syslog-ng not writing syslog data to log file

Hi All,

I have a network device having IP 10.23.50.99 (ACME controller telecom device), which is pointed to our syslog-ng (udp 514) server for sending the syslog data from itself. The firewall is showing traffic is passing thru from acme device to syslog-ng server, even I can see the traffic coming on my syslog-ng server using tcpdump, but syslog-ng is not writing the syslog data from this acme device to the log file. There are other telecom and network devices for which syslog-ng is writing data without any issues, only this particular server is having the problem. I want to troubleshoot this asap, so need help from the experts.

Let me know what can be done in this case?

Thanks
Virgo
virgo0880Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

virgo0880Author Commented:
Syslog-ng server is RHEL 5.9 and syslog-ng version is syslog-ng-2.1.4-1.el5.
0
DonConsolioCommented:
try something like:

source src { udp(); };
destination acmelog { file("/var/log/acme.log"); };
filter f_acme { host( " 10.23.50.99" ); };
log { source(src); filter(f_acme); destination(acmelog); };
0
virgo0880Author Commented:
This syslog-ng is already setup and the configurations are already done, but somehow it is not writing the logs to the file for this IP.
 
I have attached the syslog-ng log file. Do you see any issues with it? There are other devices which are writing to the log file properly.
syslog-ng.conf.txt
0
Big Business Goals? Which KPIs Will Help You

The most successful MSPs rely on metrics – known as key performance indicators (KPIs) – for making informed decisions that help their businesses thrive, rather than just survive. This eBook provides an overview of the most important KPIs used by top MSPs.

virgo0880Author Commented:
The issue was on the telecom device side as it was not able to send the logs on UDP 514. I have make configurations changes on my Splunk server to get the logs in the Splunk tool.

There was no issue on the syslog-ng configuration.

-- Virgo
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
virgo0880Author Commented:
Please close this question with the comments above.
0
virgo0880Author Commented:
I figured out the problem was with the device which was trying to send the logs to our centralized Splunk logging server. That device does not support log forwarding to port 514, so  I have to make certain changes from the Splunk side to receive the logs.

Thanks
Virgo
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Linux Networking

From novice to tech pro — start learning today.