DevOps Tricks

Get latest articles on devops staff.

Send and Receive Logs with Syslog-ng on Ubuntu 22.04 LTS

No Comments on Send and Receive Logs with Syslog-ng on Ubuntu 22.04 LTSPosted in Monitoring By Aftab AliPosted on Tagged , ,

Introduction

Sometime required monitoring team to send and receive the logs using syslog-ng utility, here i am going to share the all the process how to do that step by step.

To forward logs from one syslog server to another using syslog-ng, you typically configure the source syslog server to send log messages to the destination syslog server. Here’s a basic example of how you can forward logs from one syslog-ng instance to another:

Prerequisites

  • Up and running ubuntu 22.04 LTS machine.
  • Basic knowledge in Linux commands.
  • Internet connectivity.

In this post, We will show you how to send and receive logs using syslog-ng on ubutnu 22.04 LTS.

On Sender Syslong-ng

All the installation and configuration will be complete in syslog-ng log forwarding machine side.

Step 1: Install Apache Web Server

I am going to use the apache web server to generate the logs and that log we will send the another syslog-ng server.

To install Apache web server.

sudo apt-get install apache2 -y

To check Apache service.

sudo systemctl status apache2

Here we are sure Apache service is up and running fine, We need to hit the Apache’s endpoints to generate same sample logs, use the followings command for the same.

curl -I http://localhost

We can try multiple times above command to generate the multiples Apache access logs.

Step 2: Apache Logs Path

By default Apache web server generate the logs on given path that log path we will utilize in in syslog-ng to send it to another syslog-ng server.

Apache access logs path.

/var/log/apache2/access.log

To get Apache error logs.

/var/log/apache2/error.log

To get other virtualhost_access log.

/var/log/apache2/other_vhosts_access.log

Here we are good with apache’s logging :).

Step 2: Configure Apache Logs with Syslog-ng

Open the syslog-ng configuration file, usually located at /etc/syslog-ng/syslog-ng.conf.

sudo vim sudo vim /etc/syslog-ng/conf.d/apache.conf
source s_apache {
 file("/var/log/apache2/access.log");
 file("/var/log/apache2/error.log");
 };

destination d_remote {
    tcp("remote_syslog_server_ip" port(514));
};

log {
    source(s_apache);
    destination(d_remote);
};

Replace remote_syslog_server_ip with the actual IP address of your destination syslog server in your Apache logs.

Save and exit from the vim text editor.

Step 3: Restart Syslog-ng Service

We are good to restart the syslog-ng service to get new changes that will start the collection and sending apache’s logs to remote syslog-ng server.

sudo systemctl restart syslog-ng

after the restart the syslog-ng service we should send the logs to another syslog-ng service. 

tail -f /var/log/received_logs.log

Here you can find full configuration of my sample syslog-ng conf.

Conclusion

We have successfully installed and configure on ubuntu 22.04 LTS, If you still have questions, please post them in the comments section below.

Author

Send and Receive Logs with Syslog-ng on Ubuntu 22.04 LTS

Leave a Reply

Your email address will not be published. Required fields are marked *

Scroll to top