[syslog-ng] Verifying local logs and remote logs are being sent to destination graylog

PÁSZTOR György pasztor at linux.gyakg.u-szeged.hu
Tue Nov 6 18:59:08 UTC 2018


"Rodney Bizzell" <hardworker30 at gmail.com> írta 2018-11-05 15:10-kor:
> I want to make sure that my local logs on my syslog box are being sent to
> my graylog host what config changes do I need to make to ensure that is
> configured correctly. Can I have an example for illustration. Thanks.

You mean, all of your local logs catched through the /dev/log socket on
your system, and the rest. In practical terms: what the system() source
collects all should be forwarded towards the graylog server.
Am I understand your goal right?

> log { source(s_net); destination(d_graylog); };
> log { source(s_sys); filter(f_default); destination(d_graylog);};

In this case the second line should not have a filter() statement, just
like your first line: In your first log statement you send every log
message collected on the s_net source to d_graylog.
If you want to do the same with the local logs _unfiltered_, then you have
to remove the filter(f_default); statement from the log path definition.


More information about the syslog-ng mailing list