Unix and Linux Stack Exchange
Unix and Linux Stack Exchange

Questions tagged [syslog-ng]

Questions specific to the syslog-ng logging solution (https://syslog-ng.org/). Use this tag if your question relates to configuring or using syslog-ng, or if you'd like to know if you can solve a particular logging problem with syslog-ng.

syslog-ng allows you to flexibly collect, parse, classify, and correlate logs from across your infrastructure and store or route them to log analysis tools.

With syslog-ng, you can collect logs from any source, process them in near real-time and deliver them to a wide variety of destinations, including:

  • SQL and NoSQL databases (Oracle, MySQL, PostgreSQL),
  • queuing protocols (AMQP, STOMP),
  • big data destinations (Elasticsearch, Apache Kafka, HDFS),
  • and various other destinations like Graphite, Redis, Riemann, and others.
74 questions
91
votes
2 answers

Understand logging in Linux

As I understand, Linux kernel logs to /proc/kmsg file(mostly hardware-related messages) and /dev/log socket? Anywhere else? Are other applications also able to send messages to /proc/kmsg or /dev/log? Last but not least, am I correct that it is the…
Martin
  • 7,284
  • 40
  • 125
  • 208
9
votes
1 answer

How copytruncate actually works?

we would like to understand copytruncate before rotating the file using logrotate with below configuration: /app/syslog-ng/custom/output/all_devices.log { size 200M copytruncate dateext dateformat -%Y%m%d-%s rotate 365 sharedscripts…
overexchange
  • 1,466
  • 10
  • 29
  • 46
7
votes
5 answers

syslog-ng service not starting with systemd but command works fine

I have a freshly installed version on CentOS 7 once which I have installed syslog-ng from the EPEL repositories. ~: yum list | grep syslog syslog-ng.x86_64 3.5.6-1.el7 @epel When I try to start it via…
Antoine Benkemoun
  • 405
  • 2
  • 4
  • 8
6
votes
3 answers

Log every command typed in any shell: output (from logger function to syslog-ng/journald) contains duplicate entries for commands?

I installed syslog-ng to use on my desktop (Gentoo 64bit, upgraded to systemd i.e. was OpenRC before, with Openbox and Slim only) with my normal user to log all commands I type in the shell (bash first, then eventually zsh). I've explored different…
user44370
5
votes
3 answers

How to exclude given lines in syslog-ng?

I need to exclude a given line in the messages file: Oct 25 04:09:23 SERVERNAME PFILTER-DROP: IN=ifeth4 OUT= MAC=ff:ff:ff:ff:ff:ff:AA:AA:AA:AA:AA:AA:AA:AA SRC=192.168.202.4 DST=192.168.202.255 LEN=238 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP…
gasko peter
  • 5,434
  • 22
  • 83
  • 145
5
votes
1 answer

Separate messages of multiple sshds in syslog-ng

Is there a common way of distinguishing between the messages of multiple processes in syslog-ng beside setting different facilities? +1 if filtering and therefore logging in different files would be possible. I have a system setup with two running…
echox
  • 17,753
  • 7
  • 51
  • 56
4
votes
1 answer

Converting syslog-ng 3.0? format to 3.2 format

Just rebooted my system to this warning :: Starting Syslog-NG [BUSY] WARNING: Configuration file format is too old, please update it to use the 3.2 format as some constructs might…
xenoterracide
  • 57,918
  • 74
  • 184
  • 250
3
votes
1 answer

Rsyslog Central Log Host

I'm moving from a syslog-ng central log host to rsyslog. I can't even seem to find syslog-ng in the CentOS repos these days. I want to filter logs by hostname and facility. Here is how I do it in syslog-ng destination std { …
Mark Cohen
  • 1,352
  • 9
  • 12
3
votes
1 answer

Configure & Compile syslog-ng from source, got: Threads are not supported on this platform

I have configure, gmake, and gmake installed syslog-ng-3.4.0alpha1 with eventlog-0.2.12 and other dependencies. From then output of the ./configure --prefix=/syslog --with-gnu-ld, I can see that the configure script is passing the compiler option…
emhohensee
  • 151
  • 1
  • 7
3
votes
2 answers

Can I send the ouput of a log to a command as an argument to an option in syslog-ng?

According to the documentation I can execute a program somewhat like so: destination knotifier { program('/path/to/executable'; }; And it will send the log to the stdin of the executable. But what if the program I'm executing would need the input…
xenoterracide
  • 57,918
  • 74
  • 184
  • 250
3
votes
1 answer

Failover with Syslog-ng?

Is it possible to set up a failover mechanism with Syslog-NG opensource edition? I want that the syslog-ng Daemon logs to a remote Loghost and switches to an other server if the first would go down for some reason...
user2927980
  • 307
  • 1
  • 7
  • 14
2
votes
1 answer

Syslog TLS Compression and Message Buffering

Where I work, we have a site-to-site VPN tunnel set up between our main data center and a third party data center that does some Oracle PaaS for us. Since they charge per-VM, we're monitoring the Oracle audit logs on a local VM that is running the…
Bratchley
  • 16,684
  • 13
  • 64
  • 103
2
votes
1 answer

Any way to keep Stunnel from blowing up my logfiles?

I have stunnel v5.44 (Ubuntu 18.04 v3:5.44-1ubuntu3) configured on a client to connect to a server in a screened subnet. The remote host has syslog configured to listen for logfiles over the stunnel connection. The client, of course, is configured…
Server Fault
  • 547
  • 1
  • 4
  • 17
2
votes
1 answer

What is `tty10` used for in syslog-ng

syslog-ng has the option to include a config snippet: @include "`scl-root`/system/tty10.conf" and many examples on-line include that file; but I can't understand what it's for? The entire included file consists of: @define tty10 "/dev/tty10"
ericx
  • 454
  • 1
  • 3
  • 12
2
votes
0 answers

syslog-ng make error - final link failed: Nonrepresentable section on out

I am trying to install syslog-ng-3.13.2 from source code on embedded linux. I executed ./configure --with-ivykis=system successfully. After that, on executing make, I get the following…
Jay
  • 291
  • 1
  • 3
  • 20
1
2 3 4 5