On platforms running systemd, the systemd-syslog() driver reads the log messages of systemd using the /run/systemd/journal/syslog socket. Note the following points about this driver:
-
If possible, use the more reliable systemd-journal() driver instead.
-
The socket activation of systemd is buggy, causing some log messages to get lost during system startup.
-
If syslog-ng PE is running in a jail or a Linux Container (LXC), it will not read from the /dev/kmsg or /proc/kmsg files.
Declaration
systemd-syslog();
Example: Using the systemd-syslog() driver
@version: 7.0
source s_systemdd {
systemd-syslog();
};
destination d_network {
syslog("server.host");
};
log {
source(s_systemdd);
destination(d_network);
};
The tcp(), tcp6(), udp(), udp6() drivers can receive syslog messages conforming to RFC3164 from the network using the TCP and UDP networking protocols. The tcp6() and udp6() drivers use the IPv6 network protocol, while tcp() and udp() use IPv4.
To convert your existing tcp(), tcp6(), udp(), udp6() source drivers to use the network() driver, see Change an old source driver to the network() driver.
To convert your existing tcp(), tcp6(), udp(), udp6() source drivers to use the network() driver, see Change an old source driver to the network() driver.
Change an old source driver to the network() driver
To replace your existing tcp(), tcp6(), udp(), udp6() sources with a network() source, complete the following steps.
-
Replace the driver with network. For example, replace udp( with network(
-
Set the transport protocol.
-
If you used TLS-encryption, add the transport("tls") option, then continue with the next step.
-
If you used the tcp or tcp6 driver, add the transport("tcp") option.
-
If you used the udp or udp driver, add the transport("udp") option.
-
If you use IPv6 (that is, the udp6 or tcp6 driver), add the ip-protocol(6) option.
-
If you did not specify the port used in the old driver, check network() source options and verify that your clients send the messages to the default port of the transport protocol you use. Otherwise, set the appropriate port number in your source using the port() option.
-
All other options are identical. Test your configuration with the syslog-ng --syntax-only command.
The following configuration shows a simple tcp source.
source s_old_tcp {
tcp(
ip(127.0.0.1) port(1999)
tls(
peer-verify("required-trusted")
key-file("/opt/syslog-ng/etc/syslog-ng/syslog-ng.key")
cert-file('/opt/syslog-ng/etc/syslog-ng/syslog-ng.crt')
)
);
};
When replaced with the network() driver, it looks like this.
source s_new_network_tcp {
network(
transport("tls")
ip(127.0.0.1) port(1999)
tls(
peer-verify("required-trusted")
key-file("/opt/syslog-ng/etc/syslog-ng/syslog-ng.key")
cert-file('/opt/syslog-ng/etc/syslog-ng/syslog-ng.crt')
)
);
};
To replace your existing tcp(), tcp6(), udp(), udp6() sources with a network() source, complete the following steps.
-
Replace the driver with network. For example, replace udp( with network(
-
Set the transport protocol.
-
If you used TLS-encryption, add the transport("tls") option, then continue with the next step.
-
If you used the tcp or tcp6 driver, add the transport("tcp") option.
-
If you used the udp or udp driver, add the transport("udp") option.
-
If you use IPv6 (that is, the udp6 or tcp6 driver), add the ip-protocol(6) option.
-
If you did not specify the port used in the old driver, check network() source options and verify that your clients send the messages to the default port of the transport protocol you use. Otherwise, set the appropriate port number in your source using the port() option.
-
All other options are identical. Test your configuration with the syslog-ng --syntax-only command.
The following configuration shows a simple tcp source.
source s_old_tcp {
tcp(
ip(127.0.0.1) port(1999)
tls(
peer-verify("required-trusted")
key-file("/opt/syslog-ng/etc/syslog-ng/syslog-ng.key")
cert-file('/opt/syslog-ng/etc/syslog-ng/syslog-ng.crt')
)
);
};
When replaced with the network() driver, it looks like this.
source s_new_network_tcp {
network(
transport("tls")
ip(127.0.0.1) port(1999)
tls(
peer-verify("required-trusted")
key-file("/opt/syslog-ng/etc/syslog-ng/syslog-ng.key")
cert-file('/opt/syslog-ng/etc/syslog-ng/syslog-ng.crt')
)
);
};