Error when using to_syslog_ietf() function in config for Ubuntu 18.04
Tags:
#1
abajosh
The following config file works in Ubuntu 14.04, but throws an error when used on an 18.04 server. Am I using the to_syslog_ietf() function incorrectly?
########################################
# Global directives #
########################################
User nxlog
Group nxlog
LogFile /var/log/nxlog/nxlog.log
LogLevel INFO
##### Logging #####
Module im_file
File "/var/log/syslog"
Module im_file
File "/var/log/audit/audit.log"
# Exec $Message = $Hostname + ' ' + $raw_event;
Module im_file
File "/var/log/auth.log"
Module im_file
File "/var/log/suricata/eve.json"
Module om_tcp
Host 10.10.10.33
Port 514
Module om_tcp
Host 10.10.10.33
Port 514
Exec to_syslog_ietf();
Module om_tcp
Host 10.10.10.33
Port 10002
Path messages, auth => tcp
Path audit => tcp_audit
Path eve => tcp_eve
#1
abajosh
The following config file works in Ubuntu 14.04, but throws an error when used on an 18.04 server. Am I using the to_syslog_ietf() function incorrectly?
########################################
# Global directives #
########################################
User nxlog
Group nxlog
LogFile /var/log/nxlog/nxlog.log
LogLevel INFO
##### Logging #####
Module im_file
File "/var/log/syslog"
Module im_file
File "/var/log/audit/audit.log"
# Exec $Message = $Hostname + ' ' + $raw_event;
Module im_file
File "/var/log/auth.log"
Module im_file
File "/var/log/suricata/eve.json"
Module om_tcp
Host 10.10.10.33
Port 514
Module om_tcp
Host 10.10.10.33
Port 514
Exec to_syslog_ietf();
Module om_tcp
Host 10.10.10.33
Port 10002
Path messages, auth => tcp
Path audit => tcp_audit
Path eve => tcp_eve
Hi Josh,
You are experiencing an error because you did not import the Syslog extension.
Module xm_syslog
I hope this helps
Br
Jeffron
