Hello,

I’m new to syslog-ng, and I’m having some trouble just getting it to listen on a tcp port. I’ve tried several different configurations. Some of the start up with no error, but a netstat or lsof command shows that there is no open /listening tcp port associated with the process. I’m pretty sure my mistake is basic or fundamental, but I haven’t had much luck finding specific details to resolve this issue; there is a fair amount of material to comb through. I’ve tried several different tutorials.

I want a central log server that accepts logs from multiple sources, so I started by trying to configure it to listen on a tcp port, I’m thinking 514 because we don’t use rshell anywhere, but it doesn’t really matter what port.

The current error I’m getting is:

[root@ip-10-8-41-60 syslog-ng]# service syslog-ng start

Error parsing source, source plugin network not found in /etc/syslog-ng/syslog-ng.conf at line 85, column 2:

network(

^^^^^^^

The section of the config file related to networking is below; I’ve commented out several attempts.

# s_net = Network listener. This is listening on TCP port 514, no UDP

#source s_net { tcp(port(514) max-connections(5000)); udp();};

#source s_net {

# tcp(ip(10.8.41.60) port(514));

#};

#source s_net {

# network(ip(10.8.41.60) port(514));

#};

#source s_network {

# default-network-drivers();

#};

#source s_syslog { syslog(

# ip(10.8.41.60) port(514) transport("tcp")); };

source s_network {

network(

ip("10.8.41.60")

transport("tcp")

listen-backlog(2048)

);

};

There is a line at the top of the file:

@include "scl.conf"

I’ve attached the entire file.

Any guidance would be very much appreciated,

Simon Tyler | Senior Systems Administrator - PathWise Solutions Group
Aon
225 King Street West, Suite 1000 | Toronto, ON M5V 3M2, Canada
t +1.416.263.7755 | m +1.416.564.4855 | f +1.416.979.7724
simon.tyler@aon.com

PLEASE NOTE that my email address has changed to simon.tyler@aon.com