Skip to main content
We’ve updated our Terms of Service. A new AI Addendum clarifies how Stack Overflow utilizes AI interactions.
Unix & Linux

Questions tagged [syslog-ng]

Ask Question

Questions specific to the syslog-ng logging solution (https://syslog-ng.org/). Use this tag if your question relates to configuring or using syslog-ng, or if you'd like to know if you can solve a particular logging problem with syslog-ng.

80 questions
Newest Active Bountied Unanswered
Filter by
Sorted by
Tagged with
0 votes
0 answers
47 views

I have an application sending messages using syslog perl module. syslog-ng client is capturing it by a custom filter that uses program name and writes it to a new file. I can see the log lines added ...
nd23's user avatar
  • 1
1 vote
1 answer
121 views

I have a little experience with RHEL 6 from around 2016-2018 timeframe, but not much. When I took a new job in January 2025, I inherited a couple RHEL 8 systems. Those systems are not connected to a ...
user3271408's user avatar
  • 111
0 votes
1 answer
169 views

Yesterday I upgraded a VM (with very limited disk space) from Debian/bookworm to the shiny new Debian/trixie. One of the changes introduced was setting the frequency of status printout in syslog-ng to ...
umläute's user avatar
  • 6,734
0 votes
0 answers
60 views

new to syslog-ng but been working on this issue for a few days and have nowhere to go. logs aren't really pointing me anywhere anymore that I can tell. I'm running syslog-ng as a container in an ...
Jason Bullen's user avatar
  • 1
0 votes
1 answer
865 views

I noticed that the default datetime format for logs in /var/log/messages is mmm [d]d hh:mm:ss, for example: Jan 4 03:46:50 1.2.3.4 ntpclient[6952]: Failed resolving address to hostname pool.ntp.org: ...
skeetastax's user avatar
  • 159
0 votes
2 answers
637 views

I am running syslog-ng on debian. How do I check which conf file was loaded upon startup? Neither systemctl status syslog-ng nor systemctl show syslog-ng tell me.
skeetastax's user avatar
  • 159
0 votes
0 answers
1k views

I am doing a project where the organisation uses syslog-ng for the central remote logging servers and this will surely not change. The application suite that I am developing on, is using Red Hat ...
user581894's user avatar
  • 1
0 votes
1 answer
2k views

I am new to syslog-ng and was trying to fix the issue of an error which arises due to uniqueness of the persist names in syslog-ng, I see the below error in my syslog err Error checking the ...
Manu's user avatar
  • 103
1 vote
1 answer
2k views

I am building an embedded Linux board with Buildroot (user manual here). I have syslog-ng running on the board. It's config file is specified in buildroot here: https://github.com/buildroot/buildroot/...
Gabriel Staples's user avatar
  • 3,052
0 votes
1 answer
3k views

I am new to syslog-ng, and want to test writing to a syslog from an external device. The external device shows that it is "connected" to my syslog on port 516. However, on my CentOS7 host ...
TSG's user avatar
  • 1,993
1 vote
1 answer
517 views

I'm trying to configure syslog-ng in an embedded distro. I added the syslog-ng package. I was expecting the /var/log/ files to include their log severity / log level, but it isn't to. Any way to ...
EagleOne's user avatar
  • 433
0 votes
1 answer
364 views

I have an Ubuntu server with sftpd running where /var/data/chroot/ is an NFS mount from a remote central NFS server, and each sftpd user's chroot home is /var/data/chroot/<username>/ and every ...
user avatar
0 votes
0 answers
2k views

I wanted to switch logging from rsyslog to syslog-ng, but after configuration and startup, it faield to start up. This is the log file I am getting, but I cant find any clues there what is wrong: rrr-...
rRr's user avatar
  • 151
2 votes
1 answer
2k views

I have stunnel v5.44 (Ubuntu 18.04 v3:5.44-1ubuntu3) configured on a client to connect to a server in a screened subnet. The remote host has syslog configured to listen for logfiles over the stunnel ...
Server Fault's user avatar
  • 577
0 votes
0 answers
404 views

Does the syslog-ng has its own rotating mechanism? I am new to auditing and linux and I though I could use logrotate but I noticed that I need to restart the syslog-ng daemon every time when I use it ...
lord_sommersby's user avatar
  • 1
0 votes
0 answers
810 views

