Find the answer to your Linux question:
Results 1 to 1 of 1
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1

    Remote Syslog-NG Server issue

    [SOLVED] Line: source remote_log {udp(ip("")port(514));};

    I am having a problem with remote logging on my AMD64 machine which I want to store a bunch of logs from a bunch of different IPs and machines...

    I am using syslog-ng and my syslog-ng.conf file looks like this:

    options {

    source src {
    unix-stream("/dev/log" max-connections(256));

    source remote_log {tcp(ip("")

    destination messages { file("/var/log/messages"); };
    destination remote {file("/work/logs/$HOST_FROM.log");};
    destination console_all { file("/dev/tty12"); };

    log { source(src); destination(messages); };
    log { source(src); destination(console_all); };
    log { source(remote_log); destination(remote);};

    My understanding of syslog-ng is that this should now accept logs from any IP address on the port of 514.
    However I am not getting anything at all.
    When I run nmap localhost i get:
    DualCore logs # nmap localhost

    Starting Nmap 4.20 ( Insecure.Org - Nmap Free Security Scanner, Tools & Hacking resources ) at 2007-08-29 15:10 EDT
    Interesting ports on DualCore (
    Not shown: 1690 closed ports
    22/tcp open ssh
    139/tcp open netbios-ssn
    445/tcp open microsoft-ds
    514/tcp open shell
    631/tcp open ipp
    2000/tcp open callbook
    8000/tcp open http-alt

    Nmap finished: 1 IP address (1 host up) scanned in 0.059 seconds

    I have restarted the syslog-ng process and my computer is DMZ'd to allow the outside IPs in. I plan to put it back behind the firewall once i know this works then just forward the ports.

    Any ideas?
    Last edited by synapseattack; 08-29-2007 at 08:09 PM. Reason: Solved

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts