[syslog-ng] Please Help! Syslog-ng Not Putting Logs in Destination
Attila Szakács
attila.szakacs at axoflow.com
Mon Jan 15 15:07:45 UTC 2024
Hello Sumanta!
Your config looks good.
The log about the statistics show that there are no incoming messages on
514 UDP and nothing is written to the files defined in the d_splunk
destination.
I think you could try to narrow down the scope of the problem with the
following ideas.
Try to send a message locally to 514 with:
echo "foo bar" | nc -u -w0 localhost 514
If it does not work, I would suggest to change the receiving port of the
network() source to something larger, like port(12345), and trying again
with the following, just to see if the problem only occurs for the 514 port:
echo "foo bar" | nc -u -w0 localhost 12345
You should see these kind of logs:
[2024-01-15T15:58:46.037255] Incoming log entry; input='foo bar\x0a',
msg='0x7f9bb0003020', rcptid='297'
...
[2024-01-15T15:58:46.037655] Initializing destination file writer;
template='......', filename='......', symlink_as='(null)'
...
[2024-01-15T15:58:46.037872] Outgoing message; message='bar'
My hunch is that this probably has something to do with SELinux, but
unfortunately my knowledge of it is very limited.
Regards,
Attila
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20240115/6f36d4e1/attachment.htm>
More information about the syslog-ng
mailing list