Unable to make syslog-ng listen to port 514
Hello i have installed syslog-ng in our ubuntu server with version : 3.13 its running fine, I am using the default syslog-ng file and i have change this line as per documentation source s_net { syslog(ip(192.168.1.19) transport("tcp")); }; but its not listing on port 514 What Do i have to do make it listen ? Thanks for the help ● syslog-ng.service - System Logger Daemon Loaded: loaded (/lib/systemd/system/syslog-ng.service; enabled; vendor preset: enabled) Active: active (running) since Fri 2018-11-02 18:22:46 UTC; 4min 5s ago Docs: man:syslog-ng(8) Main PID: 16470 (syslog-ng) Tasks: 1 (limit: 2361) CGroup: /system.slice/syslog-ng.service └─16470 /usr/sbin/syslog-ng -F Nov 02 18:22:46 syslog systemd[1]: Starting System Logger Daemon... Nov 02 18:22:46 syslog systemd[1]: Started System Logger Daemon. -- Regards Fosiul Alam
Hello, The syslog source by default listening on 601 port, you could change that with port(514) if you want to. See the admin guide: https://www.syslog-ng.com/technical-documents/doc/syslog-ng-open-source-edit... -- Kokan On Fri, 2 Nov 2018, 7:29 pm Fosiul Alam, <fosiul@gmail.com> wrote:
Hello i have installed syslog-ng in our ubuntu server with version : 3.13
its running fine, I am using the default syslog-ng file and i have change this line as per documentation
source s_net { syslog(ip(192.168.1.19) transport("tcp")); };
but its not listing on port 514
What Do i have to do make it listen ?
Thanks for the help
● syslog-ng.service - System Logger Daemon Loaded: loaded (/lib/systemd/system/syslog-ng.service; enabled; vendor preset: enabled) Active: active (running) since Fri 2018-11-02 18:22:46 UTC; 4min 5s ago Docs: man:syslog-ng(8) Main PID: 16470 (syslog-ng) Tasks: 1 (limit: 2361) CGroup: /system.slice/syslog-ng.service └─16470 /usr/sbin/syslog-ng -F
Nov 02 18:22:46 syslog systemd[1]: Starting System Logger Daemon... Nov 02 18:22:46 syslog systemd[1]: Started System Logger Daemon.
-- Regards Fosiul Alam
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
Hi Thanks, i have changed this to source s_net { syslog(ip(192.168.1.13) port(514) transport("tcp")); }; still it does not listen to 514 or 601 do i need to do anthing in the config file to make it activate ? On Fri, Nov 2, 2018 at 9:18 PM Péter, Kókai <peter.kokai@oneidentity.com> wrote:
Hello,
The syslog source by default listening on 601 port, you could change that with port(514) if you want to.
See the admin guide: https://www.syslog-ng.com/technical-documents/doc/syslog-ng-open-source-edit...
-- Kokan
On Fri, 2 Nov 2018, 7:29 pm Fosiul Alam, <fosiul@gmail.com> wrote:
Hello i have installed syslog-ng in our ubuntu server with version : 3.13
its running fine, I am using the default syslog-ng file and i have change this line as per documentation
source s_net { syslog(ip(192.168.1.19) transport("tcp")); };
but its not listing on port 514
What Do i have to do make it listen ?
Thanks for the help
● syslog-ng.service - System Logger Daemon Loaded: loaded (/lib/systemd/system/syslog-ng.service; enabled; vendor preset: enabled) Active: active (running) since Fri 2018-11-02 18:22:46 UTC; 4min 5s ago Docs: man:syslog-ng(8) Main PID: 16470 (syslog-ng) Tasks: 1 (limit: 2361) CGroup: /system.slice/syslog-ng.service └─16470 /usr/sbin/syslog-ng -F
Nov 02 18:22:46 syslog systemd[1]: Starting System Logger Daemon... Nov 02 18:22:46 syslog systemd[1]: Started System Logger Daemon.
-- Regards Fosiul Alam
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
-- Regards Fosiul Alam
Hi, The source declaration seems to be all right. If it still does not work, just a few more ideas what to check: - make sure, that this source is actually used in a log path (other way it is not used) - if you use SELinux, set it to permissive mode temporarily (setenforce 0) - make sure that your firewall does not block it - the syslog() source is for RFC5424 logs, make sure that you send your logs using this protocol version Have a nice weekend! Bye, Peter Czanik (CzP) <peter.czanik@balabit.com> Balabit (a OneIdentity company) / syslog-ng upstream https://syslog-ng.com/community/ https://twitter.com/PCzanik On Sat, Nov 3, 2018 at 10:01 AM Fosiul Alam <fosiul@gmail.com> wrote:
Hi Thanks, i have changed this to source s_net { syslog(ip(192.168.1.13) port(514) transport("tcp")); };
still it does not listen to 514 or 601
do i need to do anthing in the config file to make it activate ?
On Fri, Nov 2, 2018 at 9:18 PM Péter, Kókai <peter.kokai@oneidentity.com> wrote:
Hello,
The syslog source by default listening on 601 port, you could change that with port(514) if you want to.
See the admin guide: https://www.syslog-ng.com/technical-documents/doc/syslog-ng-open-source-edit...
-- Kokan
On Fri, 2 Nov 2018, 7:29 pm Fosiul Alam, <fosiul@gmail.com> wrote:
Hello i have installed syslog-ng in our ubuntu server with version : 3.13
its running fine, I am using the default syslog-ng file and i have change this line as per documentation
source s_net { syslog(ip(192.168.1.19) transport("tcp")); };
but its not listing on port 514
What Do i have to do make it listen ?
