Chatta subito con l'assistenza

Ottieni assistenza in tempo reale
Completa la registrazione

Accedi

Richiedi prezzo

Contatta il supporto vendite

syslog-ng Premium Edition 6.0.24 - Administration Guide

Table of Contents

Target audience and prerequisites Products covered in this guide Typographical conventions About this document

Chapter 1. Introduction to syslog-ng

What syslog-ng is What syslog-ng is not Why is syslog-ng needed? Secure and reliable log transfer Flexible data extraction and processing Chapter 1. Introduction to syslog-ng Chapter 1. Introduction to syslog-ng Chapter 1. Introduction to syslog-ng What is new in syslog-ng Premium Edition 6 LTS? Who uses syslog-ng? Supported platforms

Chapter 2. The concepts of syslog-ng

Logging with syslog-ng Modes of operation Global objects Timezones and daylight saving Versions and releases of syslog-ng PE Licensing GPL and LGPL licenses High availability support The structure of a log message Message representation in syslog-ng PE

Message size and encoding

Structuring macros, metadata, and other value-pairs

Structuring macros, metadata, and other value-pairs

Things to consider when forwarding messages between syslog-ng PE hosts NFS file system for log files

Chapter 3. Installing syslog-ng

Security-enhanced Linux: grsecurity, SELinux Installing syslog-ng using the .run installer Upgrading syslog-ng PE Uninstalling syslog-ng PE

Chapter 4. The syslog-ng PE quick-start guide Chapter 5. The syslog-ng PE configuration file

The configuration syntax in detail Notes about the configuration syntax Global and environmental variables Logging configuration changes Modules in syslog-ng PE Managing complex syslog-ng configurations

Chapter 6. Collecting log messages — sources and source drivers

Collecting internal messages Collecting messages from text files Collecting messages using the RFC3164 protocol (network() driver) Collecting messages from named pipes Receiving messages from external applications Collecting messages from tables or relational database Collecting messages on Sun Solaris Collecting messages using the IETF syslog protocol (syslog() driver) Collecting the system-specific log messages of a platform Collecting messages from the systemd-journal system log storage Collecting messages from remote hosts using the BSD syslog protocol Collecting systemd messages using a socket Collecting messages from UNIX domain sockets

Chapter 7. Sending and storing log messages — destinations and destination drivers

Sending messages directly to Elasticsearch version 2.0 or higher Storing messages in plain-text files Storing messages in encrypted files Storing messages in a MongoDB database Sending messages to a remote log server using the RFC3164 protocol (network() driver) Sending messages to named pipes Sending messages to external applications Sending SNMP traps Sending messages to a remote log server using the IETF-syslog protocol Sending messages to a remote log server using the legacy BSD-syslog protocol (tcp(), udp() drivers) Sending messages to UNIX domain sockets Sending messages to a user terminal — usertty() destination

Chapter 8. Routing messages: log paths, reliability, and filters

Managing incoming and outgoing messages with flow-control Using disk-based and memory buffering Client-side failover Filters Dropping messages

Chapter 9. Global options of syslog-ng PE

Chapter 10. TLS-encrypted message transfer

Encrypting log messages with TLS Mutual authentication using TLS TLS options

Chapter 12. Reliable Log Transfer Protocol™

RLTP™ options Examples for using RLTP™

Chapter 13. Reliability and minimizing the loss of log messages

Flow control, no disk buffering, no RLTP™ Flow control, normal disk buffering, no RLTP™ Flow control, reliable disk buffering, no RLTP™ Flow control, reliable disk buffering, RLTP™ Deciding which loss prevention mechanism to apply

Chapter 14. Manipulating messages

Modifying messages Regular expressions

Chapter 15. Parsing and segmenting structured messages

Parsing key=value pairs The JSON parser

Chapter 16. Processing message content with a pattern database

Using pattern databases Correlating log messages Triggering actions for identified messages Creating pattern databases

Chapter 17. Statistics and metrics of syslog-ng Chapter 18. Multithreading and scaling in syslog-ng PE

Configuring multithreading Optimizing multithreaded performance

Chapter 19. Troubleshooting syslog-ng

Collecting debugging information with strace, truss, or tusc Stopping syslog-ng Reporting bugs and finding help Recover data from orphaned diskbuffer files

Chapter 20. Best practices and examples

Handling large message load Using name resolution in syslog-ng Configuring log rotation

GNU General Public License v2

Preamble TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION How to Apply These Terms to Your New Programs

About this document

Preface > About this document

This guide is a work-in-progress document with new versions appearing periodically.

The latest version of this document can be downloaded from the syslog-ng Documentation page.

Changes in syslog-ng Premium Edition (syslog-ng PE) version 6.0.20

Starting from syslog-ng PE version 6.0.20 and after 31 July 2020, only AIX 7 platform and syslog-ng Agent for Windows are supported. For further details about supported platforms, see Supported platforms.

Feedback

Any feedback is greatly appreciated, especially on what else this document should cover. General comments, errors found in the text, and any suggestions about how to improve the documentation is welcome at bb-pub-documentation@quest.com.

Acknowledgments

One Identity would like to express its gratitude to the syslog-ng users and the syslog-ng community for their invaluable help and support.

Chapter 1. Introduction to syslog-ng

Chapter 1. Introduction to syslog-ng

This chapter introduces the syslog-ng Premium Edition application in a non-technical manner, discussing how and why is it useful, and the benefits it offers to an existing IT infrastructure.

What syslog-ng is

Chapter 1. Introduction to syslog-ng > What syslog-ng is

The syslog-ng Premium Edition (syslog-ng PE) application is a flexible and highly scalable system logging application that is ideal for creating centralized and trusted logging solutions. Among others, syslog-ng PE allows you the following.

What syslog-ng is not

Chapter 1. Introduction to syslog-ng > What syslog-ng is not

The syslog-ng application is not log analysis software. It can filter log messages and select only the ones matching certain criteria. It can even convert the messages and restructure them to a predefined format, or parse the messages and segment them into different fields. But syslog-ng cannot interpret and analyze the meaning behind the messages, or recognize patterns in the occurrence of different messages.

Related Documents

The document was helpful.

Seleziona valutazione

I easily found the information I needed.

Seleziona valutazione

© 2025 One Identity LLC. ALL RIGHTS RESERVED. Termini di utilizzo Privacy Cookie Preference Center