[syslog-ng] Syslog-ng missing few logs to write to local file after showing in tcpdump
Budai, László
laszlo.budai at oneidentity.com
Thu Sep 20 10:57:51 UTC 2018
Hi,
there can be many reasons... (are you using network filesystem?)
Base on your other question you have a filter. Could you share your
configuration?
syslog-ng provides statistics on filters (match/unmatch), but only from
stats-level-2 (and as I remember from version 3.10), example cfg:
@version:
3.17
@include "scl.conf"
options {
stats-level(2);
};
source s_net {
network(
port(5555)
transport("tcp")
);
};
destination d_net {
network(
"localhost" port(15554)
transport(tcp)
);
};
filter f_test {
match("TEST" value(MESSAGE))
};
log {
source(s_net);
filter(f_test);
destination(d_net);
flags(flow-control);
};
and then:
sbin/syslog-ng-ctl query get 'filter.f_test.*'
L.
On Thu, Sep 20, 2018 at 12:31 PM, Harish Shetty <harish23shetty at gmail.com>
wrote:
> Hi All
>
> I have syslog-ng (syslog-ng-3.9.1-1.el6.x86_64) which is running on Red
> Hat 6.6. I have rule defined as mentioned below
>
> destination d_networkx { file("/mnt/u001/syslog/$HOST/$YEAR$MONTH$DAY/network.log");
> };
>
> But syslog-ng is unable to write some logs to local file even though we
> see those logs in the tcpdump? What could be causing this.
>
> And one more thing need to know , is ther any way to check per filter
> (d_networkx) how many we received and how many we Processed(wrote) to a file
>
> Regards
> Harish Shetty
>
>
>
> ____________________________________________________________
> __________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation: http://www.balabit.com/support/documentation/?
> product=syslog-ng
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20180920/8b9afad7/attachment-0001.html>
More information about the syslog-ng
mailing list