Preface
Welcome to the syslog-ng Premium Edition 6 LTS Administrator Guide!
This document describes how to configure and manage syslog-ng. Background information for the technology and concepts used by the product is also discussed.
Chapter 1, Introduction to syslog-ng describes the main functionality and purpose of syslog-ng PE.
Chapter 2, The concepts of syslog-ng discusses the technical concepts and philosophies behind syslog-ng PE.
Chapter 3, Installing syslog-ng describes how to install syslog-ng PE on various UNIX-based platforms using the precompiled binaries.
Chapter 4, The syslog-ng PE quick-start guide provides a briefly explains how to perform the most common log collecting tasks with syslog-ng PE.
Chapter 5, The syslog-ng PE configuration file discusses the configuration file format and syntax in detail, and explains how to manage large-scale configurations using included files and reusable configuration snippets.
Chapter 6, Collecting log messages — sources and source drivers explains how to collect and receive log messages from various sources.
Chapter 7, Sending and storing log messages — destinations and destination drivers describes the different methods to store and forward log messages.
Chapter 8, Routing messages: log paths, reliability, and filters explains how to route and sort log messages, and how to use filters to select specific messages.
Chapter 9, Global options of syslog-ng PE lists the global options of syslog-ng PE and explains how to use them.
Chapter 10, TLS-encrypted message transfer shows how to secure and authenticate log transport using TLS encryption.
Chapter 12, Reliable Log Transfer Protocol™ describes the reliable log transport that prevents message loss.
Chapter 13, Reliability and minimizing the loss of log messages describes how to use flow control, disk buffering, and Reliable Log Transfer Protocol™ to minimize or completely prevent the loss of log messages.
Chapter 14, Manipulating messages describes how to customize message format using templates and macros, how to rewrite and modify messages, and how to use regular expressions.
Chapter 15, Parsing and segmenting structured messages describes how to segment and process structured messages like comma-separated values.
Chapter 16, Processing message content with a pattern database explains how to identify and process log messages using a pattern database.
Chapter 17, Statistics and metrics of syslog-ng details the available statistics that syslog-ng PE collects about the processed log messages.
Chapter 18, Multithreading and scaling in syslog-ng PE describes how to configure syslog-ng PE to use multiple processors, and how to optimize its performance.
Chapter 19, Troubleshooting syslog-ng offers tips to solving problems.
Chapter 20, Best practices and examples gives recommendations to configure special features of syslog-ng PE.
Appendix A, The syslog-ng manual pages contains the manual pages of the syslog-ng PE application.
Appendix C, Open source licenses includes the text of the licenses applicable to syslog-ng Premium Edition.
Target audience and prerequisites
This guide is intended for system administrators and consultants responsible for designing and maintaining logging solutions and log centers. It is also useful for IT decision makers looking for a tool to implement centralized logging in heterogeneous environments.
The following skills and knowledge are necessary for a successful syslog-ng administrator:
-
At least basic system administration knowledge.
-
An understanding of networks, TCP/IP protocols, and general network terminology.
-
Working knowledge of the UNIX or Linux operating system.
-
In-depth knowledge of the logging process of various platforms and applications.
-
An understanding of the legacy syslog (BSD-syslog) protocol) and the new syslog (IETF-syslog) protocol) standard.
Products covered in this guide
This guide describes the use of the following products:
-
syslog-ng Premium Edition (syslog-ng PE) 6.0.1 and later
Typographical conventions
Before you start using this guide, it is important to understand the terms and typographical conventions used in the documentation. For more information on specialized terms and abbreviations used in the documentation, see theGlossary at the end of this document.
The following kinds of text formatting and icons identify special information in the document.
|
|
TIP:
Tips provide best practices and recommendations. |
|
|
NOTE:
Notes provide additional information on a topic, and emphasize important facts and considerations. |
|
|
Caution:
Warnings mark situations where loss of data or misconfiguration of the device is possible if the instructions are not obeyed. |
