[syslog-ng] tcpdump shows device sending syslog from UDP

Mon Apr 8 13:50:59 UTC 2019

Hello Fabien, 

I was running tcpdump on my syslog-ng server, and able to see the package from 1.2.3.4 but my local logfile for UDP 514 didn't show any syslog from 1.2.3.4.

Is there another configuration file need to be setup in somewhere? 

Thank you very much!

VL

-----Original Message-----
From: syslog-ng [mailto:syslog-ng-bounces at lists.balabit.hu] On Behalf Of syslog-ng-request at lists.balabit.hu
Sent: 2019, April, 08 8:00 AM
To: syslog-ng at lists.balabit.hu
Subject: syslog-ng Digest, Vol 168, Issue 8

Send syslog-ng mailing list submissions to
	syslog-ng at lists.balabit.hu

To subscribe or unsubscribe via the World Wide Web, visit
	https://lists.balabit.hu/mailman/listinfo/syslog-ng
or, via email, send a message with subject or body 'help' to
	syslog-ng-request at lists.balabit.hu

You can reach the person managing the list at
	syslog-ng-owner at lists.balabit.hu

When replying, please edit your Subject line so it is more specific than "Re: Contents of syslog-ng digest..."

Today's Topics:

   1. Re:  WebGUI for Syslog-ng storing logs in HDFS (Lee Keng Ket)
   2. Re:  tcpdump shows device sending syslog from UDP 514 but not
      write to local log file (Fabien Wernli)

----------------------------------------------------------------------

Message: 1
Date: Mon, 8 Apr 2019 14:24:09 +0800
From: Lee Keng Ket <kengket at gmail.com>
To: "Syslog-ng users' and developers' mailing list"
	<syslog-ng at lists.balabit.hu>
Subject: Re: [syslog-ng] WebGUI for Syslog-ng storing logs in HDFS
Message-ID:
	<CAHJFZ9edfAq2tKKfjYxNqFJrzjx-Yb77-BxFak4F+vCQDYWoWw at mail.gmail.com>
Content-Type: text/plain; charset="utf-8"

Hi, Peter

Thanks for your info, will look into the link you share. As HDFS is decided to be the storage of logs, I'm trying not to store another copy in ES.

Hi, Nik

What's the difference between this open-distro and the ES from elastic.co?

Thank you.

Regards,
KK

On Fri, Apr 5, 2019 at 10:21 PM Nik Ambrosch <nik at ambrosch.com> wrote:

