Configuring a Syslog-ng Module

Firmware: Gentoo 10.1, Linux SuSE 9, F5 BIG-IP

CollectorA TLC module that gathers or receives log messages from Log Sources.: Network CollectorA type of Collector that listens for Syslog and SNMP-based log messages from network devices. - Syslog

To configure a Syslog-ng module to send log messages to TLC:

1.

Open the configuration file (etc/syslog-ng/syslog-ng.conf) and add the following line:

destination loghost {<tcp_udp>("<manager_ip>" port(<port>));};

filter f_alllogs {

level <filter_level>;

};

log {

source(src);

destination(loghost);

};

Where:

<tcp_udp> is the protocol (TCP or UDP) with which log messages will be sent to TLC,

<manager_ip> is the IP address of the TLC ManagerTripwire LogCenter Manager is the core software in your TLC environment. TLC Manager collects and processes log messages from a wide variety of systems and devices. to which log messages will be sent,

<port> is the port on the Manager on which TLC will listen for log messages (either 1468 for TCP, or 514 for UDP), and

filter f_alllogs {...} is an optional filter and <filter_level> indicates the levels to be filtered.

For example:

destination loghost {tcp("10.1.2.3" port(1468));};

filter f_alllogs {

level (debug...emerg);

};

log {

source(src);

destination(loghost);

};

2.

To re-start syslog-ng, enter the appropriate command.

For Gentoo or Linux SuSE, enter:

“kill -HUP `cat /var/run/syslog-ng.pid`”

For F5 BIG-IP, enter:

bigstart restart syslog-ng

Next	If you are performing initial configuration of your TLC environmentConsists of all TLC software, Managers, Log Sources, Monitored Assets, Collectors, and data in your TLC installation., see Configuring your TLC Environment. Otherwise, see Adding a Monitored Asset for a new Log Source.