[SOLVED] How many hosts can be logged with syslog-ng OSE
Linux - ServerThis forum is for the discussion of Linux Software used in a server related context.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Hi all,
I have managed to install and run syslog-ng OSE(v 3.2.5) as a central logging server, all I want to know is how many hosts can be logged with it ?
It is logging two hosts successfully of which one is localhost & one more in the network. The problem I faced to ask this question is, I configured one more host to send logs to this server, but unfortunately it wasn't logging the 3rd host, so I executed
tcpdump -i eth0 udp 'port 514' -v
and found that the logs are coming from the 3rd host but are not logged. I read a lot on the internet and increased the kernel receive buffer, but the problem is still there. Any Idea what's happeneing ??
Help is always appreciated.
There can be many problems preventing syslog-ng to log messages from the network:
- no network source configured
- SELinux
- firewall
So, make sure that you have a network source configured and check your logs for the other two. As a quick test you might disable temporarily these protections to see, if any of these prevent you from logging.
I can log one host from the network then why wouldn't the others ?? I have already disabled the firewall. Of-course the network source is configured, that is how I am receiving logs from a host on the network. SELinux -- what should I do "setenforce 0" ??
Are you sure that many hosts, not just 5-10 may be 20 hosts can be loggedd using syslog-ng OSE ?? One more question I have that is :: can I log routers, switches using syslog-ng OSE ??
You can log from as many hosts as you want. Just make sure, that max-connections() is set to a high enough number. This is 10 by default. Read the documentation at https://www.balabit.com/sites/defaul...gle/index.html for more details.
Hi all,
Still no success, even after executing 'setenforce 0' and restarting the syslog-ng service, but I still receive packets from a host which are not logged by syslog-ng and I can see them through== tcpdump .Please find my syslog-ng.conf file. Kindly suggest.
@version:3.2
# syslog-ng configuration file.
#
# This should behave pretty much like the original syslog on RedHat.
But
# it could be configured a lot smarter.
#
# See syslog-ng(8) and syslog-ng.conf(5) for more information.
Executed on the 'syslog-ng' server and found that the server is receiving the packets but not logging those packets. Yes the data is received on the mentioned interface.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.