I am rebuilding my Raspberry Pi from scratch and following my docs that I keep with regards to what I install and configure, so that I can quickly get the system rebuilt. In this instance I am using ...
Leaski's user avatar
  • 11
2 votes
1 answer
1k views

syslog-ng has the option to include a config snippet: @include "`scl-root`/system/tty10.conf" and many examples on-line include that file; but I can't understand what it's for? The entire included ...
ericx's user avatar
  • 454
0 votes
1 answer
202 views

We have a system in place where we have a bunch of f5 devices sending logs to syslog-ng. We have syslog-ng configured to go to: /path/to/directory/$HOST. This is causing a problem because since /...
jm12's user avatar
  • 13
0 votes
0 answers
264 views

I have two programs that need to run on start up. I am using init.d scripts because the virtual machine in my system does not have systemctl. With my configuration program_A is working but program_B ...
Ricard Molins's user avatar
  • 255
0 votes
2 answers
2k views

I would like to send logs of each application to a remote collector with syslog-ng. If I have Apache, I'd like my Apache logs to be sent to my remote collector in the file /var/log/apache.log. I ...
user avatar
0 votes
1 answer
940 views

In our company, we are planning to use syslog-ng for the Centralized log aggregation. We have logs coming from Network devices and 100's of *nix systems(client) produces log files which sent it to ...
spectrum's user avatar
  • 31
0 votes
1 answer
585 views

I am having issue researching the right way to go about a problem. The problem is the syslog-ng file in the salt master server at the moment only enforces unix-stream as follows: source s_sys { ...
sumeet's user avatar
  • 11
10 votes
1 answer
9k views

we would like to understand copytruncate before rotating the file using logrotate with below configuration: /app/syslog-ng/custom/output/all_devices.log { size 200M copytruncate dateext ...
overexchange's user avatar
  • 1,606
0 votes
0 answers
454 views

In the below list of syslog messages: # tail -9 /var/log/messages Oct 9 14:15:39 machine1 puppet-agent[14371]: Finished catalog run in 6.68 seconds Oct 9 14:45:31 machine1 puppet-agent[12234]: The ...
overexchange's user avatar
  • 1,606
1 vote
1 answer
1k views

I've found a nice feature of the syslog-ng: if I use the logger to log things from the user process, I get the logging user name. Around so: peterh$ echo test log message|logger then I get this in /...
peterh's user avatar
  • 10.5k
1 vote
0 answers
2k views

/usr/sbin/logrotate is used to log rotate syslog-NG logging, as shown below: [root@machine1 output]# crontab -l # 00 23 * * * /TSM/bkup 1>/dev/null 2>&1 1 * * * * /usr/sbin/logrotate /app/...
overexchange's user avatar
  • 1,606
0 votes
1 answer
8k views

Below is the current configuration for Syslog-NG logging, locally, source s_network { udp( flags(syslog_protocol) keep_hostname(yes) ...
overexchange's user avatar
  • 1,606
1 vote
1 answer
2k views

Below is the current architecture of Syslog-NG to avoid single point of failure. Currently devices send same syslog message to two syslog servers listening on UDP port 514. Each server stores the ...
overexchange's user avatar
  • 1,606
1 vote
1 answer
1k views

Based on the advice from answer that says: Simply adding both servers and always write to both is the easiest one, we have setup syslog-NG server on two machines that receive same syslog message and ...
overexchange's user avatar
  • 1,606
0 votes
2 answers
10k views

I've recently rebooted one of my machines after a long time and a now I'm having a lot of problems with configuration changes. syslog-ng service is not working anymore with the following error from ...
Jorge Cabrera's user avatar
  • 101
0 votes
1 answer
626 views

Scenario is to receive all incoming messages and store all of those messages in /app/syslog-ng/custom/output/all_devices.log, but forward only certain messages(by filtering). filter tag is used to ...
overexchange's user avatar
  • 1,606
1 vote
1 answer
288 views

Installed an application as root owner but not as non-root. why? Because we had to install this application in custom location(/app) So, after installing an application(Syslog-NG), below are the ...
overexchange's user avatar
  • 1,606
1 vote
1 answer
908 views

Building latest syslog-ng (3.17.2, rather than the packaged version in EPEL, which is 3.5.6, built 30-Dec-2015) from https://github.com/balabit/syslog-ng/releases Amidst ./configure --prefix=/app/...
overexchange's user avatar
  • 1,606
0 votes
1 answer
708 views

Here's the situation: I have syslog-ng version 3.15. I've noticed that when using TLS and non-TLS transmission, the logs are different. I have noticed that, when sending logs using the loggen -i (...
Aiurea Adica tot YO's user avatar
  • 141
0 votes
1 answer
714 views