Thanks for the help
● syslog-ng.service - System Logger Daemon Loaded: loaded (/lib/systemd/system/syslog-ng.service; enabled; vendor preset: enabled) Active: active (running) since Fri 2018-11-02 18:22:46 UTC; 4min 5s ago Docs: man:syslog-ng(8) Main PID: 16470 (syslog-ng) Tasks: 1 (limit: 2361) CGroup: /system.slice/syslog-ng.service └─16470 /usr/sbin/syslog-ng -F
Nov 02 18:22:46 syslog systemd[1]: Starting System Logger Daemon... Nov 02 18:22:46 syslog systemd[1]: Started System Logger Daemon.
-- Regards Fosiul Alam
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
-- Regards Fosiul Alam
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
Thanks, please have a look at the log fiel I am using the default Can you please let me know if this looks ok ? I am not using any selinux @version: 3.13 @include "scl.conf" # Syslog-ng configuration file, compatible with default Debian syslogd # installation. # First, set some global options. options { chain_hostnames(off); flush_lines(0); use_dns(no); use_fqdn(no); owner("root"); group("adm"); perm(0640); stats_freq(0); bad_hostname("^gconfd$"); }; ######################## # Sources ######################## # This is the default behavior of sysklogd package # Logs may come from unix stream, but not from another machine. # source s_src { system(); internal(); }; # If you wish to get logs from remote machine you should uncomment # this and comment the above source line. # source s_net { syslog(ip(192.168.0.13) port(514) transport("tcp")); }; ######################## # Destinations ######################## # First some standard logfile # destination d_auth { file("/var/log/auth.log"); }; destination d_cron { file("/var/log/cron.log"); }; destination d_daemon { file("/var/log/daemon.log"); }; destination d_kern { file("/var/log/kern.log"); }; destination d_lpr { file("/var/log/lpr.log"); }; destination d_mail { file("/var/log/mail.log"); }; destination d_syslog { file("/var/log/syslog"); }; destination d_user { file("/var/log/user.log"); }; destination d_uucp { file("/var/log/uucp.log"); }; # This files are the log come from the mail subsystem. # destination d_mailinfo { file("/var/log/mail.info"); }; destination d_mailwarn { file("/var/log/mail.warn"); }; destination d_mailerr { file("/var/log/mail.err"); }; # Logging for INN news system # destination d_newscrit { file("/var/log/news/news.crit"); }; destination d_newserr { file("/var/log/news/news.err"); }; destination d_newsnotice { file("/var/log/news/news.notice"); }; # Some 'catch-all' logfiles. # destination d_debug { file("/var/log/debug"); }; destination d_error { file("/var/log/error"); }; destination d_messages { file("/var/log/messages"); }; # The root's console. # destination d_console { usertty("root"); }; # Virtual console. # destination d_console_all { file(`tty10`); }; # The named pipe /dev/xconsole is for the nsole' utility. To use it, # you must invoke nsole' with the -file' option: # # $ xconsole -file /dev/xconsole [...] # destination d_xconsole { pipe("/dev/xconsole"); }; # Send the messages to an other host # #destination d_net { tcp("127.0.0.1" port(1000) log_fifo_size(1000)); }; # Debian only destination d_ppp { file("/var/log/ppp.log"); }; ######################## # Filters ######################## # Here's come the filter options. With this rules, we can set which # message go where. filter f_dbg { level(debug); }; filter f_info { level(info); }; filter f_notice { level(notice); }; filter f_warn { level(warn); }; filter f_err { level(err); }; filter f_crit { level(crit .. emerg); }; filter f_debug { level(debug) and not facility(auth, authpriv, news, mail); }; filter f_error { level(err .. emerg) ; }; filter f_messages { level(info,notice,warn) and not facility(auth,authpriv,cron,daemon,mail,news); }; filter f_auth { facility(auth, authpriv) and not filter(f_debug); }; filter f_cron { facility(cron) and not filter(f_debug); }; filter f_daemon { facility(daemon) and not filter(f_debug); }; filter f_kern { facility(kern) and not filter(f_debug); }; filter f_lpr { facility(lpr) and not filter(f_debug); }; filter f_local { facility(local0, local1, local3, local4, local5, local6, local7) and not filter(f_debug); }; filter f_mail { facility(mail) and not filter(f_debug); }; filter f_news { facility(news) and not filter(f_debug); }; filter f_syslog3 { not facility(auth, authpriv, mail) and not filter(f_debug); }; filter f_user { facility(user) and not filter(f_debug); }; filter f_uucp { facility(uucp) and not filter(f_debug); }; filter f_cnews { level(notice, err, crit) and facility(news); }; filter f_cother { level(debug, info, notice, warn) or facility(daemon, mail); }; filter f_ppp { facility(local2) and not filter(f_debug); }; filter f_console { level(warn .. emerg); }; ######################## # Log paths ######################## log { source(s_src); filter(f_auth); destination(d_auth); }; log { source(s_src); filter(f_cron); destination(d_cron); }; log { source(s_src); filter(f_daemon); destination(d_daemon); }; log { source(s_src); filter(f_kern); destination(d_kern); }; log { source(s_src); filter(f_lpr); destination(d_lpr); }; log { source(s_src); filter(f_syslog3); destination(d_syslog); }; log { source(s_src); filter(f_user); destination(d_user); }; log { source(s_src); filter(f_uucp); destination(d_uucp); }; log { source(s_src); filter(f_mail); destination(d_mail); }; #log { source(s_src); filter(f_mail); filter(f_info); destination(d_mailinfo); }; #log { source(s_src); filter(f_mail); filter(f_warn); destination(d_mailwarn); }; #log { source(s_src); filter(f_mail); filter(f_err); destination(d_mailerr); }; log { source(s_src); filter(f_news); filter(f_crit); destination(d_newscrit); }; log { source(s_src); filter(f_news); filter(f_err); destination(d_newserr); }; log { source(s_src); filter(f_news); filter(f_notice); destination(d_newsnotice); }; #log { source(s_src); filter(f_cnews); destination(d_console_all); }; #log { source(s_src); filter(f_cother); destination(d_console_all); }; #log { source(s_src); filter(f_ppp); destination(d_ppp); }; log { source(s_src); filter(f_debug); destination(d_debug); }; log { source(s_src); filter(f_error); destination(d_error); }; log { source(s_src); filter(f_messages); destination(d_messages); }; log { source(s_src); filter(f_console); destination(d_console_all); destination(d_xconsole); }; log { source(s_src); filter(f_crit); destination(d_console); }; # All messages send to a remote site # #log { source(s_src); destination(d_net); }; #log { source(s_src); source(s_net); destination(d_auth); }; ### # Include all config files in /etc/syslog-ng/conf.d/ ### @include "/etc/syslog-ng/conf.d/*.conf" On Sat, Nov 3, 2018 at 9:19 AM Czanik, Péter <peter.czanik@balabit.com> wrote:
Hi,
The source declaration seems to be all right. If it still does not work, just a few more ideas what to check:
- make sure, that this source is actually used in a log path (other way it is not used) - if you use SELinux, set it to permissive mode temporarily (setenforce 0) - make sure that your firewall does not block it - the syslog() source is for RFC5424 logs, make sure that you send your logs using this protocol version
Have a nice weekend!
