Error when using to_syslog_ietf() function in config for Ubuntu 18.04

Tags:

#1 abajosh
The following config file works in Ubuntu 14.04, but throws an error when used on an 18.04 server. Am I using the to_syslog_ietf() function incorrectly? ######################################## # Global directives # ######################################## User nxlog Group nxlog LogFile /var/log/nxlog/nxlog.log LogLevel INFO ##### Logging ##### Module im_file File "/var/log/syslog" Module im_file File "/var/log/audit/audit.log" # Exec $Message = $Hostname + ' ' + $raw_event; Module im_file File "/var/log/auth.log" Module im_file File "/var/log/suricata/eve.json" Module om_tcp Host 10.10.10.33 Port 514 Module om_tcp Host 10.10.10.33 Port 514 Exec to_syslog_ietf(); Module om_tcp Host 10.10.10.33 Port 10002 Path messages, auth => tcp Path audit => tcp_audit Path eve => tcp_eve
#2 jeffron Nxlog ✓
#1 abajosh
The following config file works in Ubuntu 14.04, but throws an error when used on an 18.04 server. Am I using the to_syslog_ietf() function incorrectly? ######################################## # Global directives # ######################################## User nxlog Group nxlog LogFile /var/log/nxlog/nxlog.log LogLevel INFO ##### Logging ##### Module im_file File "/var/log/syslog" Module im_file File "/var/log/audit/audit.log" # Exec $Message = $Hostname + ' ' + $raw_event; Module im_file File "/var/log/auth.log" Module im_file File "/var/log/suricata/eve.json" Module om_tcp Host 10.10.10.33 Port 514 Module om_tcp Host 10.10.10.33 Port 514 Exec to_syslog_ietf(); Module om_tcp Host 10.10.10.33 Port 10002 Path messages, auth => tcp Path audit => tcp_audit Path eve => tcp_eve
Hi Josh, You are experiencing an error because you did not import the Syslog extension. Module xm_syslog I hope this helps Br Jeffron