Projects / syslog-ng / Comments

Comments for syslog-ng

11 Feb 2008 16:22 ConSeannery

Re: syslog-ng not able to specify listening address?


> I can't seem to find any way to do this

> ... any suggestions?

>

> It doesn't seem as if there is a config

> or command-line option to tell syslog-ng

> to only listen on a certain IP address.

> This would be very useful, as I have a

> logging server that I want to have

> multiple IP addresses and different

> configs of syslog-ng listening on each.

>

> Does this exist and I'm not seeing it,

> or should it be a feature request?

Hey,

You define "sources" to do that. So, lets say you've got a management server with an internal ip of 10.1.10.1. You want the servers in the network to relay their logs to it. You can set your server to listen on that port by doing this in your syslog-ng.conf:

source s_internal_network {

#Receives messages on this boxes internal interface on port 1234.

tcp(ip(10.1.10.1) port(1234) max-connections(30));

};

Then configure a destination and a filter if necessary, then restart syslog-ng. if you do a netstat -pantu you will see that syslog-ng is listening on 10.1.10.1 port 1234.

Hope that helps. The manual is pretty easy to follow, unlike most dry and terrible documentation associated with linux tools, so check it out!

26 May 2005 09:44 Sjobeck

syslog-ng webmin module
I love anything with "-ng" after its name and this software is a perfect example of why. Really like it. The only thing hangign us up with it is that there is no webmin module for it. Let's face it, some people, even me, from time to time, need a GUI, and the regular syslog module in webmin does not work. If any one knocked down this issue, we would be forever in your debt.

Peace. Love. Linux.

Jason

10 Jun 2004 08:35 wmoran

syslog-ng not able to specify listening address?

I can't seem to find any way to do this ... any suggestions?


It doesn't seem as if there is a config or command-line option to tell syslog-ng to only listen on a certain IP address. This would be very useful, as I have a logging server that I want to have multiple IP addresses and different configs of syslog-ng listening on each.


Does this exist and I'm not seeing it, or should it be a feature request?

20 Apr 2004 18:28 akhasha

Re: Syslog-ng best thing since sliced bread


> The ability to send the log stream to

> the stdin of a program is a feature you

> just can't find anywhere else.

I don't know if this was the case back then, but with current versions of syslogd you can. From the manpage of syslogd version 1.4.1:

kern.=debug |/usr/adm/debug

This sends kernel debug messages to a FIFO from which another program can read. Though to make it appear on stdin you'd have to wrap it with a shell redirect using cat.

20 Sep 2001 16:25 thoth

network logging doesn't work well yet
I'm in need of a network logging solution which can survive network outages.

It appears syslog-ng does not perform well. When I gave it a remote network destination, It only logged to a single file and no messages appeared in any of the designated files. When I removed the remote destination from the configuration, things worked properly. I assume it is blocking on writes to the network.

Worse, errors in the config file result in a message like

parse error at 11
Parse error reading configuration file, exiting.

Not exactly illuminating. Eventually I found out how to specify a remote destination thanks to google :

destination central { tcp(10.21.0.3 port(514) ); };

Of course, the documentation on the web site was pretty much useless, with a single trite sentence documenting the tcp destination.

The documentation will doubtless improve as the product matures, but I don't know if this software has the necessary architecture to reliably deliver messages to remote machines in the face of network outages or local daemon restarts.

30 Jan 2001 23:39 posilipo

Re: Syslog-ng best thing since sliced bread
And now in dev version 1.5.3, you can also write logs to your targets in a custom format (field expansion), allowing you to use your Cisco's local clocks in your syslogs without getting two timestamps, for instance. syslog-ng is well worth the time, but do be warned - the documentation is old, and can contain mistakes relating to the placement of brackets and quotes in syntax (but the mailing list is good).

30 Jan 2001 21:03 iMMo420

Syslog-ng best thing since sliced bread
I really recommend this to any sys admins who have to dynamically deal with log output. I use it in a manufacturing facility to split log streams from many log clients into separate files based on hostname and other test system data. The ability to send the log stream to the stdin of a program is a feature you just can't find anywhere else.

30 Nov 2000 00:31 chtephan

Quality
Hi! I'm using a beta version of syslog-ng for over a year now on a server that runs day and night. It has a fairly huge config file. And I didn't encounter any problem yet.
Nice piece of work. Wondering why it hasn't been adopted by any distribution yet?

22 Apr 2000 14:31 dillivision

syslog-ng works for me
Just tried syslog-ng, seems a very good replacement for my standard syslogs. Worked for my sparc netBSD my i386 OpenBSD and my Linux system. Makes my logging life easy.

24 Jun 1999 04:18 widor

new URL
the URL has been slightly changed, try http://www.balabit.hu/products/syslog-ng/ (http://www.balabit.hu/products/syslog-ng/)

Screenshot

Project Spotlight

ReciJournal

An open, cross-platform journaling program.

Screenshot

Project Spotlight

Veusz

A scientific plotting package.