Bye,
Peter Czanik (CzP) <peter.czanik@balabit.com> Balabit (a OneIdentity company) / syslog-ng upstream https://syslog-ng.com/community/ https://twitter.com/PCzanik
On Sat, Nov 3, 2018 at 10:01 AM Fosiul Alam <fosiul@gmail.com> wrote:
Hi Thanks, i have changed this to source s_net { syslog(ip(192.168.1.13) port(514) transport("tcp")); };
still it does not listen to 514 or 601
do i need to do anthing in the config file to make it activate ?
On Fri, Nov 2, 2018 at 9:18 PM Péter, Kókai <peter.kokai@oneidentity.com> wrote:
Hello,
The syslog source by default listening on 601 port, you could change that with port(514) if you want to.
See the admin guide: https://www.syslog-ng.com/technical-documents/doc/syslog-ng-open-source-edit...
-- Kokan
On Fri, 2 Nov 2018, 7:29 pm Fosiul Alam, <fosiul@gmail.com> wrote:
Hello i have installed syslog-ng in our ubuntu server with version : 3.13
its running fine, I am using the default syslog-ng file and i have change this line as per documentation
source s_net { syslog(ip(192.168.1.19) transport("tcp")); };
but its not listing on port 514
What Do i have to do make it listen ?
Thanks for the help
● syslog-ng.service - System Logger Daemon Loaded: loaded (/lib/systemd/system/syslog-ng.service; enabled; vendor preset: enabled) Active: active (running) since Fri 2018-11-02 18:22:46 UTC; 4min 5s ago Docs: man:syslog-ng(8) Main PID: 16470 (syslog-ng) Tasks: 1 (limit: 2361) CGroup: /system.slice/syslog-ng.service └─16470 /usr/sbin/syslog-ng -F
Nov 02 18:22:46 syslog systemd[1]: Starting System Logger Daemon... Nov 02 18:22:46 syslog systemd[1]: Started System Logger Daemon.
-- Regards Fosiul Alam
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
-- Regards Fosiul Alam
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
-- Regards Fosiul Alam
Hi, That's it: I don't see the s_net source actually used in any of the log statements. For testing you could use for example: log {source(s_net); destination(d_messages); }; And your test messages should show up in /var/log/messages. Bye, Peter Czanik (CzP) <peter.czanik@balabit.com> Balabit (a OneIdentity company) / syslog-ng upstream https://syslog-ng.com/community/ https://twitter.com/PCzanik On Sat, Nov 3, 2018 at 11:04 AM Fosiul Alam <fosiul@gmail.com> wrote:
Thanks, please have a look at the log fiel I am using the default
Can you please let me know if this looks ok ?
I am not using any selinux
@version: 3.13 @include "scl.conf"
# Syslog-ng configuration file, compatible with default Debian syslogd # installation.
# First, set some global options. options { chain_hostnames(off); flush_lines(0); use_dns(no); use_fqdn(no); owner("root"); group("adm"); perm(0640); stats_freq(0); bad_hostname("^gconfd$"); };
######################## # Sources ######################## # This is the default behavior of sysklogd package # Logs may come from unix stream, but not from another machine. # source s_src { system(); internal(); };
# If you wish to get logs from remote machine you should uncomment # this and comment the above source line. # source s_net { syslog(ip(192.168.0.13) port(514) transport("tcp")); };
######################## # Destinations ######################## # First some standard logfile # destination d_auth { file("/var/log/auth.log"); }; destination d_cron { file("/var/log/cron.log"); }; destination d_daemon { file("/var/log/daemon.log"); }; destination d_kern { file("/var/log/kern.log"); }; destination d_lpr { file("/var/log/lpr.log"); }; destination d_mail { file("/var/log/mail.log"); }; destination d_syslog { file("/var/log/syslog"); }; destination d_user { file("/var/log/user.log"); }; destination d_uucp { file("/var/log/uucp.log"); };
# This files are the log come from the mail subsystem. # destination d_mailinfo { file("/var/log/mail.info"); }; destination d_mailwarn { file("/var/log/mail.warn"); }; destination d_mailerr { file("/var/log/mail.err"); };
# Logging for INN news system # destination d_newscrit { file("/var/log/news/news.crit"); }; destination d_newserr { file("/var/log/news/news.err"); }; destination d_newsnotice { file("/var/log/news/news.notice"); };
# Some 'catch-all' logfiles. # destination d_debug { file("/var/log/debug"); }; destination d_error { file("/var/log/error"); }; destination d_messages { file("/var/log/messages"); };
# The root's console. # destination d_console { usertty("root"); };
# Virtual console. # destination d_console_all { file(`tty10`); };
# The named pipe /dev/xconsole is for the nsole' utility. To use it, # you must invoke nsole' with the -file' option: # # $ xconsole -file /dev/xconsole [...] # destination d_xconsole { pipe("/dev/xconsole"); };
# Send the messages to an other host # #destination d_net { tcp("127.0.0.1" port(1000) log_fifo_size(1000)); };
# Debian only destination d_ppp { file("/var/log/ppp.log"); };
######################## # Filters ######################## # Here's come the filter options. With this rules, we can set which # message go where.
