You are not logged in.
Hi,
I am trying to configure syslog-ng on the server to read a logs from various network's devices. I don't now how I should make syslog-ng daemon to listen on network interface on port 514. I can't find anything appropriate in syslog-ng.conf. There is something about sources and destinations, but I think that it is for making rules for logging.
Can anybody help me?
Thanks O1da
Last edited by o1da (2009-02-04 21:11:00)
Offline
Im interested in this topic, nice question. (bump)
Last edited by quarkup (2009-02-03 22:14:34)
If people do not believe that mathematics is simple, it is only because they do not realize how complicated life is.
Simplicity is the ultimate sophistication.
Offline
I've recently been studying remote logging (or more specifically, getting syslog-ng to store it's nonsense in MySQL so I can generate reports) so you're in luck.
We have a Barracuda Web Filter at work, and needed the syslog daemon on it to output all web usage to the Arch box I have running. Using a rule called "bwf", I did it using:
source bwf {
udp();
tcp(max_connections(100));
};
This is useless without a destination and log rule, so, you'll also want to add...
# destination <destination name> { options };
destination bwflog { file("/var/log/bwf.log"); };
...to log to a file, to a console...
destination bwfconsole { file("/dev/vc/12"); };
... or, like I needed, to MySQL ...
destination d_mysql {
pipe("/var/log/mysql.pipe"
template("INSERT INTO logs
(host, facility, priority, level, tag, datetime, program, msg)
VALUES ( '$HOST', '$FACILITY', '$PRIORITY', '$LEVEL', '$TAG', '$YEAR-$MONTH-$DAY $HOUR:$MIN:$SEC',
'$PROGRAM', '$MSG' );\n ") template-escape(yes));
};
... then making a little script which created the pipe.
This is absolutely needed though, so include a log rule similar to this...
log { source(bwf); destination(d_mysql); };
This will direct anything received by the source "bwf" to the destination defined using "d_mysql". If you're going down the syslog to MySQL route, and get a copy of php-syslog-ng, then the table structure for the above query is installed during php-syslog-ng's install.
Hope this helps.
Offline
AFAIK, syslog-ng will listen on all interfaces when told to accept remote connections... If you want to restrict it to a specific interface and/or address, you'll need to firewall it (ie, iptables)
Edit: Yes it does listen to 0.0.0.0
# lsof -i|grep sysl
syslog-ng 5685 root 4u IPv4 678532 0t0 UDP *:syslog
syslog-ng 5685 root 5r IPv4 681244 0t0 TCP *:shell (LISTEN)
Last edited by fukawi2 (2009-02-04 00:26:25)
Are you familiar with our Forum Rules, and How To Ask Questions The Smart Way?
BlueHackers // fscanary // resticctl
Offline
It works! Thanks to all, especially to PinkFloydYoshi
Offline