§2024-05-17

I have a listen and recording syslog-ng server at hc4nas02.yushei.net with syslog-ng.conf as

@version: 3.25
@include "scl.conf"

options {
    keep-hostname(yes);
};

# Sources
source s_net {
    network(ip(0.0.0.0) port(514) transport("udp"));
};

# Destination
destination d_mongoDB {
    file("/var/log/mongoDB-ys20220317.log");
};

# Filters
filter f_redisMongo {
    host("redisMongo[0-9]+\.yushei\.com\.tw");
};

# Log Statements
log {
    source(s_net);
    filter(f_redisMongo);
    destination(d_mongoDB);
};

And several syslog-ng server running at redisMOngo*.yushei.com.tw, and config file

@version: 3.25
@include "scl.conf"

# Sources
source s_mongo_log {
    file("/opt/package/mongoDB/log/mongod.log" flags(no-parse));
};

# Destinations
destination d_hc4nas02 {
    syslog("hc4nas02.yushei.net" transport("udp") port(514));
};

# Bind Sources and Destination
log {
    source(s_mongo_log);
    destination(d_hc4nas02);
};

Basically trying to do is to collect redisMongo*.yushei.com.tw mongoDB relication Set log file /opt/package/mongoDB/log/mongod.log into hc4nas02.yushei.net's log file /var/log/mongoDB-ys20220317.log

When testing with tcpdump is receving, but root@hc4nas02:/home/alexlai# tail -f /var/log/mongoDB-ys20220317.log has nothing

root@hc4nas02:/home/alexlai# sudo tcpdump -i any port 514
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on any, link-type LINUX_SLL (Linux cooked v1), capture size 262144 bytes
05:54:46.639513 IP 192.168.2.250.33131 > hc4nas02.syslog: SYSLOG user.notice, length: 504