filter f_dbg { level(debug); }; filter f_info { level(info); }; filter f_notice { level(notice); }; filter f_warn { level(warn); }; filter f_err { level(err); }; filter f_crit { level(crit .. emerg); };
filter f_debug { level(debug) and not facility(auth, authpriv, news, mail); }; filter f_error { level(err .. emerg) ; }; filter f_messages { level(info,notice,warn) and not facility(auth,authpriv,cron,daemon,mail,news); };
filter f_auth { facility(auth, authpriv) and not filter(f_debug); }; filter f_cron { facility(cron) and not filter(f_debug); }; filter f_daemon { facility(daemon) and not filter(f_debug); }; filter f_kern { facility(kern) and not filter(f_debug); }; filter f_lpr { facility(lpr) and not filter(f_debug); }; filter f_local { facility(local0, local1, local3, local4, local5, local6, local7) and not filter(f_debug); }; filter f_mail { facility(mail) and not filter(f_debug); }; filter f_news { facility(news) and not filter(f_debug); }; filter f_syslog3 { not facility(auth, authpriv, mail) and not filter(f_debug); }; filter f_user { facility(user) and not filter(f_debug); }; filter f_uucp { facility(uucp) and not filter(f_debug); };
filter f_cnews { level(notice, err, crit) and facility(news); }; filter f_cother { level(debug, info, notice, warn) or facility(daemon, mail); };
filter f_ppp { facility(local2) and not filter(f_debug); }; filter f_console { level(warn .. emerg); };
######################## # Log paths ######################## log { source(s_src); filter(f_auth); destination(d_auth); }; log { source(s_src); filter(f_cron); destination(d_cron); }; log { source(s_src); filter(f_daemon); destination(d_daemon); }; log { source(s_src); filter(f_kern); destination(d_kern); }; log { source(s_src); filter(f_lpr); destination(d_lpr); }; log { source(s_src); filter(f_syslog3); destination(d_syslog); }; log { source(s_src); filter(f_user); destination(d_user); }; log { source(s_src); filter(f_uucp); destination(d_uucp); };
log { source(s_src); filter(f_mail); destination(d_mail); }; #log { source(s_src); filter(f_mail); filter(f_info); destination(d_mailinfo); }; #log { source(s_src); filter(f_mail); filter(f_warn); destination(d_mailwarn); }; #log { source(s_src); filter(f_mail); filter(f_err); destination(d_mailerr); };
log { source(s_src); filter(f_news); filter(f_crit); destination(d_newscrit); }; log { source(s_src); filter(f_news); filter(f_err); destination(d_newserr); }; log { source(s_src); filter(f_news); filter(f_notice); destination(d_newsnotice); }; #log { source(s_src); filter(f_cnews); destination(d_console_all); }; #log { source(s_src); filter(f_cother); destination(d_console_all); };
#log { source(s_src); filter(f_ppp); destination(d_ppp); };
log { source(s_src); filter(f_debug); destination(d_debug); }; log { source(s_src); filter(f_error); destination(d_error); }; log { source(s_src); filter(f_messages); destination(d_messages); };
log { source(s_src); filter(f_console); destination(d_console_all); destination(d_xconsole); }; log { source(s_src); filter(f_crit); destination(d_console); };
# All messages send to a remote site # #log { source(s_src); destination(d_net); }; #log { source(s_src); source(s_net); destination(d_auth); }; ### # Include all config files in /etc/syslog-ng/conf.d/ ### @include "/etc/syslog-ng/conf.d/*.conf"
On Sat, Nov 3, 2018 at 9:19 AM Czanik, Péter <peter.czanik@balabit.com> wrote:
Hi,
The source declaration seems to be all right. If it still does not work, just a few more ideas what to check:
- make sure, that this source is actually used in a log path (other way it is not used) - if you use SELinux, set it to permissive mode temporarily (setenforce 0) - make sure that your firewall does not block it - the syslog() source is for RFC5424 logs, make sure that you send your logs using this protocol version
Have a nice weekend!
Bye,
Peter Czanik (CzP) <peter.czanik@balabit.com> Balabit (a OneIdentity company) / syslog-ng upstream https://syslog-ng.com/community/ https://twitter.com/PCzanik
On Sat, Nov 3, 2018 at 10:01 AM Fosiul Alam <fosiul@gmail.com> wrote:
Hi Thanks, i have changed this to source s_net { syslog(ip(192.168.1.13) port(514) transport("tcp")); };
still it does not listen to 514 or 601
do i need to do anthing in the config file to make it activate ?
On Fri, Nov 2, 2018 at 9:18 PM Péter, Kókai <peter.kokai@oneidentity.com> wrote:
Hello,
The syslog source by default listening on 601 port, you could change that with port(514) if you want to.
See the admin guide: https://www.syslog-ng.com/technical-documents/doc/syslog-ng-open-source-edit...
-- Kokan
On Fri, 2 Nov 2018, 7:29 pm Fosiul Alam, <fosiul@gmail.com> wrote:
Hello i have installed syslog-ng in our ubuntu server with version : 3.13
its running fine, I am using the default syslog-ng file and i have change this line as per documentation
source s_net { syslog(ip(192.168.1.19) transport("tcp")); };
but its not listing on port 514
What Do i have to do make it listen ?
Thanks for the help
● syslog-ng.service - System Logger Daemon Loaded: loaded (/lib/systemd/system/syslog-ng.service; enabled; vendor preset: enabled) Active: active (running) since Fri 2018-11-02 18:22:46 UTC; 4min 5s ago Docs: man:syslog-ng(8) Main PID: 16470 (syslog-ng) Tasks: 1 (limit: 2361) CGroup: /system.slice/syslog-ng.service └─16470 /usr/sbin/syslog-ng -F
Nov 02 18:22:46 syslog systemd[1]: Starting System Logger Daemon... Nov 02 18:22:46 syslog systemd[1]: Started System Logger Daemon.
-- Regards Fosiul Alam
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
-- Regards Fosiul Alam
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
-- Regards Fosiul Alam
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
Hi Peter, Thanks but that gives me if i enable that line or put the line log {source(s_net); destination(d_messages); }; ● syslog-ng.service - System Logger Daemon Loaded: loaded (/lib/systemd/system/syslog-ng.service; enabled; vendor preset: enabled) Active: failed (Result: exit-code) since Sat 2018-11-03 10:34:26 UTC; 12s ago Docs: man:syslog-ng(8) Process: 16905 ExecReload=/bin/kill -HUP $MAINPID (code=exited, status=0/SUCCESS) Process: 18148 ExecStart=/usr/sbin/syslog-ng -F $SYSLOGNG_OPTS (code=exited, status=2) Main PID: 18148 (code=exited, status=2) Status: "Starting up... (Sat Nov 3 10:34:25 2018" Nov 03 10:34:25 syslog systemd[1]: syslog-ng.service: Main process exited, code=exited, status=2/INVALIDARGUMENT Nov 03 10:34:25 syslog systemd[1]: syslog-ng.service: Failed with result 'exit-code'. Nov 03 10:34:25 syslog systemd[1]: Failed to start System Logger Daemon. Nov 03 10:34:26 syslog systemd[1]: syslog-ng.service: Service hold-off time over, scheduling restart. Nov 03 10:34:26 syslog systemd[1]: syslog-ng.service: Scheduled restart job, restart counter is at 5. Nov 03 10:34:26 syslog systemd[1]: Stopped System Logger Daemon. Nov 03 10:34:26 syslog systemd[1]: syslog-ng.service: Start request repeated too quickly. Nov 03 10:34:26 syslog systemd[1]: syslog-ng.service: Failed with result 'exit-code'. Nov 03 10:34:26 syslog systemd[1]: Failed to start System Logger Daemon. On Sat, Nov 3, 2018 at 10:09 AM Czanik, Péter <peter.czanik@balabit.com> wrote:
Hi, That's it: I don't see the s_net source actually used in any of the log statements.
For testing you could use for example:
log {source(s_net); destination(d_messages); };
And your test messages should show up in /var/log/messages.
Bye,
Peter Czanik (CzP) <peter.czanik@balabit.com> Balabit (a OneIdentity company) / syslog-ng upstream https://syslog-ng.com/community/ https://twitter.com/PCzanik
On Sat, Nov 3, 2018 at 11:04 AM Fosiul Alam <fosiul@gmail.com> wrote:
Thanks, please have a look at the log fiel I am using the default
Can you please let me know if this looks ok ?
I am not using any selinux
@version: 3.13 @include "scl.conf"
# Syslog-ng configuration file, compatible with default Debian syslogd # installation.
# First, set some global options. options { chain_hostnames(off); flush_lines(0); use_dns(no); use_fqdn(no); owner("root"); group("adm"); perm(0640); stats_freq(0); bad_hostname("^gconfd$"); };
######################## # Sources ######################## # This is the default behavior of sysklogd package # Logs may come from unix stream, but not from another machine. # source s_src { system(); internal(); };
# If you wish to get logs from remote machine you should uncomment # this and comment the above source line. # source s_net { syslog(ip(192.168.0.13) port(514) transport("tcp")); };
######################## # Destinations ######################## # First some standard logfile # destination d_auth { file("/var/log/auth.log"); }; destination d_cron { file("/var/log/cron.log"); }; destination d_daemon { file("/var/log/daemon.log"); }; destination d_kern { file("/var/log/kern.log"); }; destination d_lpr { file("/var/log/lpr.log"); }; destination d_mail { file("/var/log/mail.log"); }; destination d_syslog { file("/var/log/syslog"); }; destination d_user { file("/var/log/user.log"); }; destination d_uucp { file("/var/log/uucp.log"); };
# This files are the log come from the mail subsystem. # destination d_mailinfo { file("/var/log/mail.info"); }; destination d_mailwarn { file("/var/log/mail.warn"); }; destination d_mailerr { file("/var/log/mail.err"); };
# Logging for INN news system # destination d_newscrit { file("/var/log/news/news.crit"); }; destination d_newserr { file("/var/log/news/news.err"); }; destination d_newsnotice { file("/var/log/news/news.notice"); };
# Some 'catch-all' logfiles. # destination d_debug { file("/var/log/debug"); }; destination d_error { file("/var/log/error"); }; destination d_messages { file("/var/log/messages"); };
# The root's console. # destination d_console { usertty("root"); };
# Virtual console. # destination d_console_all { file(`tty10`); };
# The named pipe /dev/xconsole is for the nsole' utility. To use it, # you must invoke nsole' with the -file' option: # # $ xconsole -file /dev/xconsole [...] # destination d_xconsole { pipe("/dev/xconsole"); };
# Send the messages to an other host # #destination d_net { tcp("127.0.0.1" port(1000) log_fifo_size(1000)); };
# Debian only destination d_ppp { file("/var/log/ppp.log"); };
######################## # Filters ######################## # Here's come the filter options. With this rules, we can set which # message go where.
