[prev in list] [next in list] [prev in thread] [next in thread]
List: syslog-ng
Subject: Re: [syslog-ng] Syslog-NG RFC
From: Ivan Adji - Krstev <akivanradix () gmail ! com>
Date: 2016-05-17 11:44:55
Message-ID: 573B0437.5090206 () gmail ! com
[Download RAW message or body]
[Attachment #2 (multipart/alternative)]
On 05/17/2016 01:22 PM, Ivan Adji - Krstev wrote:
> Hi Robert,
> Everything is placed as it is. I have put the server and the client in
> the networ() part the *flags* and still nothing. No template in use.
>
> Here is the configuration of the server:
>
> options {
> flush_lines (0);
> time_reopen (10);
> log_fifo_size (1000);
> chain_hostnames (off);
> use_dns (no);
> use_fqdn (no);
> create_dirs (no);
> keep_hostname (yes);
> };
>
> source s_sys {
> system();
> internal();
> network(ip(0.0.0.0) port(6514)
> flags(syslog-protocol)
> transport("tls")
> tls(key_file("/etc/syslog-ng/cert.d/serverkey.pem")
> cert_file("/etc/syslog-ng/cert.d/servercert.pem")
> ca_dir("/etc/syslog-ng/ca.d")
> ) );
>
> };
>
> destination d_mongodb {
> mongodb(
> servers("localhost:27017")
> database("syslog")
> username("test")
> password("test123")
> collection("messages")
> value-pairs(
> scope("selected-macros" "nv-pairs" "sdata")
> )
> );
> };
>
>
> And here it is on the client site:
>
> options {
> flush_lines (0);
> time_reopen (10);
> log_fifo_size (1000);
> chain_hostnames (off);
> use_dns (no);
> use_fqdn (no);
> create_dirs (no);
> keep_hostname (yes);
> };
>
> source s_sys {
> system();
> internal();
> # udp(ip(0.0.0.0) port(514));
> };
>
>
> destination tls_destination {
> network("x.x.x.x" port(6514)
> flags(syslog-protocol)
> transport("tls")
> tls( ca_dir("/etc/syslog-ng/ca.d")
> key_file("/etc/syslog-ng/cert.d/clientkey.pem")
> cert_file("/etc/syslog-ng/cert.d/clientcert.pem") )
> );
> };
>
>
> And i have use the same configuration with MySQL and works perfect now
> i have problems with MongoDB.
>
> Kind regards
> Ivan
>
>
> On 05/17/2016 01:10 PM, Fekete, Róbert wrote:
>> Hi,
>>
>> The protocols used in the syslog-ng clients and the syslog-ng server
>> should match.
>> You posted a source that uses the network() driver - I take this is
>> from your server.
>> The destination on your client should also use the network() driver,
>> and that's where you need the flags(syslog-protocol).
>>
>> Also check your client config to see if it uses a custom template
>> that messes with the message format.
>>
>> Robert
>>
>>
>>
>> On Tue, May 17, 2016 at 10:49 AM, Ivan Adji - Krstev
>> <akivanradix@gmail.com <mailto:akivanradix@gmail.com>> wrote:
>>
>> Any way i put it where i can and on a client but still nothing.
>>
>> Any other hints ?
>>
>> Ivan
>>
>> On 05/17/2016 10:31 AM, Fabien Wernli wrote:
>>> Hi,
>>>
>>> On Tue, May 17, 2016 at 10:11:27AM +0200, Ivan Adji - Krstev wrote:
>>>> some RFC model 5424. Is there an option to configure the syslog-ng to
>>>> send this messages in that RFC format ?
>>> Add `flags(syslog-protocol)` to the network destination
>>>
>>> ______________________________________________________________________________
>>> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>>> Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
>>> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>>>
>>
>>
>> ______________________________________________________________________________
>> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>> Documentation:
>> http://www.balabit.com/support/documentation/?product=syslog-ng
>> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>>
>>
>>
>>
>>
>> ______________________________________________________________________________
>> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>> Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
>> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>>
>
[Attachment #5 (text/html)]
<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<br>
<br>
<div class="moz-cite-prefix">On 05/17/2016 01:22 PM, Ivan Adji -
Krstev wrote:<br>
</div>
<blockquote cite="mid:573AFEF1.3020708@gmail.com" type="cite">
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
<font face="Helvetica, Arial, sans-serif">Hi Robert, <br>
Everything is placed as it is. I have put the server and the
client in the networ() part the <b>flags</b> and still nothing.
