[syslog-ng] sending log messages to graylog
Péter, Kókai
peter.kokai at oneidentity.com
Tue Nov 6 06:03:36 UTC 2018
Hello,
Please do not assume we know about default configuration, as we do not know
the source of your packages. (of course I could guess, but assumption are
mostly source of errors)
Yes with **log** you can and should connect source and destination - just
like in your e-mail.
Could you please be more specific about what you mean by local logs ? Logs
from journal (if you have systemd), logs from files (/var/log/...) ?
A good bet would be the **system** source, that should detect the system
and choose the appropriate method to collect the host logs.
See:
https://www.syslog-ng.com/technical-documents/doc/syslog-ng-open-source-edition/3.18/administration-guide/25#TOPIC-1043976
I would suggest for you to break up your debugging process:
* Verify if you could send logs to graylog (I think this was done)
* Verify if you could collect local logs (for example print those logs into
a file instead of graylog)
If the above two are okay, you can connect them with a log and should work.
--
Kokan
On Mon, Nov 5, 2018 at 9:55 PM Rodney Bizzell <hardworker30 at gmail.com>
wrote:
> Do I need to do something like this?
>
> # Define TCP syslog destination.
> destination d_net {
> syslog("graylog.example.org" port(514));
> };
> # Tell syslog-ng to send data from source s_src to the newly defined syslog destination.
> log {
> source(s_src); # Defined in the default syslog-ng configuration.
> destination(d_net);
> };
>
> syslog server not sending local logs to graylog
>
>
> On Mon, Nov 5, 2018 at 2:32 PM Péter, Kókai <peter.kokai at oneidentity.com>
> wrote:
>
>> Dear Rodney Bizzell,
>>
>> I would kindly ask you to either start a new thread or reply to with a
>> relevant information in the mailing list. Otherwise it is really hard to
>> send follow up to your and others questions.
>>
>> As to per your question. Probably you want to forward your other logs to
>> where syslog-ng is running :) and configure syslog-ng to receive those
>> other logs, and connect the destination that already can send to graylog
>> with the source that can and does receive other logs.
>>
>> In practice:
>>
>> @version: 3.18
>> @include "scl.conf"
>>
>> source my_s { default-network-driver(); };
>>
>> destination graylog { #graylog destination
>> };
>>
>> log { source(my_s); destination(graylog); };
>>
>> I hope this helps.
>>
>> Best regards,
>> Peter Kokai
>>
>> On Mon, Nov 5, 2018 at 7:52 PM Rodney Bizzell <hardworker30 at gmail.com>
>> wrote:
>>
>>> I got syslog to send and echo test message from syslog server to my
>>> graylog box. How do I ensure that my syslog box will send other servers
>>> logs to my graylog box through my syslog server. I am going to setup
>>> ipvsadm as load-balancer to point my legacy application to my syslog server
>>> and then they should get shipped through to graylog. Any information is
>>> greatly appreciated
>>>
>>> ______________________________________________________________________________
>>> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>>> Documentation:
>>> http://www.balabit.com/support/documentation/?product=syslog-ng
>>> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>>>
>>>
>> ______________________________________________________________________________
>> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>> Documentation:
>> http://www.balabit.com/support/documentation/?product=syslog-ng
>> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>>
>>
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation:
> http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20181106/f83b4b6c/attachment-0001.html>
More information about the syslog-ng
mailing list