Syslog-ng experts.

  I am very new to syslog-ng.  I installed syslog-ng on a fresh Redhat 7.3 server.   It defaults working with internal logging.  So I configured my firewall to send syslog with facility set to log_user.  I turned on Wireshark on the syslog-ng server and observed the firewall sending traffic to the server on udp 514. 

 

But the syslog server never created the directory structure and logs.  I disabled the redhat firewall just to eliminate it as a possibility.  Still no logging.  So I don’t know what I am doing wrong at this point. I don’t know if this is a permission problem or some other configuration issue.  I found someone that had posted a very basic syslog-ng configuration for firewalls.  So I copied It into a firewall.conf I put in conf.d.  Can anyone see what might be wrong with it?

 

####################

options {

        create_dirs(yes);

        owner(root);

        group(root);

        perm(0640);

        dir_owner(root);

        dir_group(root);

        dir_perm(0750);

};

 

 

##################################################

source s_udp {

        udp(port(514));

};

 

#Template for a new firewall in the firewalls.conf file

#Entries to be changed: NAMEOFTHEFIREWALL and IPOFTHEFIREWALL

 

##################################################

filter f_NAMEOFTHEFIREWALL {

        host("192.168.30.1");

};

destination d_NAMEOFTHEFIREWALL {

        file("/var/log/firewalls/PA/$YEAR/$MONTH/$YEAR-$MONTH-$DAY.PA.log");

};

log {

        source(s_udp);

        filter(f_NAMEOFTHEFIREWALL);

        destination(d_NAMEOFTHEFIREWALL);

};

 

 

Tim Tyler

Network Engineer

Beloit College

 

______________________________________________________________________________

Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng

Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng

FAQ: http://www.balabit.com/wiki/syslog-ng-faq