Hi all, I have configure the Syslog-NG with MongoDB and LogAnalyzer, and as output i have the messages but i have no Date, Facility Severity Syslogtag and other information from it. If i go on a message itself i have some additional information. I have found out that i should use some RFC model 5424. Is there an option to configure the syslog-ng to send this messages in that RFC format ? Kind regards Ivan
Hi, On Tue, May 17, 2016 at 10:11:27AM +0200, Ivan Adji - Krstev wrote:
some RFC model 5424. Is there an option to configure the syslog-ng to send this messages in that RFC format ?
Add `flags(syslog-protocol)` to the network destination
I have add this to source in a network part but still nothing. Also to note im using TLS. source s_sys { system(); internal(); network(ip(0.0.0.0) port(6514) flags(syslog-protocol) transport("tls") tls(key_file("/etc/syslog-ng/cert.d/serverkey.pem") cert_file("/etc/syslog-ng/cert.d/servercert.pem") ca_dir("/etc/syslog-ng/ca.d") ) ); }; Or this should be placed in the client site ? Ivan On 05/17/2016 10:31 AM, Fabien Wernli wrote:
Hi,
On Tue, May 17, 2016 at 10:11:27AM +0200, Ivan Adji - Krstev wrote:
some RFC model 5424. Is there an option to configure the syslog-ng to send this messages in that RFC format ? Add `flags(syslog-protocol)` to the network destination
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
Any way i put it where i can and on a client but still nothing. Any other hints ? Ivan On 05/17/2016 10:31 AM, Fabien Wernli wrote:
Hi,
On Tue, May 17, 2016 at 10:11:27AM +0200, Ivan Adji - Krstev wrote:
some RFC model 5424. Is there an option to configure the syslog-ng to send this messages in that RFC format ? Add `flags(syslog-protocol)` to the network destination
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
Hi, The protocols used in the syslog-ng clients and the syslog-ng server should match. You posted a source that uses the network() driver - I take this is from your server. The destination on your client should also use the network() driver, and that's where you need the flags(syslog-protocol). Also check your client config to see if it uses a custom template that messes with the message format. Robert On Tue, May 17, 2016 at 10:49 AM, Ivan Adji - Krstev <akivanradix@gmail.com> wrote:
Any way i put it where i can and on a client but still nothing.
Any other hints ?
Ivan
On 05/17/2016 10:31 AM, Fabien Wernli wrote:
Hi,
On Tue, May 17, 2016 at 10:11:27AM +0200, Ivan Adji - Krstev wrote:
some RFC model 5424. Is there an option to configure the syslog-ng to send this messages in that RFC format ?
Add `flags(syslog-protocol)` to the network destination
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
participants (3)
-
Fabien Wernli
-
Fekete, Róbert
-
Ivan Adji - Krstev