Chat now with support
Chat with Support

We are currently preforming website maintenance, any feature requiring sign-in is temporarily unavailable, if you have an issue requiring immediate assistance please call Technical Support.

syslog-ng Premium Edition 6.0.17 - Administration Guide

Preface Chapter 1. Introduction to syslog-ng Chapter 2. The concepts of syslog-ng Chapter 3. Installing syslog-ng Chapter 4. The syslog-ng PE quick-start guide Chapter 5. The syslog-ng PE configuration file Chapter 6. Collecting log messages — sources and source drivers Chapter 7. Sending and storing log messages — destinations and destination drivers Chapter 8. Routing messages: log paths, reliability, and filters Chapter 9. Global options of syslog-ng PE Chapter 10. TLS-encrypted message transfer Chapter 11. FIPS-compliant syslog-ng Chapter 12.  Reliable Log Transfer Protocol™ Chapter 13. Reliability and minimizing the loss of log messages Chapter 14. Manipulating messages Chapter 15. Parsing and segmenting structured messages Chapter 16. Processing message content with a pattern database Chapter 17. Statistics and metrics of syslog-ng Chapter 18. Multithreading and scaling in syslog-ng PE Chapter 19. Troubleshooting syslog-ng Chapter 20. Best practices and examples

What is new in syslog-ng Premium Edition 6 LTS?

What is new in syslog-ng Premium Edition 6 LTS?

  • For details on the news and highlights of syslog-ng Premium Edition 6 LTS, see the Release Notes.

  • For details on changes in The syslog-ng Premium Edition 6 LTS Administrator Guide, see the section called “Version 5 F3 - 5 F4”.

Who uses syslog-ng?

The syslog-ng application is used worldwide by companies and institutions who collect and manage the logs of several hosts, and want to store them in a centralized, organized way. Using syslog-ng is particularly advantageous for:

  • Internet Service Providers

  • Financial institutions and companies requiring policy compliance

  • Server, web, and application hosting companies

  • Datacenters

  • Wide area network (WAN) operators

  • Server farm administrators.

Public references of syslog-ng Premium Edition

Among others, the following companies decided to use syslog-ng PE in their production environment:

Supported platforms

The syslog-ng Premium Edition application is officially supported on the following platforms. Note that the following table is for general reference only, and is not always accurate about the supported platforms and options available for specific platforms. The latest version of this table is available at https://syslog-ng.com/log-management-software/supported-platforms. Unless explicitly noted otherwise, the subsequent releases of the platform (for example, Windows Server 2008 R2 and its service packs in case of Windows Server 2008) are also supported.

Table 1.1. Platforms supported by syslog-ng Premium Edition

x86 x86_64 SPARC SPARC64 PowerPC IA64
AIX 7.1 - - - - -
CentOS 5 - - - -
CentOS 6 - - - -
CentOS 7 - - - - -
Debian 8 (jessie) - - - - -
FreeBSD 10 - - - - -
HP-UX 11i v3 - - - - -
Oracle Linux 5 - - - -
Oracle Linux 6 - - - -
Oracle Linux 7 - - - - -
openSUSE 11 - - - -
Red Hat EL 5 - - - -
Red Hat EL 6 - - - -
Red Hat EL 7 - - - - -
SLES 11 - - - -
SLES 12 - - - - -
Solaris 10 - - -
Solaris 11 - - - -
Ubuntu 14.04 LTS (Trusty Tahr) - - - -
Ubuntu 16.04 LTS (Xenial Xerus) - - - - -
Windows Server 2008 - - - -
Windows Server 2012 - - - - -
Windows Server 2016 - - - - -
Windows Server 2019 - - - - -
Windows Vista - - - -
Windows 7 - - - -
Windows 8 - - - -
Windows 10 - - - -

Caution:

Certain sources and destinations are not supported on every platform (particularly, the sql() source and destination, and the hdfs() destination). For details, see the description of the specific source and destination.

The central syslog-ng PE server can be installed on Microsoft Windows platforms as well, in this case you can configure syslog-ng PE using a configuration file, like on any other platform. However, if you want only to forward eventlog and other log messages from Windows to your central logserver, you can use the syslog-ng Agent for Windows application. The syslog-ng Agent for Windows can be managed centrally from a domain controller, and can be configured from a graphical interface as well. The syslog-ng Agent for Windows application is available as part of syslog-ng Premium Edition.

For details about the syslog-ng Agent for Windows application, see Administration Guide for syslog-ng Agent for Windows.

Limitations on Microsoft Windows platforms

The following features and options of syslog-ng PE are not available on Microsoft Windows platforms.

  • IPv6 is not supported, only IPv4

  • Java-based destinations, like Elasticsearch, Hadoop Distributed File System (HDFS), or Apache Kafka.

  • The mongodb() destination

  • The pipe() source

  • The pipe() destination

  • The program() source

  • The program() destination

  • The smtp() destination

  • The snmp() destination

  • The sql() source

  • The sql() destination

  • The sun-streams() source

  • The unix-dgram() source

  • The unix-dgram() destination

  • The unix-stream() source

  • The unix-stream() destination

Certified packages

Starting from version 4.0, syslog-ng Premium Edition is Novell Ready certified for the following platforms:

  • SUSE Linux Enterprise Server 10 on the x86 and x86_64 AMD64 & Intel EM64T architectures

  • SUSE Linux Enterprise Server 11 on the x86 and x86_64 AMD64 & Intel EM64T architectures

Starting from version 4.0, syslog-ng Premium Edition is RedHat Ready certified for the following platforms:

  • Red Hat Enterprise Linux 2.1 on the x86 architecture

  • Red Hat Enterprise Linux 3 on the x86_64 AMD64 & Intel EM64T architecture

  • Red Hat Enterprise Linux 4 on the x86 and x86_64 AMD64 & Intel EM64T architectures

  • Red Hat Enterprise Linux 5 on the x86 and x86_64 AMD64 & Intel EM64T architectures

  • Red Hat Enterprise Linux 6 on the x86 and x86_64 AMD64 & Intel EM64T architectures

Starting from version 5.4, syslog-ng Premium Edition is MapR certified.

Chapter 2. The concepts of syslog-ng

Table of Contents

The philosophy of syslog-ng
Logging with syslog-ng
Modes of operation
Client mode
Relay mode
Server mode
Global objects
Timezones and daylight saving
A note on timezones and timestamps
Versions and releases of syslog-ng PE
Licensing
Licensing benefits
Licensing model and modes of operation
Licensing examples
GPL and LGPL licenses
High availability support
The structure of a log message
BSD-syslog or legacy-syslog messages
IETF-syslog messages
Message representation in syslog-ng PE
Structuring macros, metadata, and other value-pairs
Specifying data types in value-pairs
Things to consider when forwarding messages between syslog-ng PE hosts
NFS file system for log files

This chapter discusses the technical concepts of syslog-ng.

The philosophy of syslog-ng

Typically, syslog-ng is used to manage log messages and implement centralized logging, where the aim is to collect the log messages of several devices on a single, central log server. The different devices — called syslog-ng clients — all run syslog-ng, and collect the log messages from the various applications, files, and other sources. The clients send all important log messages to the remote syslog-ng server, which sorts and stores them.

Related Documents