[syslog-ng] Verifying local logs and remote logs are being sent to destination graylog

[PÁSZTOR György]

Hi Rodney,

"Rodney Bizzell" <hardworker30 at gmail.com> írta 2018-11-12 13:28-kor:
> So I upgraded to syslog-ng 3.18 and it has syslog-ng-debun options. I was

Just to run syslog-ng-debun, you should not had to upgrade your syslog-ng.
syslog-ng-debun is a simple all in one portable shell script which's
purpose is to gather information about any kind of syslog-ng installation.
Always safe to use the latest one of this from the master branch, as I
suggested to download via wget.

> reading through the documentation and when I issue syslog-ng-debun -d -P
> 'port 12201' should I see anything on standard out because all that happen
> was it displayed the options for the command.  That is all that happened

Yepp. In the meantime János Szigetrvári added an extra -r option to the
script and that changed the default behaviour. Without the -r option it's
just a "--dry-run"-ish parametering. It does nothing, except test the
parameters.
You can see that changeset following this link:
https://github.com/balabit/syslog-ng/commit/f9312f87b758c450c6108abe8da9cf0b4d16ced4

So, from that point on, every syslog-ng-debun command should be replaced
with the same, just adding an extra -r option.

Which in your case, means: you should've run:
syslog-ng-debun -r -d -P 'port 12201'

> when I issued the command below in this email. I tried to run
> syslog-ng-debun -r and that executed and created a tarball.

Yep. This -r -d -P 'port 12201' will also create a tarball. Just a more
useful one: It will run tcpdump in the bacground, to collect network
traffic at the same time, matching the "port 12201" filtering expression.

Btw.: Make sure, you have tcpdump installed on the system. Otherwise the
script won't be able to run tcpdump.

When you finished, we need that tarball what the script created.

Regards,
Gyu