Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Repo info
Activity
  • 08:45
    robinrosenstock starred syslog-ng/syslog-ng
  • 07:01
    bozzfozz starred syslog-ng/syslog-ng
  • Dec 08 20:38
    HofiOne synchronize #4237
  • Dec 08 20:37
    HofiOne edited #4237
  • Dec 08 19:58
    bazsi synchronize #4238
  • Dec 08 19:52
    bazsi synchronize #4238
  • Dec 08 19:24
    kira-syslogng commented #4204
  • Dec 08 18:59
    bazsi commented #4204
  • Dec 08 18:59
    bazsi synchronize #4204
  • Dec 08 18:59

    bazsi on 4.0.0

    version: bumped to 4.0.0 Signe… cfg.h, versioning.h: changes to… tests/func_test: use LogDestina… and 11 more (compare)

  • Dec 08 18:45
    bazsi closed #4177
  • Dec 08 18:45
    bazsi commented #4177
  • Dec 08 18:43
    bazsi closed #4203
  • Dec 08 18:43
    bazsi commented #4203
  • Dec 08 18:42
    bazsi closed #4226
  • Dec 08 18:42
    bazsi commented #4226
  • Dec 08 18:41
    bazsi commented #4227
  • Dec 08 18:36
    bazsi commented #4230
  • Dec 08 18:35
    bazsi commented #4237
  • Dec 08 18:12
    github-actions[bot] commented #4238
Sanjay Patel
@San_j_ay_twitter
I can see the port open but when I do syslog-ng -Fevd it shows no data
László Várady
@MrAnno
@San_j_ay_twitter Could you share the output of syslog-ng -Fevd?
Sanjay Patel
@San_j_ay_twitter
how do I send without flooding?
64 replies
Sanjay Patel
@San_j_ay_twitter
still stuck
tcpdump shows packets coming on udp but syslog-ng not picking them up
László Várady
@MrAnno

Hi,

If I understood your last reply correctly, netcat does not receive messages/packets either.
In case that's true, your issue is not really a syslog-ng configuration issue, it must be something environmental.

Sanjay Patel
@San_j_ay_twitter
@MrAnno it was a IPtable issue. Even with firewall off Ubuntu firewall rules apply. I added this to make it work. iptables -I INPUT -p udp -j ACCEPT. Adding it here incase someone else runs into this issue.
Robert Paschedag
@rpasche
Short question: Is the last pattern .*some kind of "workaround" within the new regexp-parserpattern so a message does not get discarded in case none of the previous pattern finds anything? Because I'm currently testing this new regexp-parser and added several patterns to extract information and noticed, that my message was never written to the destination. This seems to be caused by the fact, that none of my patterns really matched something. So is some kind of last pattern like .* the only chance I do not lose a message or are there flags that I can use to prevent messages to be discarded? Thank you for your help
16 replies
Robert Paschedag
@rpasche
Can you help me once more? I want to convert the syslog-ng TAGS into a JSON array, that should then be used within elasticsearch. Currently, the TAGS are set, but set a a static string (comma separated). I tried it with some rewrite but currently I cannot get it work. So I tried for example
rewrite {
  set("$(explode ',' ${TAGS})", value("tags"));
};
Balazs Scheidler
@bazsi
Just use the list type hint
1 reply
Fabien Wernli
@faxm0dem
rpasche: FWIW you could also use an Elasticsearch ingest pipeline : https://www.elastic.co/guide/en/elasticsearch/reference/7.15/split-processor.html
2 replies
Fabien Wernli
@faxm0dem
we like to do most in syslog-ng too, but when we have json upstream, we don't want syslog-ng to mess up its types, so we use ingest pipelines to parse the json in ES
just for the record: I understand your use-case
ann-lang
@ann-lang

Hello,
I am an assistant professor at Beihang University. Our team is doing a study about GSoC mentors, aiming to understand the motivations, challenges, strategies, and gains of GSoC mentors. To this end, we designed a questionnaire. We sincerely invite GSoC mentors to participate in this survey. Your feedback is very important for us.

Questionnaire link: https://forms.gle/rgAWwmrvrCb5XdAq9

If you are interested in this study, welcome to join our follow-up interview! Thank you very much!

