What is new in syslog-ng Premium Edition 6 LTS?
-
For details on the news and highlights of syslog-ng Premium Edition 6 LTS, see the Release Notes.
-
For details on changes in The syslog-ng Premium Edition 6 LTS Administrator Guide, see the section called “Version 5 F3 - 5 F4”.
Who uses syslog-ng?
The syslog-ng application is used worldwide by companies and institutions who collect and manage the logs of several hosts, and want to store them in a centralized, organized way. Using syslog-ng is particularly advantageous for:
-
Internet Service Providers
-
Financial institutions and companies requiring policy compliance
-
Server, web, and application hosting companies
-
Datacenters
-
Wide area network (WAN) operators
-
Server farm administrators.
Among others, the following companies decided to use syslog-ng PE in their production environment:
Supported platforms
The syslog-ng Premium Edition application is officially supported on the following platforms. Note that the following table is for general reference only, and is not always accurate about the supported platforms and options available for specific platforms. The latest version of this table is available at https://syslog-ng.com/log-management-software/supported-platforms. Unless explicitly noted otherwise, the subsequent releases of the platform (for example, Windows Server 2008 R2 and its service packs in case of Windows Server 2008) are also supported.
Table 1.1. Platforms supported by syslog-ng Premium Edition
| x86 | x86_64 | SPARC | SPARC64 | PowerPC | IA64 | |
|---|---|---|---|---|---|---|
| AIX 7.1 | - | - | - | - | ✔ | - |
| CentOS 5 | ✔ | ✔ | - | - | - | - |
| CentOS 6 | ✔ | ✔ | - | - | - | - |
| CentOS 7 | - | ✔ | - | - | - | - |
| Debian 8 (jessie) | - | ✔ | - | - | - | - |
| FreeBSD 10 | - | ✔ | - | - | - | - |
| HP-UX 11i v3 | - | - | - | - | - | ✔ |
| Oracle Linux 5 | ✔ | ✔ | - | - | - | - |
| Oracle Linux 6 | ✔ | ✔ | - | - | - | - |
| Oracle Linux 7 | - | ✔ | - | - | - | - |
| openSUSE 11 | ✔ | ✔ | - | - | - | - |
| Red Hat EL 5 | ✔ | ✔ | - | - | - | - |
| Red Hat EL 6 | ✔ | ✔ | - | - | - | - |
| Red Hat EL 7 | - | ✔ | - | - | - | - |
| SLES 11 | ✔ | ✔ | - | - | - | - |
| SLES 12 | - | ✔ | - | - | - | - |
| Solaris 10 | - | ✔ | ✔ | ✔ | - | - |
| Solaris 11 | - | ✔ | - | ✔ | - | - |
| Ubuntu 14.04 LTS (Trusty Tahr) | ✔ | ✔ | - | - | - | - |
| Ubuntu 16.04 LTS (Xenial Xerus) | - | ✔ | - | - | - | - |
| Windows Server 2008 | ✔ | ✔ | - | - | - | - |
| Windows Server 2012 | - | ✔ | - | - | - | - |
| Windows Server 2016 | - | ✔ | - | - | - | - |
| Windows Server 2019 | - | ✔ | - | - | - | - |
| Windows Vista | ✔ | ✔ | - | - | - | - |
| Windows 7 | ✔ | ✔ | - | - | - | - |
| Windows 8 | ✔ | ✔ | - | - | - | - |
| Windows 10 | ✔ | ✔ | - | - | - | - |
The central syslog-ng PE server can be installed on Microsoft Windows platforms as well, in this case you can configure syslog-ng PE using a configuration file, like on any other platform. However, if you want only to forward eventlog and other log messages from Windows to your central logserver, you can use the syslog-ng Agent for Windows application. The syslog-ng Agent for Windows can be managed centrally from a domain controller, and can be configured from a graphical interface as well. The syslog-ng Agent for Windows application is available as part of syslog-ng Premium Edition.
For details about the syslog-ng Agent for Windows application, see Administration Guide for syslog-ng Agent for Windows.
The following features and options of syslog-ng PE are not available on Microsoft Windows platforms.
-
IPv6 is not supported, only IPv4
-
Java-based destinations, like Elasticsearch, Hadoop Distributed File System (HDFS), or Apache Kafka.
-
The
mongodb()destination -
The
pipe()source -
The
pipe()destination -
The
program()source -
The
program()destination -
The
smtp()destination -
The
snmp()destination -
The
sql()source -
The
sql()destination -
The
sun-streams()source -
The
unix-dgram()source -
The
unix-dgram()destination -
The
unix-stream()source -
The
unix-stream()destination
Starting from version 4.0, syslog-ng Premium Edition is Novell Ready certified for the following platforms:
-
SUSE Linux Enterprise Server 10 on the x86 and x86_64 AMD64 & Intel EM64T architectures
-
SUSE Linux Enterprise Server 11 on the x86 and x86_64 AMD64 & Intel EM64T architectures
Starting from version 4.0, syslog-ng Premium Edition is RedHat Ready certified for the following platforms:
-
Red Hat Enterprise Linux 2.1 on the x86 architecture
-
Red Hat Enterprise Linux 3 on the x86_64 AMD64 & Intel EM64T architecture
-
Red Hat Enterprise Linux 4 on the x86 and x86_64 AMD64 & Intel EM64T architectures
-
Red Hat Enterprise Linux 5 on the x86 and x86_64 AMD64 & Intel EM64T architectures
-
Red Hat Enterprise Linux 6 on the x86 and x86_64 AMD64 & Intel EM64T architectures
Starting from version 5.4, syslog-ng Premium Edition is MapR certified.
Chapter 2. The concepts of syslog-ng
Table of Contents
- The philosophy of syslog-ng
- Logging with syslog-ng
- Modes of operation
- Logging with syslog-ng
- Global objects
- Timezones and daylight saving
- Versions and releases of syslog-ng PE
- Licensing
- GPL and LGPL licenses
- High availability support
- The structure of a log message
- High availability support
- Message representation in syslog-ng PE
- Structuring macros, metadata, and other value-pairs
- Things to consider when forwarding messages between syslog-ng PE hosts
- NFS file system for log files
This chapter discusses the technical concepts of syslog-ng.
Typically, syslog-ng is used to manage log messages and implement centralized logging, where the aim is to collect the log messages of several devices on a single, central log server. The different devices — called syslog-ng clients — all run syslog-ng, and collect the log messages from the various applications, files, and other sources. The clients send all important log messages to the remote syslog-ng server, which sorts and stores them.