Syslog-ng server on ubuntu

Configure Syslog-ng server on ubuntu.

apt-get install syslog-ng

Have a backup of /etc/syslog-ng/syslog-ng.conf

cp /etc/syslog-ng/syslog-ng.conf  /etc/syslog-ng/syslog-ng.conf.bak

Go to vi /etc/syslog-ng/syslog-ng.conf

Your config file looks like.

# Listening to incoming UDP Syslog connections
source mysource { udp(); };

#Add the syslog targets:

destination dest { file(“/var/log/Cisco$YEAR$MONTH$R_DAY.log”); };
#destination dest_other_server { udp(“1.2.3.4” port(514)); };
#Create the filters that will be used to determine what to do with the received syslog message

#filter filter { ( host(“2.3.4.5”) and level(notice) and match(“username=.*@domain\.local” value(“MESSAGE”) flags(“utf8” “ignore-case”)) ); };
filter myfilter { ( level(notice) ); };
#And putting it all together:

log { source(mysource); filter(myfilter); destination(dest);  };

Save the config file

/etc/init.d/syslog-ng restart

netstat -nap | grep 514
udp        0      0 0.0.0.0:514                 0.0.0.0:*                   LISTEN

 

 

 

 

 

 

Leave a Reply