[syslog-ng] Can't get basic syslog to work for my firewall logs?
Tim Tyler
tyler at beloit.edu
Fri Feb 24 15:06:47 UTC 2017
Syslog-ng experts.
I am very new to syslog-ng. I installed syslog-ng on a fresh Redhat 7.3
server. It defaults working with internal logging. So I configured my
firewall to send syslog with facility set to log_user. I turned on
Wireshark on the syslog-ng server and observed the firewall sending traffic
to the server on udp 514.
But the syslog server never created the directory structure and logs. I
disabled the redhat firewall just to eliminate it as a possibility. Still
no logging. So I don’t know what I am doing wrong at this point. I don’t
know if this is a permission problem or some other configuration issue. I
found someone that had posted a very basic syslog-ng configuration for
firewalls. So I copied It into a firewall.conf I put in conf.d. Can
anyone see what might be wrong with it?
####################
options {
create_dirs(yes);
owner(root);
group(root);
perm(0640);
dir_owner(root);
dir_group(root);
dir_perm(0750);
};
##################################################
source s_udp {
udp(port(514));
};
#Template for a new firewall in the firewalls.conf file
#Entries to be changed: NAMEOFTHEFIREWALL and IPOFTHEFIREWALL
##################################################
filter f_NAMEOFTHEFIREWALL {
host("192.168.30.1");
};
destination d_NAMEOFTHEFIREWALL {
file("/var/log/firewalls/PA/$YEAR/$MONTH/$YEAR-$MONTH-$DAY.PA.log");
};
log {
source(s_udp);
filter(f_NAMEOFTHEFIREWALL);
destination(d_NAMEOFTHEFIREWALL);
};
Tim Tyler
Network Engineer
Beloit College
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20170224/0b098222/attachment.html>
More information about the syslog-ng
mailing list