Meraki

Citroen · ‎Sep 30 2020

Hi All,

New to both syslog and Linux so please bear with me.

In a nutshell I am trying to set up syslog-ng on a CentOS 8 server to collect logs from a MX100.

MX and syslog server have LAN connectivity.

Tried to follow this blog to the tee - https://devopspoints.com/centos-7-setting-up-and-configuring-syslog-ng.html

Packet capture on the MX shows that it is sending syslog info to the syslog server but I see no entries in /var/log/syslog-$HOST/$YEAR-$MONTH/ relating to URLs as an example.

Looking for some guidance on what I could be missing.

Cheers

PhilipDAth · ‎Sep 30 2020

Have you told it to collect network-based syslog? Something like:

    source s_network {
        syslog(transport(tcp) port(514));
        };

PhilipDAth · ‎Sep 30 2020

Actually, I think that should be udp not tcp.

Citroen · ‎Oct 1 2020

Yeah ... the below lines in the conf file should do it.

# Sources of syslog messages (both local and remote messages on the server)

source s_local {

system();

internal();

};

source s_tcp { tcp (ip ("127.0.0.1") port (514) max-connections (1) ); };

source s_udp { udp (ip ("0.0.0.0") port (514)); };

PhilipDAth · ‎Oct 1 2020

Is your centos box running a firewall?

If you run tcpdump on your centos box do you see the traffic arriving?

Citroen · ‎Oct 4 2020

Thank you for helping.

I went with Ubuntu in the end which worked first go.

Cheers.

Meraki

Community

Setting up syslog-ng (CentOS 8) and MX100

Setting up syslog-ng (CentOS 8) and MX100