Pass HSL logging into unix server over UDP 514

Did you check

/var/log

I can only see below files, is there any default file name ?

-rw-r----- 1 root root 6795 Jul 26 2016 acpid -rw-r--r-- 1 root root 988428 Apr 24 2014 activesyncuser.log drwx--S--- 2 amanda disk 4096 Sep 3 2009 amanda -rw------- 1 root root 947618 Dec 7 2010 anaconda.log -rw------- 1 root root 24747 Dec 7 2010 anaconda.syslog drwxr-x--- 2 root root 4096 Mar 30 2017 audit -rw-r--r-- 1 root root 38 Apr 29 2016 backupSh.log -rw-r--r-- 1 root root 153 Jul 25 06:03 bats.ticket.log -rw-r--r-- 1 root root 502905 Jul 13 2011 boost-debug.log -rw------- 1 root root 0 Jul 25 04:02 boot.log -rw------- 1 root root 0 Jul 24 04:02 boot.log.1 -rw------- 1 root root 0 Jul 23 04:02 boot.log.2 -rw------- 1 root root 0 Jul 22 04:02 boot.log.3 -rw------- 1 root root 0 Jul 21 04:02 boot.log.4 -rw-r--r-- 1 root root 179004 Jul 26 2016 brcm-iscsi.log -rw------- 1 root root 394724352 Jul 25 17:23 btmp -rw-r--r-- 1 root root 20786 Jul 25 00:00 checkLogRollover.log -rw-r----- 1 root root 332 Dec 29 2010 clumond.log drwxr-xr-x 6 apache apache 4096 Jun 19 2017 cobbler drwxr-xr-x 2 root root 4096 Nov 11 2007 conman drwxr-xr-x 2 root root 4096 Nov 11 2007 conman.old --w----r-T 1 root root 48878 Jul 25 17:20 cron --w----r-T 1 root root 88833 Jul 25 04:02 cron.1 --w----r-T 1 root root 88889 Jul 24 04:02 cron.2 --w----r-T 1 root root 89058 Jul 23 04:02 cron.3 --w----r-T 1 root root 88785 Jul 22 04:02 cron.4 lrwxrwxrwx 1 root root 27 Nov 30 2012 cube -> /nfs/fas/pr_cacti/logs/cube drwxr-xr-x 2 lp sys 4096 Jul 27 2016 cups drwxr-xr-x 2 root root 4096 Dec 16 2010 dirsrv -rw-r--r-- 1 root root 23559 Jul 26 2016 dmesg drwxr-xr-x 2 root root 4096 Oct 3 2013 dmzdns -rw-r--r-- 1 root root 442 Jul 25 04:00 expireBackups.log -rw-r--r-- 1 root root 59192 Jul 25 04:00 expireLogs.log -rw------- 1 root root 1073888 Jul 6 09:26 faillog lrwxrwxrwx 1 root root 31 Dec 10 2012 filtered -> /nfs/fas/pr_cacti/logs/filtered drwxr-xr-x 6 root root 4096 Dec 9 2012 firewall -rw-r--r-- 1 root root 922355 Jun 29 22:59 fortigate-archive-fwlar1.log -rw-r--r-- 1 root root 21596 Jun 30 20:02 fortigate-archive-fwlar2.log -rw-r--r-- 1 root root 524957 Dec 30 2015 fortigate-archive.log -rw-r--r-- 1 root root 0 Jul 1 20:06 fortigate-remove-after-archive-fwlar1.log -rw-r--r-- 1 root root 80958 Jul 2 20:00 fortigate-remove-after-archive-fwlar2.log -rw-r--r-- 1 root root 974610 Jan 1 2016 fortigate-remove-after-archive.log -rw-r--r-- 1 root root 155 Feb 23 04:59 Fortilog.log -rw------- 1 root root 590687 Jul 26 2016 ftpd.xferlog -rwxrwxrwx 1 root root 322427 Apr 11 2012 gatherConnStats.log -rw-r--r-- 1 root root 33205 Jan 21 2012 gatherStats.log.1.gz -rw-r--r-- 1 root root 92699 Jan 20 2012 gatherStats.log.2.gz -rw-r--r-- 1 root root 92445 Jan 19 2012 gatherStats.log.3.gz -rw-r--r-- 1 root root 38424 Jan 18 2012 gatherStats.log.4.gz -rw-r--r-- 1 