Sincerely,

Xin Tan

2 replies
kiphackman
@kiphackman
hi guys im getting an issue on syslog-ng version 3.23.1 where logs are not written to the disk. I've spent a lot of time troubleshooting but had no luck. Would love some insight or assistance from the community if you guys may have any recommendations. Sorry for the trouble. And thank you so much
6 replies
Wojciech Adam Koszek
@wkoszek_gitlab
Imagine you're building a hobby project. You don't want to invest in Logstash'es and Kibanas. You love syslog-ng however. What's the easiest way to get some dashboard for logs?
To give you an example: modern tool to get web stats could be Grafana or something, but one can use Webalizer tool that has 1995 look, but does the job. I wonder if there's some 1995 tool that just works and gives me simple querability without all the maintenance
2 replies
Fabien Wernli
@faxm0dem
I'm guessing grafana/loki would be the most straightforward route nowadays
Peter Czanik
@czanik
if you do not mind closed source and do not need scalability in the long run, I liked SEQ, when I tested it a while ago: https://www.syslog-ng.com/community/b/blog/posts/creating-a-new-http--based-syslog-ng-destination-seq
1 reply
Fabien Wernli
@faxm0dem_twitter
Hi I'm getting a json parsing error that I don't understand: https://gist.github.com/faxm0dem/463d632d2f4031d8236f3294a04a98f6
I'm guessing it's the NaN it doesn't like
Fabien Wernli
@faxm0dem_twitter
yeah that was it
sorry for the noise
svestenik
@svestenik
Hello
syslog-ng 3 (3.35.1)
looks like cisco parser is not working
and when I introduce syslog traffic from my network through the cisco parser, nothing comes out

Basic config elements look like this:

source s_ciscoudp { udp (ip("0.0.0.0") port(5140) flags(no-parse,store-raw-message)); };
destination d_raw { file("/var/log/raw" template("${RAWMSG}\n")); };
destination d_fromcisco { file("/etc/syslog-ng/fromcisco" template(t_jsonfile)); };

template t_jsonfile {
template("$(format-json --scope rfc5424 --scope dot-nv-pairs
--rekey .* --shift 1 --scope nv-pairs --key ISODATE)\n\n");
};

parser p_cisco {
cisco-parser();
};

log { source(s_ciscoudp); destination(d_raw); parser(p_cisco); destination(d_fromcisco); };

and i am getting the traffic into syslog-ng
destination d_raw works, raw messages get written
but nothing happens afterwards
Any ideas on how to find out whats wrong
Fabien Wernli
@faxm0dem
svestenik: hi
1 reply
you might have more clues when activating the internal() source
it will output internal logs of syslog-ng
if that doesn't give you any more clues, use the debug mode
syslog-ng -evdf /etc/syslog-ng/syslog-ng.conf
Gábor Nagy
@gaborznagy
Hi @svestenik What @faxm0dem suggested is a good idea: you need to know where is your message dropped.
Since you have a relatively simple log path with two destinations and a parser, I suspect the message is dropped in the p_cisco cisco-parser.
Cisco parser drops the message if it's format doesn't match a supported cisco format.
https://www.syslog-ng.com/technical-documents/doc/syslog-ng-open-source-edition/3.33/administration-guide/79#TOPIC-1663463
Ohh, sorry, you already figured that out...
Fabien Wernli
@faxm0dem
svestenik: you can also send us an example out of your raw log so we can check on our side
Gábor Nagy
@gaborznagy
We need to see what kind of messages are dropped by the cisco-parser. Can you show us an example, please?
17 replies
cisco-parser supports the following format:
<pri>(sequence: )?(origin-id: )?(timestamp? timezone?: )?%msg
dvlsatya
@dvlsatya
i want to contribute to your oragnization.what is the procedure to setup your project .what should i follow?
Gábor Nagy
@gaborznagy
Hello @dvlsatya !
We are more than happy to receive contributions from the community! :)
At first I suggest to compile syslog-ng.
You have several options: you can use our docker-based infrastructure and then you don't have to setup a build environment on your computer.
Here is a short description about the usage the docker-based build system (dbld):
https://github.com/syslog-ng/syslog-ng/tree/master/dbld#hacking-on-syslog-ng-itself
What kind of contribution do you have in mind?
kartiks26
@kartiks26
Where can i find open issue or fields open for contribution
1 reply
Fabien Wernli
@faxm0dem
o/
I just updated to debian/bullseye, and the latest syslog-ng-master says `Required bison not found /home/fwernli/git/syslog-ng/build/lib/rewrite/rewrite-expr-grammar.y
I've got `bison (GNU Bison) 3.7.5
ah I see the warning now in the configure script that I need at least 3.7.6