I am a novice on syslog-ng needs help.
Hello, I am a novice on syslog-ng. I need some assistance on installing syslog-ng and looking for a good recommendation on step-by-step instructions for Ubuntu (prefered OS) or Windows environment. I googled it but I My goal is to send the logs to splunk. Any help would be appreciated. Thanks, --Alex
Hi Alex, There's an APT repository for Debian based systems, see: https://github.com/syslog-ng/syslog-ng#installation-from-binaries After that you should check out the Administration Guide: https://www.syslog-ng.com/technical-documents/list/syslog-ng-open-source-edi... Peter Czanik's syslog-ng blog contains small step-by-step tutorials, for example Splunk HEC: https://www.syslog-ng.com/community/b/blog/posts/splunk-hec-sending-logs-usi... I hope this can you get started. Cheers, Szilard On Mon, 20 Jun 2022, 16:26 Alexandre Adao, <Alexandre.Adao@morgan.edu> wrote:
Hello,
I am a novice on syslog-ng. I need some assistance on installing syslog-ng and looking for a good recommendation on step-by-step instructions for Ubuntu (prefered OS) or Windows environment. I googled it but I My goal is to send the logs to splunk. Any help would be appreciated.
Thanks, --Alex
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
Hi, This project might also be interesting to you as it is based on syslog-ng: https://splunk.github.io/splunk-connect-for-syslog/main/ -- László Várady ________________________________ From: syslog-ng <syslog-ng-bounces@lists.balabit.hu> on behalf of Szilárd Parrag <szilard.parrag@gmail.com> Sent: Monday, June 20, 2022 16:54 To: Syslog-ng users' and developers' mailing list <syslog-ng@lists.balabit.hu> Subject: Re: [syslog-ng] I am a novice on syslog-ng needs help. CAUTION: This email originated from outside of the organization. Do not follow guidance, click links, or open attachments unless you recognize the sender and know the content is safe. Hi Alex, There's an APT repository for Debian based systems, see: https://github.com/syslog-ng/syslog-ng#installation-from-binaries<https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fsyslog-ng%2Fsyslog-ng%23installation-from-binaries&data=05%7C01%7Claszlo.varady%40balabit.com%7C02a92cad53744a78074d08da52ccc533%7C91c369b51c9e439c989c1867ec606603%7C0%7C1%7C637913336689447183%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000%7C%7C%7C&sdata=vqwut8pLz8dj35ElPm16EyKlYtdtJQdA7yobzaiiFc0%3D&reserved=0> After that you should check out the Administration Guide: https://www.syslog-ng.com/technical-documents/list/syslog-ng-open-source-edition/3.36<https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.syslog-ng.com%2Ftechnical-documents%2Flist%2Fsyslog-ng-open-source-edition%2F3.36&data=05%7C01%7Claszlo.varady%40balabit.com%7C02a92cad53744a78074d08da52ccc533%7C91c369b51c9e439c989c1867ec606603%7C0%7C1%7C637913336689447183%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000%7C%7C%7C&sdata=JOAVJBPl4hXxWrEsd73SYwCOM3Q4v4tn3WLOKiowSSo%3D&reserved=0> Peter Czanik's syslog-ng blog contains small step-by-step tutorials, for example Splunk HEC: https://www.syslog-ng.com/community/b/blog/posts/splunk-hec-sending-logs-using-program-destination-syslog-ng<https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.syslog-ng.com%2Fcommunity%2Fb%2Fblog%2Fposts%2Fsplunk-hec-sending-logs-using-program-destination-syslog-ng&data=05%7C01%7Claszlo.varady%40balabit.com%7C02a92cad53744a78074d08da52ccc533%7C91c369b51c9e439c989c1867ec606603%7C0%7C1%7C637913336689447183%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000%7C%7C%7C&sdata=7K38mXUF7tjaCauaRvFHF2i9PaYh6ww6fsxRVeFFd0M%3D&reserved=0> I hope this can you get started. Cheers, Szilard On Mon, 20 Jun 2022, 16:26 Alexandre Adao, <Alexandre.Adao@morgan.edu<mailto:Alexandre.Adao@morgan.edu>> wrote: Hello, I am a novice on syslog-ng. I need some assistance on installing syslog-ng and looking for a good recommendation on step-by-step instructions for Ubuntu (prefered OS) or Windows environment. I googled it but I My goal is to send the logs to splunk. Any help would be appreciated. Thanks, --Alex ______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng<https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.balabit.hu%2Fmailman%2Flistinfo%2Fsyslog-ng&data=05%7C01%7Claszlo.varady%40balabit.com%7C02a92cad53744a78074d08da52ccc533%7C91c369b51c9e439c989c1867ec606603%7C0%7C1%7C637913336689447183%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000%7C%7C%7C&sdata=ZP60iojHLTqCy7JeP0wXdbsZcctICpdiUxYDvp5xDqk%3D&reserved=0> Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng<https://nam12.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.balabit.com%2Fsupport%2Fdocumentation%2F%3Fproduct%3Dsyslog-ng&data=05%7C01%7Claszlo.varady%40balabit.com%7C02a92cad53744a78074d08da52ccc533%7C91c369b51c9e439c989c1867ec606603%7C0%7C1%7C637913336689447183%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000%7C%7C%7C&sdata=b5wRjzd3DwUfYGmOSlWUWdwavCqTaqyRDMhBQI0IIEQ%3D&reserved=0> FAQ: http://www.balabit.com/wiki/syslog-ng-faq<https://nam12.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.balabit.com%2Fwiki%2Fsyslog-ng-faq&data=05%7C01%7Claszlo.varady%40balabit.com%7C02a92cad53744a78074d08da52ccc533%7C91c369b51c9e439c989c1867ec606603%7C0%7C1%7C637913336689447183%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000%7C%7C%7C&sdata=EET1zYVNlNp796MuI1VCynCAI%2ByznYJ9hZDc0p2m3r8%3D&reserved=0>
Thank you for the information. What will be the best recommendation for the syslog-ng in regards to the disk space and memory. I am pushing average of 60 Gigs of logs per day. Thanks, On Mon, Jun 20, 2022 at 2:01 PM Laszlo Varady (lvarady) < Laszlo.Varady@oneidentity.com> wrote:
Hi,
This project might also be interesting to you as it is based on syslog-ng: https://splunk.github.io/splunk-connect-for-syslog/main/ <https://urldefense.proofpoint.com/v2/url?u=https-3A__splunk.github.io_splunk-2Dconnect-2Dfor-2Dsyslog_main_&d=DwMFAw&c=0CCt47_3RbNABITTvFzZbA&r=HtvpF_Lhld9M3sO_mZdHw9Ab6uI2MVoIQAAZj4-LRs8&m=u_UlC4497IX0pTQeKVpHIOVpBsNANPikgKp4HXagk1ZEhRU2VXCZ03ojkxqO54dm&s=fyFPwNdEo8AhEHmGeROZpMu1fcTYDORjyiK3JDicg7k&e=>
-- László Várady ------------------------------ *From:* syslog-ng <syslog-ng-bounces@lists.balabit.hu> on behalf of Szilárd Parrag <szilard.parrag@gmail.com> *Sent:* Monday, June 20, 2022 16:54 *To:* Syslog-ng users' and developers' mailing list < syslog-ng@lists.balabit.hu> *Subject:* Re: [syslog-ng] I am a novice on syslog-ng needs help.
CAUTION: This email originated from outside of the organization. Do not follow guidance, click links, or open attachments unless you recognize the sender and know the content is safe.