root root 53370 Jan 17 2012 gatherStats.log.5.gz lrwxrwxrwx 1 root root 9 Nov 30 2012 gatherTableStats.log -> /dev/null drwxr-xr-x 2 root root 4096 Sep 5 2009 gdm drwxr-xr-x 2 root root 20480 Jun 21 2017 hosts drwx------ 2 root root 4096 Jul 20 2017 httpd drwx------ 2 root root 4096 Mar 14 2007 iptraf --w----r-T 1 root root 695993 Dec 12 2016 kern -rw-r--r-- 1 root root 9799228 Jul 25 17:23 lastlog drwx------ 3 root root 4096 Aug 10 2010 libvirt -rw-r--r-- 1 root root 465773 Jul 25 01:03 logrotate.log drwxr-xr-x 2 root root 4096 Dec 7 2010 mail --w----r-T 1 root root 2014 Jul 25 04:02 maillog --w----r-T 1 root root 8220 Jul 25 04:02 maillog.1 --w----r-T 1 root root 8206 Jul 24 04:02 maillog.2 --w----r-T 1 root root 8220 Jul 23 04:02 maillog.3 --w----r-T 1 root root 8205 Jul 22 04:02 maillog.4 -rw-r--r-- 1 root root 0 Dec 7 2010 mcelog --w----r-T 1 root root 186845 Jul 25 17:22 messages --w----r-T 1 root root 338847 Jul 25 03:58 messages.1 --w----r-T 1 root root 334644 Jul 24 03:58 messages.2 --w----r-T 1 root root 334861 Jul 23 04:01 messages.3 --w----r-T 1 root root 343292 Jul 22 03:57 messages.4 -rw-r----- 1 mysql mysql 209 Feb 25 2012 mysqld.log.10.gz -rw-r----- 1 mysql mysql 358 Jul 27 2016 mysqld.log.1.gz -rw-r----- 1 mysql mysql 20 Oct 22 2013 mysqld.log.2.gz -rw-r----- 1 mysql mysql 361 Oct 21 2013 mysqld.log.3.gz -rw-r----- 1 mysql mysql 200 Jun 16 2013 mysqld.log.4.gz -rw-rw---- 1 root root 51 May 14 2013 mysqld.log.5.gz -rw-r----- 1 mysql mysql 210 Dec 1 2012 mysqld.log.6.gz -rw-r----- 1 mysql mysql 286 Sep 11 2012 mysqld.log.7.gz -rw-rw---- 1 root root 51 Aug 31 2012 mysqld.log.8.gz -rw-r----- 1 mysql mysql 207 Mar 11 2012 mysqld.log.9.gz --w----r-T 1 root root 206 Jul 25 05:00 named.log --w----r-T 1 root root 206 Jul 24 05:05 named.log.1 --w----r-T 1 root root 206 Jul 23 05:00 named.log.2 --w----r-T 1 root root 206 Jul 22 05:00 named.log.3 --w----r-T 1 root root 1734 Jul 21 13:37 named.log.4 drwxr-xr-x 2 nobody nobody 4096 Jul 20 2017 nmon drwxrwxr-x 2 piranha root 4096 Dec 7 2010 piranha drwxr-xr-x 2 root root 4096 Dec 7 2010 pm

Can you wildcard grep command (ltm log pattern) n see which which folder ltm log reside. I am suspecting it will be inside "messages" file.

Example:

          grep -i 'virtual' *.*

If you are using syslog-ng the files could be in /var/log/syslog-ng/* but it's impossible to tell with your previous post because your directory listing is incomplete.

Hi Viau

There is no such folder called syslog-ng in /var/log/

It looks like this is a redhat system without syslog-ng.

I'd do a "yum install syslog-ng" and install syslog-ng for this. Then your log files would be named per the incoming hostname.

Your server is most likely running syslog-ng or rsyslog. Look for a configuration file in /etc (/etc/rsyslog.conf or /etc/syslog-ng.conf perhaps). That configuration file should tell you where the log files are saved.