I mainly use it to get what comes from iptables. For example:
Code:
Dec 7 22:50:56 vps171520 kernel: [30191954.877696] VPSFW SSH DROP: IN=venet0 OUT= MAC= SRC=51.91.136.174 DST=176.31.171.214 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=46069 PROTO=TCP SPT=55312 DPT=22 WINDOW=1024 RES=0x00 SYN URGP=0
Thanks for the file name. I was looking for the syslog config files as I never did any change into libs directories.
There, something is strange and very probably bad. I have:
Code:
# ls -ali /etc/systemd/system/multi-user.target.wants/syslog-ng.service
lrwxrwxrwx 1 root root 37 févr. 4 2016 /etc/systemd/system/multi-user.target.wants/syslog-ng.service -> /lib/systemd/system/syslog-ng.service
# ls -ali /lib/systemd/system/syslog-ng.service
281515 -rw-r--r-- 1 root root 149 déc. 10 08:45 /lib/systemd/system/syslog-ng.service
# view /lib/systemd/system/syslog-ng.service
lrwxrwxrwx 1 root root 37 févr. 4 2016 /etc/systemd/system/multi-user.target.wants/syslog-ng.service -> /lib/systemd/system/syslog-ng.service
The file contains a line showing a link like ls do!
The 10th of december is the date where I updated my debian so something goes wrong while the update process was running.
I tried to do a comparison with my system @home. It doesn't use syslog-ng but mine was installed for a long time and followed regular updates.
I suppose ng was not used when I installed my debian.
The server where I get my trouble was first installed with Debian7 by my service provider (OVH). I updated it to debian 8 without issue.
I think syslog-ng was already there.
I wonder if I shouldn't do a total remove of syslog-ng (with config files) and reinstall it.
What do you fell?
NB: Ok for code tag instead of quote. This tag is not displayed to me, so I'm going to use it "by hand" ;-)