Hi Alex,
There's an APT repository for Debian based systems, see: https://github.com/syslog-ng/syslog-ng#installation-from-binaries <https://urldefense.proofpoint.com/v2/url?u=https-3A__nam12.safelinks.protection.outlook.com_-3Furl-3Dhttps-253A-252F-252Fgithub.com-252Fsyslog-2Dng-252Fsyslog-2Dng-2523installation-2Dfrom-2Dbinaries-26data-3D05-257C01-257Claszlo.varady-2540balabit.com-257C02a92cad53744a78074d08da52ccc533-257C91c369b51c9e439c989c1867ec606603-257C0-257C1-257C637913336689447183-257CUnknown-257CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0-253D-257C2000-257C-257C-257C-26sdata-3Dvqwut8pLz8dj35ElPm16EyKlYtdtJQdA7yobzaiiFc0-253D-26reserved-3D0&d=DwMFAw&c=0CCt47_3RbNABITTvFzZbA&r=HtvpF_Lhld9M3sO_mZdHw9Ab6uI2MVoIQAAZj4-LRs8&m=u_UlC4497IX0pTQeKVpHIOVpBsNANPikgKp4HXagk1ZEhRU2VXCZ03ojkxqO54dm&s=qGxkqxR3TYHtxFAaU0n7bAn-9CA6TS7jRot9AhyGOt8&e=>
After that you should check out the Administration Guide:
https://www.syslog-ng.com/technical-documents/list/syslog-ng-open-source-edi... <https://urldefense.proofpoint.com/v2/url?u=https-3A__nam12.safelinks.protection.outlook.com_-3Furl-3Dhttps-253A-252F-252Fwww.syslog-2Dng.com-252Ftechnical-2Ddocuments-252Flist-252Fsyslog-2Dng-2Dopen-2Dsource-2Dedition-252F3.36-26data-3D05-257C01-257Claszlo.varady-2540balabit.com-257C02a92cad53744a78074d08da52ccc533-257C91c369b51c9e439c989c1867ec606603-257C0-257C1-257C637913336689447183-257CUnknown-257CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0-253D-257C2000-257C-257C-257C-26sdata-3DJOAVJBPl4hXxWrEsd73SYwCOM3Q4v4tn3WLOKiowSSo-253D-26reserved-3D0&d=DwMFAw&c=0CCt47_3RbNABITTvFzZbA&r=HtvpF_Lhld9M3sO_mZdHw9Ab6uI2MVoIQAAZj4-LRs8&m=u_UlC4497IX0pTQeKVpHIOVpBsNANPikgKp4HXagk1ZEhRU2VXCZ03ojkxqO54dm&s=7VpbuTtia0ddCbiUs61VJl1nduu7X10C4zYcNVPx1EA&e=>
Peter Czanik's syslog-ng blog contains small step-by-step tutorials, for example Splunk HEC:
https://www.syslog-ng.com/community/b/blog/posts/splunk-hec-sending-logs-usi... <https://urldefense.proofpoint.com/v2/url?u=https-3A__nam12.safelinks.protection.outlook.com_-3Furl-3Dhttps-253A-252F-252Fwww.syslog-2Dng.com-252Fcommunity-252Fb-252Fblog-252Fposts-252Fsplunk-2Dhec-2Dsending-2Dlogs-2Dusing-2Dprogram-2Ddestination-2Dsyslog-2Dng-26data-3D05-257C01-257Claszlo.varady-2540balabit.com-257C02a92cad53744a78074d08da52ccc533-257C91c369b51c9e439c989c1867ec606603-257C0-257C1-257C637913336689447183-257CUnknown-257CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0-253D-257C2000-257C-257C-257C-26sdata-3D7K38mXUF7tjaCauaRvFHF2i9PaYh6ww6fsxRVeFFd0M-253D-26reserved-3D0&d=DwMFAw&c=0CCt47_3RbNABITTvFzZbA&r=HtvpF_Lhld9M3sO_mZdHw9Ab6uI2MVoIQAAZj4-LRs8&m=u_UlC4497IX0pTQeKVpHIOVpBsNANPikgKp4HXagk1ZEhRU2VXCZ03ojkxqO54dm&s=Rm_x-n_2Dx6Zl9MuCb_UCRbQfCZVivtjcw8v0u5PGLc&e=>
I hope this can you get started.