I have an issue when trying to forward logs from a CentOS 7 [root@localhost ~]# hostnamectl Static hostname: localhost.localdomain Icon name: computer-vm Chassis: vm ...
Aiurea Adica tot YO's user avatar
  • 141
0 votes
1 answer
3k views

This is the scenario: I have a server that's listening on port 6514 on TCP for logs. I created the .key .crt files on the server as described here: https://www.logzilla.net/2014/10/17/configuring-tls-...
Aiurea Adica tot YO's user avatar
  • 141
0 votes
2 answers
1k views

Case 1: For the below incoming message of syslog, <14>Mar 22 11:12:06 RT_FLOW: RT_FLOW_SESSION_CREATE: session created 1.2.3.4/62963->23.58.169.35/443 0x0 junos-https 6.7.8.9/32359->23.58....
overexchange's user avatar
  • 1,606
2 votes
0 answers
464 views

I am trying to install syslog-ng-3.13.2 from source code on embedded linux. I executed ./configure --with-ivykis=system successfully. After that, on executing make, I get the following error: /usr/...
Jay's user avatar
  • 311
0 votes
1 answer
538 views

I am trying to install syslog-ng-3.13.2 from source code on embedded linux. The ./configure command worked without any error. When I do make, I get the following error: In file included from /source/...
Jay's user avatar
  • 311
1 vote
1 answer
1k views

I have recently been updating syslog-ng from 3.7.3 to 3.13.2. After the upgrade, the daemon fails to start with this error message: [2017-12-23T20:42:40.635915] Error checking the uniqueness of the ...
nyronium's user avatar
  • 191
2 votes
1 answer
2k views

I am unable to start syslog-ng when apparmor is running because it complains it is unable to find the system plugin: service apparmor start * Starting AppArmor ... * Loading AppArmor profiles ......
Walter's user avatar
  • 1,274
1 vote
1 answer
127 views

I have systems running syslog and rsyslog across my environment and I would like to have similar outputs. I have created a template in rsyslog that looks like the following: $template ...
jacksonecac's user avatar
  • 347
2 votes
1 answer
4k views

I have installed syslog-ng v3.5.6 to the Debian GNU/Linux 8.7 (jessie): # syslog-ng --version syslog-ng 3.5.6 Installer-Version: 3.5.6 Revision: 3.5.6-2+b1 [@416d315] (Debian/unstable) Compile-Date: ...
NarūnasK's user avatar
  • 2,555
0 votes
0 answers
1k views

I have installed freeradius server on FreeBSD,it sends authentication logs to syslog's local1 # # Which syslog facility to use, if ${destination} == "syslog" # # The exact values permitted here are ...
David's user avatar
  • 369
0 votes
0 answers
552 views

The docs for syslog 3.1.1 show an option on the file destination that I'd like to use to create logs that overwrite themselves daily, hourly or minutely (that would be a small log). destination ...
Peter Turner's user avatar
  • 1,744
0 votes
1 answer
2k views

I have OpenSSL installed from source and linked the GLIB_LIBS and GLIB_CFLAGS to the correct directories during configure and configured with-SSL When I try to start syslog-ng (Version 3.6.4) on ...
Anton Rasmussen's user avatar
  • 33
0 votes
1 answer
487 views

OS: CentOs 7 syslog-ng -V: syslog-ng-premium-edition 5 F6 (5.6.1b) Installer-Version: 5.6.1b Real problem: syslog-ng keeps in open state deleted journal log files: syslog-ng 15305 30257 ...
Karlo Smid's user avatar
  • 101
0 votes
1 answer
248 views

I find at versions syslog-ng-3.5 and syslog-ng-3.6 ,the syslog-ng will by default read from /dev/kmsg even if when I don't use file ("/proc/kmsg" program_override("kernel: ")); in source{ }, when I ...
穆阿浩's user avatar
  • 421
1 vote
0 answers
3k views

We have following remote logging configuration: destination d_jenkins { network("x.x.x.x" transport("udp") port(514) template(t_jenkins)); }; log { source(s_system); destination(d_jenkins); }; This ...
Umut's user avatar
  • 452
0 votes
1 answer
2k views

I need to escape \n from the message. I can do this with "rewrite" but the problem is I have many log paths and I do not want to specify "rewrite" on all log paths. Is there a global way of setting a ...
Umut's user avatar
  • 452

1
2