Syslog-ng Won't Listen

Trying to setup Syslog-NG but can't get it to listen at all. I added the following to the config:

source s_net { tcp(ip(0.0.0.0) port(514)); udp(ip(0.0.0.0) port(514));
};

I then restarted the service

:/etc/syslog-ng$ sudo service syslog-ng restart
:/etc/syslog-ng$ sudo systemctl status syslog-ng
● syslog-ng.service - System Logger Daemon Loaded: loaded (/lib/systemd/system/syslog-ng.service; enabled; vendor preset: enabled) Active: active (running) since Fri 2019-05-24 13:52:16 UTC; 8s ago Docs: man:syslog-ng(8) Main PID: 3988 (syslog-ng) Tasks: 1 Memory: 1.9M CPU: 29ms CGroup: / └─3988 /usr/sbin/syslog-ng -F

It's running but no port is open...

:/etc/syslog-ng$ ss -tunelp | grep 514
s:/etc/syslog-ng$ ss -tunelp
Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port
udp UNCONN 0 0 *:68 *:* ino:33007 sk:1 <->
tcp LISTEN 0 128 *:22 *:* ino:33247 sk:2 <->
tcp LISTEN 0 128 :::22 :::* ino:33249 sk:3 v6only:1 <->

I have similar experiences with rsyslog.

UFW is off

:/etc/syslog-ng$ sudo ufw status
Status: inactive

Any help would be greatly appreciated

1 Answer

You have to include the network source (s_net) in a log statement, otherwise it is not used. Like:

destination d_fromnet {file("/var/log/fromnet");};
log {source(s_net); destination(d_fromnet);};

1

Your Answer

Sign up or log in

Sign up using Google Sign up using Facebook Sign up using Email and Password Submit

Post as a guest

Post Your Answer Discard

By clicking “Post Your Answer”, you agree to our terms of service, privacy policy and cookie policy