[syslog-ng] tcpdump shows device sending syslog from UDP 514 but not write to local log file
Lin, Victor
victor.lin at rbc.com
Fri Apr 5 15:46:37 UTC 2019
Dear all,
When use: tcpdump src host 1.3.4.5 and port 514 , I can see host 1.3.4.5 is sending the syslog to my syslog-ng
But when I search my local log special for port 514, I didn't see any syslog from 1.3.4.5
Is there another location to config the syslog-ng, except /app/syslog-ng/custom/conf/syslog-ng.conf ?
Below is from my syslog-ng.conf
# Syslog collection for all devices
source s_network {
network(
transport("udp")
port(514)
flags(syslog_protocol)
keep_hostname(yes)
keep_timestamp(yes)
use_dns(no)
use_fqdn(no)
);
};
destination d_all_logs {
file("/app/syslog-ng/custom/output/all_devices.log");
network("102.45.2.86" port(514) transport(udp) spoof_source(yes));
};
log {
source(s_network);
source(s_arista_network);
destination(d_all_logs);
};
Thank you very much for reply in advance!!!!!
VL
_______________________________________________________________________
If you received this email in error, please advise the sender (by return email or otherwise) immediately. You have consented to receive the attached electronically at the above-noted email address; please retain a copy of this confirmation for future reference.
Si vous recevez ce courriel par erreur, veuillez en aviser l'expéditeur immédiatement, par retour de courriel ou par un autre moyen. Vous avez accepté de recevoir le(s) document(s) ci-joint(s) par voie électronique à l'adresse courriel indiquée ci-dessus; veuillez conserver une copie de cette confirmation pour les fins de reference future.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20190405/16188f97/attachment.html>
More information about the syslog-ng
mailing list