filter f_dbg { level(debug); }; filter f_info { level(info); }; filter f_notice { level(notice); }; filter f_warn { level(warn); }; filter f_err { level(err); }; filter f_crit { level(crit .. emerg); };
filter f_debug { level(debug) and not facility(auth, authpriv, news, mail); }; filter f_error { level(err .. emerg) ; }; filter f_messages { level(info,notice,warn) and not facility(auth,authpriv,cron,daemon,mail,news); };
filter f_auth { facility(auth, authpriv) and not filter(f_debug); }; filter f_cron { facility(cron) and not filter(f_debug); }; filter f_daemon { facility(daemon) and not filter(f_debug); }; filter f_kern { facility(kern) and not filter(f_debug); }; filter f_lpr { facility(lpr) and not filter(f_debug); }; filter f_local { facility(local0, local1, local3, local4, local5, local6, local7) and not filter(f_debug); }; filter f_mail { facility(mail) and not filter(f_debug); }; filter f_news { facility(news) and not filter(f_debug); }; filter f_syslog3 { not facility(auth, authpriv, mail) and not filter(f_debug); }; filter f_user { facility(user) and not filter(f_debug); }; filter f_uucp { facility(uucp) and not filter(f_debug); };
filter f_cnews { level(notice, err, crit) and facility(news); }; filter f_cother { level(debug, info, notice, warn) or facility(daemon, mail); };
filter f_ppp { facility(local2) and not filter(f_debug); }; filter f_console { level(warn .. emerg); };
######################## # Log paths ######################## log { source(s_src); filter(f_auth); destination(d_auth); }; log { source(s_src); filter(f_cron); destination(d_cron); }; log { source(s_src); filter(f_daemon); destination(d_daemon); }; log { source(s_src); filter(f_kern); destination(d_kern); }; log { source(s_src); filter(f_lpr); destination(d_lpr); }; log { source(s_src); filter(f_syslog3); destination(d_syslog); }; log { source(s_src); filter(f_user); destination(d_user); }; log { source(s_src); filter(f_uucp); destination(d_uucp); };
log { source(s_src); filter(f_mail); destination(d_mail); }; #log { source(s_src); filter(f_mail); filter(f_info); destination(d_mailinfo); }; #log { source(s_src); filter(f_mail); filter(f_warn); destination(d_mailwarn); }; #log { source(s_src); filter(f_mail); filter(f_err); destination(d_mailerr); };
log { source(s_src); filter(f_news); filter(f_crit); destination(d_newscrit); }; log { source(s_src); filter(f_news); filter(f_err); destination(d_newserr); }; log { source(s_src); filter(f_news); filter(f_notice); destination(d_newsnotice); }; #log { source(s_src); filter(f_cnews); destination(d_console_all); }; #log { source(s_src); filter(f_cother); destination(d_console_all); };
#log { source(s_src); filter(f_ppp); destination(d_ppp); };
log { source(s_src); filter(f_debug); destination(d_debug); }; log { source(s_src); filter(f_error); destination(d_error); }; log { source(s_src); filter(f_messages); destination(d_messages); };
log { source(s_src); filter(f_console); destination(d_console_all); destination(d_xconsole); }; log { source(s_src); filter(f_crit); destination(d_console); };
# All messages send to a remote site # #log { source(s_src); destination(d_net); }; #log { source(s_src); source(s_net); destination(d_auth); }; ### # Include all config files in /etc/syslog-ng/conf.d/ ### @include "/etc/syslog-ng/conf.d/*.conf"
On Sat, Nov 3, 2018 at 9:19 AM Czanik, Péter <peter.czanik@balabit.com> wrote:
Hi,
The source declaration seems to be all right. If it still does not work, just a few more ideas what to check:
- make sure, that this source is actually used in a log path (other way it is not used) - if you use SELinux, set it to permissive mode temporarily (setenforce 0) - make sure that your firewall does not block it - the syslog() source is for RFC5424 logs, make sure that you send your logs using this protocol version
Have a nice weekend!
Bye,
Peter Czanik (CzP) <peter.czanik@balabit.com> Balabit (a OneIdentity company) / syslog-ng upstream https://syslog-ng.com/community/ https://twitter.com/PCzanik
On Sat, Nov 3, 2018 at 10:01 AM Fosiul Alam <fosiul@gmail.com> wrote:
Hi Thanks, i have changed this to source s_net { syslog(ip(192.168.1.13) port(514) transport("tcp")); };
still it does not listen to 514 or 601
do i need to do anthing in the config file to make it activate ?
On Fri, Nov 2, 2018 at 9:18 PM Péter, Kókai < peter.kokai@oneidentity.com> wrote:
Hello,
The syslog source by default listening on 601 port, you could change that with port(514) if you want to.
See the admin guide: https://www.syslog-ng.com/technical-documents/doc/syslog-ng-open-source-edit...
-- Kokan
On Fri, 2 Nov 2018, 7:29 pm Fosiul Alam, <fosiul@gmail.com> wrote:
Hello i have installed syslog-ng in our ubuntu server with version : 3.13
its running fine, I am using the default syslog-ng file and i have change this line as per documentation
source s_net { syslog(ip(192.168.1.19) transport("tcp")); };
but its not listing on port 514
What Do i have to do make it listen ?
Thanks for the help
● syslog-ng.service - System Logger Daemon Loaded: loaded (/lib/systemd/system/syslog-ng.service; enabled; vendor preset: enabled) Active: active (running) since Fri 2018-11-02 18:22:46 UTC; 4min 5s ago Docs: man:syslog-ng(8) Main PID: 16470 (syslog-ng) Tasks: 1 (limit: 2361) CGroup: /system.slice/syslog-ng.service └─16470 /usr/sbin/syslog-ng -F
Nov 02 18:22:46 syslog systemd[1]: Starting System Logger Daemon... Nov 02 18:22:46 syslog systemd[1]: Started System Logger Daemon.