Cheers, Szilard
On Mon, 20 Jun 2022, 16:26 Alexandre Adao, <Alexandre.Adao@morgan.edu> wrote:
Hello,
I am a novice on syslog-ng. I need some assistance on installing syslog-ng and looking for a good recommendation on step-by-step instructions for Ubuntu (prefered OS) or Windows environment. I googled it but I My goal is to send the logs to splunk. Any help would be appreciated.
Thanks, --Alex
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng <https://urldefense.proofpoint.com/v2/url?u=https-3A__nam12.safelinks.protection.outlook.com_-3Furl-3Dhttps-253A-252F-252Flists.balabit.hu-252Fmailman-252Flistinfo-252Fsyslog-2Dng-26data-3D05-257C01-257Claszlo.varady-2540balabit.com-257C02a92cad53744a78074d08da52ccc533-257C91c369b51c9e439c989c1867ec606603-257C0-257C1-257C637913336689447183-257CUnknown-257CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0-253D-257C2000-257C-257C-257C-26sdata-3DZP60iojHLTqCy7JeP0wXdbsZcctICpdiUxYDvp5xDqk-253D-26reserved-3D0&d=DwMFAw&c=0CCt47_3RbNABITTvFzZbA&r=HtvpF_Lhld9M3sO_mZdHw9Ab6uI2MVoIQAAZj4-LRs8&m=u_UlC4497IX0pTQeKVpHIOVpBsNANPikgKp4HXagk1ZEhRU2VXCZ03ojkxqO54dm&s=jvCS07b-ssaQVYZ2HU4H6Rg2M8sp9rL778BvUesZ98I&e=> Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng <https://urldefense.proofpoint.com/v2/url?u=https-3A__nam12.safelinks.protection.outlook.com_-3Furl-3Dhttp-253A-252F-252Fwww.balabit.com-252Fsupport-252Fdocumentation-252F-253Fproduct-253Dsyslog-2Dng-26data-3D05-257C01-257Claszlo.varady-2540balabit.com-257C02a92cad53744a78074d08da52ccc533-257C91c369b51c9e439c989c1867ec606603-257C0-257C1-257C637913336689447183-257CUnknown-257CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0-253D-257C2000-257C-257C-257C-26sdata-3Db5wRjzd3DwUfYGmOSlWUWdwavCqTaqyRDMhBQI0IIEQ-253D-26reserved-3D0&d=DwMFAw&c=0CCt47_3RbNABITTvFzZbA&r=HtvpF_Lhld9M3sO_mZdHw9Ab6uI2MVoIQAAZj4-LRs8&m=u_UlC4497IX0pTQeKVpHIOVpBsNANPikgKp4HXagk1ZEhRU2VXCZ03ojkxqO54dm&s=cC4QQCICZOSvZF2toJLiyouPSBCjjzCZBnXjSmSNhcY&e=> FAQ: http://www.balabit.com/wiki/syslog-ng-faq <https://urldefense.proofpoint.com/v2/url?u=https-3A__nam12.safelinks.protection.outlook.com_-3Furl-3Dhttp-253A-252F-252Fwww.balabit.com-252Fwiki-252Fsyslog-2Dng-2Dfaq-26data-3D05-257C01-257Claszlo.varady-2540balabit.com-257C02a92cad53744a78074d08da52ccc533-257C91c369b51c9e439c989c1867ec606603-257C0-257C1-257C637913336689447183-257CUnknown-257CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0-253D-257C2000-257C-257C-257C-26sdata-3DEET1zYVNlNp796MuI1VCynCAI-252ByznYJ9hZDc0p2m3r8-253D-26reserved-3D0&d=DwMFAw&c=0CCt47_3RbNABITTvFzZbA&r=HtvpF_Lhld9M3sO_mZdHw9Ab6uI2MVoIQAAZj4-LRs8&m=u_UlC4497IX0pTQeKVpHIOVpBsNANPikgKp4HXagk1ZEhRU2VXCZ03ojkxqO54dm&s=nOiu1h2VolZ2wlE2c881Dyu6woXx7lbwDFv0H4h6MBA&e=>
participants (3)
-
Alexandre Adao
-
Laszlo Varady (lvarady)
-
Szilárd Parrag