Let's Talk
Let's Talk

Error when using to_syslog_ietf() function in config for Ubuntu 18.04

Tags:
#1 abajosh
The following config file works in Ubuntu 14.04, but throws an error when used on an 18.04 server. Am I using the to_syslog_ietf() function incorrectly? ######################################## # Global directives # ######################################## User nxlog Group nxlog LogFile /var/log/nxlog/nxlog.log LogLevel INFO ##### Logging ##### Module im_file File "/var/log/syslog" Module im_file File "/var/log/audit/audit.log" # Exec $Message = $Hostname + ' ' + $raw_event; Module im_file File "/var/log/auth.log" Module im_file File "/var/log/suricata/eve.json" Module om_tcp Host 10.10.10.33 Port 514 Module om_tcp Host 10.10.10.33 Port 514 Exec to_syslog_ietf(); Module om_tcp Host 10.10.10.33 Port 10002 Path messages, auth => tcp Path audit => tcp_audit Path eve => tcp_eve
Permalink
#2 jeffron Nxlog ✓
#1 abajosh
The following config file works in Ubuntu 14.04, but throws an error when used on an 18.04 server. Am I using the to_syslog_ietf() function incorrectly? ######################################## # Global directives # ######################################## User nxlog Group nxlog LogFile /var/log/nxlog/nxlog.log LogLevel INFO ##### Logging ##### <Input messages> Module im_file File "/var/log/syslog" </Input> <Input audit> Module im_file File "/var/log/audit/audit.log" # Exec $Message = $Hostname + ' ' + $raw_event; </Input> <Input auth> Module im_file File "/var/log/auth.log" </Input> <Input eve> Module im_file File "/var/log/suricata/eve.json" </Input> <Output tcp> Module om_tcp Host 10.10.10.33 Port 514 </Output> <Output tcp_audit> Module om_tcp Host 10.10.10.33 Port 514 Exec to_syslog_ietf(); </Output> <Output tcp_eve> Module om_tcp Host 10.10.10.33 Port 10002 </Output> <Route messages_to_tcp> Path messages, auth => tcp </Route> <Route messages_to_tcp_audit> Path audit => tcp_audit </Route> <Route eve_to_tcp> Path eve => tcp_eve </Route>

Hi Josh,

You are experiencing an error because you did not import the Syslog extension.

<Extension _syslog>
    Module  xm_syslog
</Extension>

I hope this helps

Br

Jeffron
Login to see more