-- Regards Fosiul Alam
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
-- Regards Fosiul Alam
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
-- Regards Fosiul Alam
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
-- Regards Fosiul Alam
Hi, "Fosiul Alam" <fosiul@gmail.com> írta 2018-11-03 10:35-kor:
Nov 03 10:34:25 syslog systemd[1]: syslog-ng.service: Main process exited, code=exited, status=2/INVALIDARGUMENT Nov 03 10:34:25 syslog systemd[1]: syslog-ng.service: Failed with result 'exit-code'. Nov 03 10:34:25 syslog systemd[1]: Failed to start System Logger Daemon. Nov 03 10:34:26 syslog systemd[1]: syslog-ng.service: Service hold-off time over, scheduling restart. Nov 03 10:34:26 syslog systemd[1]: syslog-ng.service: Scheduled restart job, restart counter is at 5. Nov 03 10:34:26 syslog systemd[1]: Stopped System Logger Daemon. Nov 03 10:34:26 syslog systemd[1]: syslog-ng.service: Start request repeated too quickly. Nov 03 10:34:26 syslog systemd[1]: syslog-ng.service: Failed with result 'exit-code'. Nov 03 10:34:26 syslog systemd[1]: Failed to start System Logger Daemon.
Ok, but what is the error message? As it seems, shitemd joarnal doesn't contain any useful message. Try to start manually in your terminal in foreground mode (-F). If it still doesn't show any useful message, you can try to use some verbose (-v) or debug switch (-d). Using -e can be also useful. And next time, for just testing the config file, you can try to use the -s option for syntax-check only. That way you could be sure, if your config file syntactically okay and if it is, then you can restart your service. Regards, Gyu
Hello, Also please when testing do not use a full blown configuration, that is just in a way of everybody. Create the most simple configuration file you can make, and test with that configuration file. Like: #test.conf @version: 3.13 @include "scl.conf" source s_net { syslog(ip(192.168.1.19) transport("tcp") port(514)); }; destination d_file { file("/tmp/syslog-ng.txt"); }; log { source(s_net); destination(d_file); }; Start it with syslog-ng -Fdev -f test.conf * Check the output for clues and/or paste here so we could also check it. * How did you checked that it is not listening on that port ? (syslog-ng usually either listens on that port or fails to start, so I am curious) -- Kokan On Sat, Nov 3, 2018 at 10:17 PM PÁSZTOR György < pasztor@linux.gyakg.u-szeged.hu> wrote:
Hi,
"Fosiul Alam" <fosiul@gmail.com> írta 2018-11-03 10:35-kor:
Nov 03 10:34:25 syslog systemd[1]: syslog-ng.service: Main process exited, code=exited, status=2/INVALIDARGUMENT Nov 03 10:34:25 syslog systemd[1]: syslog-ng.service: Failed with result 'exit-code'. Nov 03 10:34:25 syslog systemd[1]: Failed to start System Logger Daemon. Nov 03 10:34:26 syslog systemd[1]: syslog-ng.service: Service hold-off time over, scheduling restart. Nov 03 10:34:26 syslog systemd[1]: syslog-ng.service: Scheduled restart job, restart counter is at 5. Nov 03 10:34:26 syslog systemd[1]: Stopped System Logger Daemon. Nov 03 10:34:26 syslog systemd[1]: syslog-ng.service: Start request repeated too quickly. Nov 03 10:34:26 syslog systemd[1]: syslog-ng.service: Failed with result 'exit-code'. Nov 03 10:34:26 syslog systemd[1]: Failed to start System Logger Daemon.
Ok, but what is the error message? As it seems, shitemd joarnal doesn't contain any useful message.
Try to start manually in your terminal in foreground mode (-F). If it still doesn't show any useful message, you can try to use some verbose (-v) or debug switch (-d). Using -e can be also useful. And next time, for just testing the config file, you can try to use the -s option for syntax-check only. That way you could be sure, if your config file syntactically okay and if it is, then you can restart your service.
Regards, Gyu
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
I am trying to send logs to my graylog log server and I am getting I am sending a test message from my syslog server to graylog load-balancer and I can connect server using netcat and port 12201, but when I send an echo test message 205 bytes sent 0 bytes received. Nothing shows up in graylog. I checked the my logs and I am seeing this error message Connection failed; fd=‘14’, server=‘AF_INET(18.213.45.65:12201)’, local=‘AF_INET(0.0.0.0:0)’, error='Permission denied (13) On Fri, Nov 2, 2018 at 2:29 PM Fosiul Alam <fosiul@gmail.com> wrote:
Hello i have installed syslog-ng in our ubuntu server with version : 3.13
its running fine, I am using the default syslog-ng file and i have change this line as per documentation
source s_net { syslog(ip(192.168.1.19) transport("tcp")); };
but its not listing on port 514
What Do i have to do make it listen ?
Thanks for the help
● syslog-ng.service - System Logger Daemon Loaded: loaded (/lib/systemd/system/syslog-ng.service; enabled; vendor preset: enabled) Active: active (running) since Fri 2018-11-02 18:22:46 UTC; 4min 5s ago Docs: man:syslog-ng(8) Main PID: 16470 (syslog-ng) Tasks: 1 (limit: 2361) CGroup: /system.slice/syslog-ng.service └─16470 /usr/sbin/syslog-ng -F
Nov 02 18:22:46 syslog systemd[1]: Starting System Logger Daemon... Nov 02 18:22:46 syslog systemd[1]: Started System Logger Daemon.
-- Regards Fosiul Alam
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
Hello, please share - your rconfiguration - the command you started syslog-ng with - the user you are running syslog-ng on behalf. The Permission denied error message indicates, that you are trying to bind to a local address and port, which you do not have permission to use. Br, Laci On Mon, Nov 5, 2018 at 5:54 PM, Rodney Bizzell <hardworker30@gmail.com> wrote:
I am trying to send logs to my graylog log server and I am getting I am sending a test message from my syslog server to graylog load-balancer and I can connect server using netcat and port 12201, but when I send an echo test message 205 bytes sent 0 bytes received. Nothing shows up in graylog. I checked the my logs and I am seeing this error message Connection failed; fd=‘14’, server=‘AF_INET(18.213.45.65:12201)’, local=‘AF_INET(0.0.0.0:0)’, error='Permission denied (13)
On Fri, Nov 2, 2018 at 2:29 PM Fosiul Alam <fosiul@gmail.com> wrote:
Hello i have installed syslog-ng in our ubuntu server with version : 3.13
its running fine, I am using the default syslog-ng file and i have change this line as per documentation
source s_net { syslog(ip(192.168.1.19) transport("tcp")); };
but its not listing on port 514
What Do i have to do make it listen ?
