[syslog-ng] syslog-ng 3.5
Péter, Kókai
peter.kokai at oneidentity.com
Thu Oct 11 04:26:28 UTC 2018
Hello,
If you starg syslogng with -Fe it might give you a clue.
Also 0.0.0.0 is a no - routable address, so it is fine for source, not so
much for destination, you should check out on which ip graylog listening,
if it is 0.0.0.0 you could use the loopback device 120.0.0.1 (or other
valid ip, but lo would be preferable).
--
Kokan
On Wed, 10 Oct 2018, 10:57 pm Rodney Bizzell, <hardworker30 at gmail.com>
wrote:
> I have install syslog-ng 3.5 and I am configuring it to send all logs to
> Graylog but once changes are made syslog-ng is failing. I change the
> address of graylog server to 0.0.0.0
>
>
> @version:3.5
> @include "scl.conf"
>
> # syslog-ng configuration file.
> #
> # This should behave pretty much like the original syslog on RedHat. But
> # it could be configured a lot smarter.
> #
> # See syslog-ng(8) and syslog-ng.conf(5) for more information.
> #
> # Note: it also sources additional configuration files (*.conf)
> # located in /etc/syslog-ng/conf.d/
>
> options {
> flush_lines (0);
> time_reopen (10);
> log_fifo_size (1000);
> chain_hostnames (off);
> use_dns (no);
> use_fqdn (no);
> create_dirs (no);
> keep_hostname (yes);
> };
>
> source s_sys {
> system();
> internal();
> udp(ip(0.0.0.0) port(514));
> };
>
> source s_net {
> udp(ip(0.0.0.0) port(514));
> tcp(ip(0.0.0.0) port(514) max-connections(256));
> };
>
> destination d_cons { file("/dev/console"); };
> destination d_mesg { file("/var/log/messages"); };
> destination d_auth { file("/var/log/secure"); };
> destination d_mail { file("/var/log/maillog" flush_lines(10)); };
> destination d_spol { file("/var/log/spooler"); };
> destination d_boot { file("/var/log/boot.log"); };
> destination d_cron { file("/var/log/cron"); };
> destination d_kern { file("/var/log/kern"); };
> destination d_mlal { usertty("*"); };
>
>
> destination d_graylog {
> tcp("0.0.0.0"
> port (12201)
> spoof_sources(yes)
> );
> };
>
>
> filter f_kernel { facility(kern); };
> filter f_default { level(info..emerg) and
> not (facility(mail)
> or facility(authpriv)
> or facility(cron)); };
> filter f_auth { facility(authpriv); };
> filter f_mail { facility(mail); };
> filter f_emergency { level(emerg); };
> filter f_news { facility(uucp) or
> (facility(news)
> and level(crit..emerg)); };
> filter f_boot { facility(local7); };
> filter f_cron { facility(cron); };
>
> #log { source(s_sys); filter(f_kernel); destination(d_cons); };
> log { source(s_sys); filter(f_kernel); destination(d_kern); };
> log { source(s_sys); filter(f_default); destination(d_mesg); };
> log { source(s_sys); filter(f_auth); destination(d_auth); };
> log { source(s_sys); filter(f_mail); destination(d_mail); };
> log { source(s_sys); filter(f_emergency); destination(d_mlal); };
> log { source(s_sys); filter(f_news); destination(d_spol); };
> log { source(s_sys); filter(f_boot); destination(d_boot); };
> log { source(s_sys); filter(f_cron); destination(d_cron); };
>
>
>
> log { source(s_net); destination(d_graylog); };
> log { source(s_sys); filter(f_default); destination(d_graylog);};
>
> # Source additional configuration files (.conf extension only)
> @include "/etc/syslog-ng/conf.d/*.conf"
>
>
> # vim:ft=syslog-ng:ai:si:ts=4:sw=4:et:
>
>
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation:
> http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20181011/093ec0df/attachment.html>
More information about the syslog-ng
mailing list