§2024-05-17

• /etc/syslog-ng/syslog-ng.conf, checked by chatGPT

@version: 3.25
@include "scl.conf"

options {
    keep-hostname(yes);
};

# Sources
source s_net {
    network(ip(0.0.0.0) port(514) transport("udp"));
};

# Destination
destination d_mongoDB {
    file("/var/log/mongoDB-ys20220317.log");
};

# Filters
filter f_redisMongo {
    host("redisMongo[0-9]+\.yushei\.com\.tw");
};

# Log Statements
log {
    source(s_net);
    filter(f_redisMongo);
    destination(d_mongoDB);
};

• check sudo tcpdump -i any port 514

@version: 3.25
@include "scl.conf"

options {
    # Clean up internal timing-related resources every 30 seconds
    # time-reap(30);

    # Mark the kernel every 10 seconds
    # When the syslog-ng daemon marks the kernel log, it essentially adds a 
    # timestamp or some marker indicating the current state of the system. 
    # mark-freq(10);

    # Retain the original hostname in log messages
    keep-hostname(yes);
};

# Sources
# 0.0.0.0 any available network interface
source s_net {
    network(ip(0.0.0.0) port(514) transport("udp"));
};

# Destinations
destination d_mongoDB {
    file("/var/log/mongoDB-ys20220317.log");
};

# Filters
filter f_redisMongo01 {
    host("redisMongo01.yushei.com.tw");
};

filter f_redisMongo02 {
    host("redisMongo02.yushei.com.tw");
};

filter f_redisMongo03 {
    host("redisMongo03.yushei.com.tw");
};

filter f_redisMongo04 {
    host("redisMongo04.yushei.com.tw");
};

# Bind Sources, Destinations, and Filters
log {
    source(s_net);
    filter(f_redisMongo01);
    destination(d_mongoDB);
};

log {
    source(s_net);
    filter(f_redisMongo02);
    destination(d_mongoDB);
};

log {
    source(s_net);
    filter(f_redisMongo03);
    destination(d_mongoDB);
};

log {
    source(s_net);
    filter(f_redisMongo04);
    destination(d_mongoDB);
};