So I have 10.3 and I’m just trying to setup syslog-ng to listen for and
log and messages sent from my firewall but I can’t figure it out. I
used the guide ‘here’ (http://en.opensuse.org/SDB:Syslog_server) but it
is dated and seems to be missing steps and/or referencing older versions
of the conf file. Can anyone point me to a newer/better guide or
assist? Thanks!
That guide isn’t too far off. First you have to tell syslog-ng to listen
to messages from other computers. As the comments in
/etc/syslog-ng/syslog-ng.conf indicate, uncomment this line in the src
section:
Code:
udp(ip(“0.0.0.0”) port(514));
Also open your firewall to 514/udp to your LAN machines.
Since the remote log messages will be mixed with local log messages,
you might want to write some matching rules so that remote log messages
go to some other file.
Thanks for your help - uncommenting that line was the only thing missing
to get syslog logging.
I would like to add the code to tell syslog to create a log file for
just the data coming from my firewall at 192.168.0.1, but I’m unfamiliar
with the syntax. Would you happen to know what that would be? Right
now everything is just going to /var/log/allmessages.
What you probably want to do is to create another source, another
destination and then connect them up using a log statement so that this
chain is separate from the existing chain.
Thanks for your motivation, I gave it a whirl and got it to work. To
save others from learning, here is what I added (first I re-commented
out the following in the source “src”:
Code:
#udp(ip(“0.0.0.0”) port(514));
Then I added the following code to create a new source, destination and
log entry: