[syslog-ng] Syslogs not writing to disk

Rose, Ed Ed_Rose at mentor.com
Thu Apr 30 14:20:26 UTC 2020 

Hello All,

I have syslog-ng setup currently setup to write to disk and forward events on to a different syslog server.  Syslog isn't writing to disk it seems.  I do not see any errors either, unless I am not looking in the right place for the errors.  Tcpdump -v host x.x.x.x shows data coming in from the host but a tail -f ${HOST}/log_${HOST} shows no logs going to disk.

Thanks
Ed


syslog-ng 3 (3.14.1)
Config version: 3.14
Installer-Version: 3.14.1
Revision:
Module-Directory: /usr/lib64/syslog-ng
Module-Path: /usr/lib64/syslog-ng
Available-Modules: afmongodb,sdjournal,linux-kmsg-format,appmodel,date,pseudofile,afamqp,syslogformat,csvparser,cef,tags-parser,affile,afsocket,afstomp,tfgetent,json-plugin,confgen,system-source,stardate,graphite,dbparser,afprog,xml,add-contextual-data,snmptrapd-parser,cryptofuncs,kvformat,disk-buffer,basicfuncs,afuser,map-value-pairs
Enable-Debug: off
Enable-GProf: off
Enable-Memtrace: off
Enable-IPv6: on
Enable-Spoof-Source: on
Enable-TCP-Wrapper: on
Enable-Linux-Caps: on
Enable-Systemd: on


filter f_awanra1 { host("x.x.x.x"); };
filter f_bwanra1 { host("x.x.x.x"); };
filter f_cwanra1 { host("x.x.x.x"); };

destination d_ciscoasa { file("/var/log2/gns/cisco_asa/${HOST}/log_${HOST}" create-dirs(yes) dir-perm(0755) dir-group(splunk) perm(0640) group(splunk)); };

destination d_uid1 { tcp("x.x.x.x"  port(514) ); };
destination d_uid2 { tcp("x.x.x.x"  port(514) ); };
destination d_uid3 { tcp("x.x.x.x"  port(514) ); };
destination d_uid4 { tcp("x.x.x.x"  port(514) ); };

log { source(s_net); filter(f_amywanra1); destination(d_ciscoasa); destination(d_uid1); destination(d_uid2); destination(d_uid3); destination(d_uid4); flags(final); };
log { source(s_net); filter(f_cnswanra1); destination(d_ciscoasa); destination(d_uid1); destination(d_uid2); destination(d_uid3); destination(d_uid4); flags(final); };
log { source(s_net); filter(f_demwanra1); destination(d_ciscoasa); destination(d_uid1); destination(d_uid2); destination(d_uid3); destination(d_uid4); flags(final); };
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20200430/7906a50a/attachment.html>

More information about the syslog-ng mailing list