[Syslog-ng] Log particular actions and send specific files to a remote server
Hello everyone, I have two questions about syslog-ng: 1 - Is it possible to send to a remote syslog-ng server a particular log file, for example the following /var/log/network.log, and how we can do this? iface eth1 inet dhcp ... up echo $IFACE up $(date) >> /var/log/network.log down echo $IFACE down $(date) >> /var/log/network.log 2 - Is it possible to log in real time a change occured a network interface ? For example a new open port. More generally, how can we log actions naturally not covered by syslog-ng in order to send to a remote server? Thank you for any help.
Hi, You can use the file source to read log files: https://www.balabit.com/sites/default/files/documents/syslog-ng-ose-3.7-guid... Bye, Peter Czanik (CzP) <peter.czanik@balabit.com> Balabit / syslog-ng upstream http://czanik.blogs.balabit.com/ https://twitter.com/PCzanik On Tue, Jul 26, 2016 at 1:25 PM, Savakh S <sovakah@gmail.com> wrote:
Hello everyone,
I have two questions about syslog-ng:
1 - Is it possible to send to a remote syslog-ng server a particular log file, for example the following /var/log/network.log, and how we can do this?
iface eth1 inet dhcp ... up echo $IFACE up $(date) >> /var/log/network.log down echo $IFACE down $(date) >> /var/log/network.log
2 - Is it possible to log in real time a change occured a network interface ? For example a new open port. More generally, how can we log actions naturally not covered by syslog-ng in order to send to a remote server?
Thank you for any help.
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
Hi, On Tue, Jul 26, 2016 at 01:25:08PM +0200, Savakh S wrote:
2 - Is it possible to log in real time a change occured a network interface ? For example a new open port. More generally, how can we log actions naturally not covered by syslog-ng in order to send to a remote server?
syslog-ng's scope is to handle events, not generate them (except for `internal()`). If you want to achieve what you're describing, the course of action would be to find a tool that lets you monitor the network, and then use a `syslog()` call to generate an event. syslog-ng will then be able to take action (in "real time") e.g. send it to nagios, or by email.
participants (3)
-
Czanik, Péter
-
Fabien Wernli
-
Savakh S