Thanks for the help
● syslog-ng.service - System Logger Daemon Loaded: loaded (/lib/systemd/system/syslog-ng.service; enabled; vendor preset: enabled) Active: active (running) since Fri 2018-11-02 18:22:46 UTC; 4min 5s ago Docs: man:syslog-ng(8) Main PID: 16470 (syslog-ng) Tasks: 1 (limit: 2361) CGroup: /system.slice/syslog-ng.service └─16470 /usr/sbin/syslog-ng -F
Nov 02 18:22:46 syslog systemd[1]: Starting System Logger Daemon... Nov 02 18:22:46 syslog systemd[1]: Started System Logger Daemon.
-- Regards Fosiul Alam
____________________________________________________________ __________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/? product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
____________________________________________________________ __________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/? product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
Ok sure thanks I will show my config On Mon, Nov 5, 2018, 12:01 PM Szemere, László < laszlo.szemere@oneidentity.com wrote:
Hello, please share - your rconfiguration - the command you started syslog-ng with - the user you are running syslog-ng on behalf.
The Permission denied error message indicates, that you are trying to bind to a local address and port, which you do not have permission to use.
Br, Laci
On Mon, Nov 5, 2018 at 5:54 PM, Rodney Bizzell <hardworker30@gmail.com> wrote:
I am trying to send logs to my graylog log server and I am getting I am sending a test message from my syslog server to graylog load-balancer and I can connect server using netcat and port 12201, but when I send an echo test message 205 bytes sent 0 bytes received. Nothing shows up in graylog. I checked the my logs and I am seeing this error message Connection failed; fd=‘14’, server=‘AF_INET(18.213.45.65:12201)’, local=‘AF_INET(0.0.0.0:0)’, error='Permission denied (13)
On Fri, Nov 2, 2018 at 2:29 PM Fosiul Alam <fosiul@gmail.com> wrote:
Hello i have installed syslog-ng in our ubuntu server with version : 3.13
its running fine, I am using the default syslog-ng file and i have change this line as per documentation
source s_net { syslog(ip(192.168.1.19) transport("tcp")); };
but its not listing on port 514
What Do i have to do make it listen ?
Thanks for the help
● syslog-ng.service - System Logger Daemon Loaded: loaded (/lib/systemd/system/syslog-ng.service; enabled; vendor preset: enabled) Active: active (running) since Fri 2018-11-02 18:22:46 UTC; 4min 5s ago Docs: man:syslog-ng(8) Main PID: 16470 (syslog-ng) Tasks: 1 (limit: 2361) CGroup: /system.slice/syslog-ng.service └─16470 /usr/sbin/syslog-ng -F
Nov 02 18:22:46 syslog systemd[1]: Starting System Logger Daemon... Nov 02 18:22:46 syslog systemd[1]: Started System Logger Daemon.
-- Regards Fosiul Alam
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
The "permission denied" errno for a connect() call most probably relates to an LSM, probably SELinux that denies the outgoing connection. Check you selinux related log messages. On Mon, Nov 5, 2018 at 6:09 PM Rodney Bizzell <hardworker30@gmail.com> wrote:
Ok sure thanks I will show my config
On Mon, Nov 5, 2018, 12:01 PM Szemere, László < laszlo.szemere@oneidentity.com wrote:
Hello, please share - your rconfiguration - the command you started syslog-ng with - the user you are running syslog-ng on behalf.
The Permission denied error message indicates, that you are trying to bind to a local address and port, which you do not have permission to use.
Br, Laci
On Mon, Nov 5, 2018 at 5:54 PM, Rodney Bizzell <hardworker30@gmail.com> wrote:
I am trying to send logs to my graylog log server and I am getting I am sending a test message from my syslog server to graylog load-balancer and I can connect server using netcat and port 12201, but when I send an echo test message 205 bytes sent 0 bytes received. Nothing shows up in graylog. I checked the my logs and I am seeing this error message Connection failed; fd=‘14’, server=‘AF_INET(18.213.45.65:12201)’, local=‘AF_INET(0.0.0.0:0)’, error='Permission denied (13)
On Fri, Nov 2, 2018 at 2:29 PM Fosiul Alam <fosiul@gmail.com> wrote:
Hello i have installed syslog-ng in our ubuntu server with version : 3.13
its running fine, I am using the default syslog-ng file and i have change this line as per documentation
source s_net { syslog(ip(192.168.1.19) transport("tcp")); };
but its not listing on port 514
What Do i have to do make it listen ?
Thanks for the help
● syslog-ng.service - System Logger Daemon Loaded: loaded (/lib/systemd/system/syslog-ng.service; enabled; vendor preset: enabled) Active: active (running) since Fri 2018-11-02 18:22:46 UTC; 4min 5s ago Docs: man:syslog-ng(8) Main PID: 16470 (syslog-ng) Tasks: 1 (limit: 2361) CGroup: /system.slice/syslog-ng.service └─16470 /usr/sbin/syslog-ng -F
Nov 02 18:22:46 syslog systemd[1]: Starting System Logger Daemon... Nov 02 18:22:46 syslog systemd[1]: Started System Logger Daemon.
-- Regards Fosiul Alam
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
participants (7)
-
Czanik, Péter
-
Fosiul Alam
-
PÁSZTOR György
-
Péter, Kókai
-
Rodney Bizzell
-
Scheidler, Balázs
-
Szemere, László