When you are editing the syslog-ng configuration file, note the following points:
The configuration file can contain a maximum of 6665 source / destination / log elements.
When writing the names of options and parameters (or other reserved words), the hyphen (-) and underscore (_) characters are equivalent, for example max-connections(10) and max_connections(10) are both correct.
Numbers can be prefixed with + or - to indicate positive or negative values. Numbers beginning with zero (0) or 0x are treated as octal or hexadecimal numbers, respectively.
Starting with syslog-ng OSE version 
You can use commas (,) to separate options or other parameters for readability, syslog-ng completely ignores them. The following declarations are equivalent:
source s_demo_stream {
    unix-stream("<path-to-socket>" max-connections(10) group(log));
};
source s_demo_stream {
    unix-stream("<path-to-socket>", max-connections(10), group(log));
};
When enclosing object IDs (for example the name of a destination) between double-quotes ("mydestination"), the ID can include whitespace as well, for example:
source "s demo stream" {
    unix-stream("<path-to-socket>" max-connections(10) group(log));
};
For notes on using regular expressions, see Regular expressions.
You can use if {}, elif {}, and else {} blocks to configure conditional expressions. For details, see if-else-elif: Conditional expressions.
Starting with syslog-ng OSE 
To define an object inline, use braces instead of parentheses. That is, instead of <object-type> (<object-id>);, you use <object-type> {<object-definition>};
The following two configuration examples are equivalent. The first one uses traditional statements, while the second uses inline definitions.
source s_local {
    system();
    internal();
};
destination d_local {
    file("/var/log/messages");
};
log {
    source(s_local);
    destination(d_local);
};log {
    source {
        system();
        internal();
    };
    destination {
        file("/var/log/messages");
    };
};Starting with syslog-ng OSE 
To embed multiple objects into a configuration object, use the following syntax. Note that you must enclose the configuration block between braces instead of parenthesis.
<type-of-top-level-object> <name-of-top-level-object> {
    channel {
        <configuration-objects>
    };
};
For example, to process a log file in a specific way, you can define the required processing rules (parsers and rewrite expressions) and combine them in a single object:
source s_apache {
    channel {
        source {
			file("/var/log/apache/error.log");
        };
        parser(p_apache_parser);
    };
};
log {
    source(s_apache); ...
};
The s_apache source uses a file source (the error log of an Apache webserver) and references a specific parser to process the messages of the error log. The log statement references only the s_apache source, and any other object in the log statement can already use the results of the p_apache_parserparser.
| 
 | NOTE: You must start the object definition with a channel even if you will use a junction, for example: parser demo-parser() {
    channel {
        junction {
            channel { ... };
            channel { ... };
        };
    };
};If you want to embed configuration objects into sources or destinations, always use channels, otherwise the source or destination will not behave as expected. For example, the following configuration is good: source s_filtered_hosts {
    channel{
        source {
            pipe("/dev/pipe");
            syslog(ip(192.168.0.1) transport("tcp"));
            syslog(ip(127.0.0.1) transport("tcp"));
        };
        filter {
            netmask(10.0.0.0/16);
        };
    };
}; | 
Starting with syslog-ng OSE version 
@define name "value"
The value can be any string, but special characters must be escaped.To use the variable, insert the name of the variable enclosed between backticks (`, similarly to using variables in Linux or UNIX shells) anywhere in the configuration file.
The value of the global variable can be also specified using the following methods:
Without any quotes, as long as the value does not contain any spaces or special characters. In other word, it contains only the following characters: a-zA-Z0-9_..
Between apostrophes, in case the value does not contain apostrophes.
Between double quotes, in which case special characters must be escaped using backslashes (\).
| 
 | TIP: The environmental variables of the host are automatically imported and can be used as global variables. | 
For example, if an application is creating multiple log files in a directory, you can store the path in a global variable, and use it in your source definitions.
@define mypath "/opt/myapp/logs"
source s_myapp_1 {
    file("`mypath`/access.log" follow-freq(1));
};
source s_myapp_2 {
    file("`mypath`/error.log" follow-freq(1));
};
source s_myapp_3 {
    file("`mypath`/debug.log" follow-freq(1));
};
The syslog-ng OSE application will interpret this as:
@define mypath "/opt/myapp/logs"
source s_myapp_1 {
    file("/opt/myapp/logs/access.log" follow-freq(1));
};
source s_myapp_2 {
    file("/opt/myapp/logs/error.log" follow-freq(1));
};
source s_myapp_3 {
    file("/opt/myapp/logs/debug.log" follow-freq(1));
};© 2025 One Identity LLC. ALL RIGHTS RESERVED. 利用規約 プライバシー Cookies Preference Center