No template in use. <br>
<br>
Here is the configuration of the server:<br>
<br>
options {<br>
flush_lines (0);<br>
time_reopen (10);<br>
log_fifo_size (1000);<br>
chain_hostnames (off);<br>
use_dns (no);<br>
use_fqdn (no);<br>
create_dirs (no);<br>
keep_hostname (yes);<br>
};<br>
<br>
source s_sys {<br>
system();<br>
internal();<br>
network(ip(0.0.0.0) port(6514)<br>
flags(syslog-protocol)<br>
transport("tls")<br>
tls(key_file("/etc/syslog-ng/cert.d/serverkey.pem")<br>
cert_file("/etc/syslog-ng/cert.d/servercert.pem")<br>
ca_dir("/etc/syslog-ng/ca.d")<br>
) );<br>
<br>
};<br>
<br>
destination d_mongodb {<br>
mongodb(<br>
servers("localhost:27017")<br>
database("syslog")<br>
username("test")<br>
password("test123")<br>
collection("messages")<br>
value-pairs(<br>
scope("selected-macros" "nv-pairs" "sdata")<br>
)<br>
);<br>
};<br>
<br>
<br>
And here it is on the client site:<br>
<br>
options {<br>
flush_lines (0);<br>
time_reopen (10);<br>
log_fifo_size (1000);<br>
chain_hostnames (off);<br>
use_dns (no);<br>
use_fqdn (no);<br>
create_dirs (no);<br>
keep_hostname (yes);<br>
};<br>
<br>
source s_sys {<br>
system();<br>
internal();<br>
# udp(ip(0.0.0.0) port(514));<br>
};<br>
<br>
<br>
destination tls_destination {<br>
network("x.x.x.x" port(6514)<br>
flags(syslog-protocol)<br>
transport("tls")<br>
tls( ca_dir("/etc/syslog-ng/ca.d")<br>
key_file("/etc/syslog-ng/cert.d/clientkey.pem")<br>
cert_file("/etc/syslog-ng/cert.d/clientcert.pem") )<br>
);<br>
};<br>
<br>
<br>
And i have use the same configuration with MySQL and works
perfect now i have problems with MongoDB.<br>
<br>
Kind regards<br>
Ivan<br>
<br>
</font><br>
<div class="moz-cite-prefix">On 05/17/2016 01:10 PM, Fekete,
Róbert wrote:<br>
</div>
<blockquote
cite="mid:CAAhEgpoWSBgrjtn0URuk0=dea1U6LZHR2ZDG1c8zNH7jQfbf7w@mail.gmail.com"
type="cite">
<div dir="ltr">Hi,
<div><br>
</div>
<div>The protocols used in the syslog-ng clients and the
syslog-ng server should match.<br>
</div>
<div>You posted a source that uses the network() driver - I
take this is from your server.</div>
<div>The destination on your client should also use the
network() driver, and that's where you need the
flags(syslog-protocol).</div>
<div><br>
</div>
<div>Also check your client config to see if it uses a custom
template that messes with the message format.</div>
<div><br>
</div>
<div>Robert</div>
<div><br>
</div>
<div><br>
</div>
</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On Tue, May 17, 2016 at 10:49 AM,
Ivan Adji - Krstev <span dir="ltr"><<a
moz-do-not-send="true"
href="mailto:akivanradix@gmail.com" target="_blank"><a \
class="moz-txt-link-abbreviated" \
href="mailto:akivanradix@gmail.com">akivanradix@gmail.com</a></a>></span> \
wrote:<br> <blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000"> <font
face="Helvetica, Arial, sans-serif">Any way i put it
where i can and on a client but still nothing. <br>
<br>
Any other hints ?<span class="HOEnZb"><font
color="#888888"><br>
<br>
Ivan<br>
</font></span></font><span class=""><br>
<div>On 05/17/2016 10:31 AM, Fabien Wernli wrote:<br>
</div>
</span>
<div>
<div class="h5">
<blockquote type="cite">
<pre>Hi,
On Tue, May 17, 2016 at 10:11:27AM +0200, Ivan Adji - Krstev wrote:
</pre>
<blockquote type="cite">
<pre>some RFC model 5424. Is there an option to configure the \
syslog-ng to send this messages in that RFC format ?
</pre>
</blockquote>
<pre>Add `flags(syslog-protocol)` to the network destination
______________________________________________________________________________
Member info: <a moz-do-not-send="true" \
href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" \
target="_blank">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a>
Documentation: <a moz-do-not-send="true" \
href="http://www.balabit.com/support/documentation/?product=syslog-ng" \
target="_blank">http://www.balabit.com/support/documentation/?product=syslog-ng</a>
FAQ: <a moz-do-not-send="true" href="http://www.balabit.com/wiki/syslog-ng-faq" \
target="_blank">http://www.balabit.com/wiki/syslog-ng-faq</a>
</pre>
</blockquote>
<br>
</div>
</div>
</div>
<br>
______________________________________________________________________________<br>
Member info: <a moz-do-not-send="true"
href="https://lists.balabit.hu/mailman/listinfo/syslog-ng"
rel="noreferrer" \
target="_blank">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a><br> \
Documentation: <a moz-do-not-send="true"
href="http://www.balabit.com/support/documentation/?product=syslog-ng"
rel="noreferrer" \
target="_blank">http://www.balabit.com/support/documentation/?product=syslog-ng</a><br>
FAQ: <a moz-do-not-send="true"
href="http://www.balabit.com/wiki/syslog-ng-faq"
rel="noreferrer" \
target="_blank">http://www.balabit.com/wiki/syslog-ng-faq</a><br> <br>
<br>
</blockquote>
</div>
<br>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">______________________________________________________________________________
Member info: <a moz-do-not-send="true" class="moz-txt-link-freetext" \
href="https://lists.balabit.hu/mailman/listinfo/syslog-ng">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a>
Documentation: <a moz-do-not-send="true" class="moz-txt-link-freetext" \
href="http://www.balabit.com/support/documentation/?product=syslog-ng">http://www.balabit.com/support/documentation/?product=syslog-ng</a>
FAQ: <a moz-do-not-send="true" class="moz-txt-link-freetext" \
href="http://www.balabit.com/wiki/syslog-ng-faq">http://www.balabit.com/wiki/syslog-ng-faq</a>
</pre>
</blockquote>
<br>
</blockquote>
<br>
</body>
</html>
______________________________________________________________________________
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
FAQ: http://www.balabit.com/wiki/syslog-ng-faq
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic