filters isn't empty so some kernel messages would be sent twice to
d_graylog.<br>
<br>
Regards,<br>
Sandor<br>
<br>
</body>
</html>