> I was considering HDFS but ultimately chose ES because of simplicity.  
> I too spent a while looking for a pre-packaged suite but most things 
> are commercial.
>
> I'd like to check this out sometime, just haven't had the opportunity 
> - https://opendistro.github.io/for-elasticsearch/
>
> On Fri, Apr 5, 2019 at 10:00 AM Czanik, Péter 
> <peter.czanik at balabit.com>
> wrote:
>
>> Hi,
>>
>> Many syslog-ng users store logs to Elasticsearch and search/analyze 
>> them using Kibana. Personally I never tested, but should take a look 
>> at Elasticsearch-Hadoop if it solves your problem:
>> https://www.elastic.co/products/hadoop
>>
>> Bye,
>>
>> Peter Czanik (CzP) <peter.czanik at balabit.com> Balabit (a OneIdentity 
>> company) / syslog-ng upstream https://syslog-ng.com/community/ 
>> https://twitter.com/PCzanik
>>
>>
>> On Fri, Apr 5, 2019 at 3:50 PM Lee Keng Ket <kengket at gmail.com> wrote:
>>
>>> Hi,
>>>
>>> How about open source webGUI? Any recommendations?
>>>
>>> Thank you.
>>>
>>> Regards,
>>> KK
>>>
>>>
>>> On Fri, 5 Apr 2019, 20:56 Jim Hendrick, <james.r.hendrick at gmail.com>
>>> wrote:
>>>
>>>> It's not free - but you might look at the Syslog Store Box - 
>>>> https://www.syslog-ng.com/products/log-management-appliance/
>>>>
>>>> They have also done some cool stuff with a native splunk HEC 
>>>> destination in the professional edition of syslog-ng. Might look at 
>>>> using that and splunk for the front-end?
>>>>
>>>> Jim
>>>>
>>>>
>>>> On Fri, Apr 5, 2019 at 2:38 AM Lee Keng Ket <kengket at gmail.com> wrote:
>>>>
>>>>> Hi,
>>>>>
>>>>> I'm looking for a WebGUI application for users to search for 
>>>>> syslog, which the logs are stored by syslog-ng into HDFS.
>>>>>
>>>>> Can you please share what WebGUI you're using?
>>>>>
>>>>> I realize ElasticSearch with Kibana are the famous solution for 
>>>>> this, however, I wish to store my syslog in HDFS.
>>>>>
>>>>> Thank you.
>>>>>
>>>>> Regards,
>>>>> KK
>>>>>
>>>>> __________________________________________________________________
>>>>> ____________ Member info: 
>>>>> https://lists.balabit.hu/mailman/listinfo/syslog-ng
>>>>> Documentation:
>>>>> http://www.balabit.com/support/documentation/?product=syslog-ng
>>>>> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>>>>>
>>>>>
>>>> ___________________________________________________________________
>>>> ___________ Member info: 
>>>> https://lists.balabit.hu/mailman/listinfo/syslog-ng
>>>> Documentation:
>>>> http://www.balabit.com/support/documentation/?product=syslog-ng
>>>> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>>>>
>>>>
>>> ____________________________________________________________________
>>> __________ Member info: 
>>> https://lists.balabit.hu/mailman/listinfo/syslog-ng
>>> Documentation:
>>> http://www.balabit.com/support/documentation/?product=syslog-ng
>>> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>>>
>>>
>> _____________________________________________________________________
>> _________ Member info: 
>> https://lists.balabit.hu/mailman/listinfo/syslog-ng
>> Documentation:
>> http://www.balabit.com/support/documentation/?product=syslog-ng
>> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>>
>>
> ______________________________________________________________________
> ________ Member info: 
> https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation:
> http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20190408/feb5e5c1/attachment-0001.html>

------------------------------

Message: 2
Date: Mon, 8 Apr 2019 10:40:05 +0200
From: Fabien Wernli <wernli at in2p3.fr>
To: "Syslog-ng users' and developers' mailing list"
	<syslog-ng at lists.balabit.hu>
Subject: Re: [syslog-ng] tcpdump shows device sending syslog from UDP
	514 but not write to local log file
Message-ID: <20190408084005.j4v2k5atrmcn6amp at ccfawe.in2p3.fr>
Content-Type: text/plain; charset=us-ascii

On Fri, Apr 05, 2019 at 03:46:37PM +0000, Lin, Victor wrote:
>   When use: tcpdump src host 1.3.4.5 and port 514 ,   I can see host 1.3.4.5 is sending the syslog to my syslog-ng
> But when I search my local log special for port 514, I didn't see any 
> syslog from 1.3.4.5

firewall?

------------------------------

Subject: Digest Footer

_______________________________________________
syslog-ng maillist  -  syslog-ng at lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng

------------------------------

End of syslog-ng Digest, Vol 168, Issue 8
*****************************************
_______________________________________________________________________
If you received this email in error, please advise the sender (by return email or otherwise) immediately. You have consented to receive the attached electronically at the above-noted email address; please retain a copy of this confirmation for future reference.  

Si vous recevez ce courriel par erreur, veuillez en aviser l'expéditeur immédiatement, par retour de courriel ou par un autre moyen. Vous avez accepté de recevoir le(s) document(s) ci-joint(s) par voie électronique à l'adresse courriel indiquée ci-dessus; veuillez conserver une copie de cette confirmation pour les fins de reference future.