Starting from version 4.0, syslog-ng Premium Edition is Novell Ready certified for the following platforms:
SUSE Linux Enterprise Server 10 on the x86 and x86_64 AMD64 & Intel EM64T architectures
SUSE Linux Enterprise Server 11 on the x86 and x86_64 AMD64 & Intel EM64T architectures
Starting from version 4.0, syslog-ng Premium Edition is RedHat Ready certified for the following platforms:
Red Hat Enterprise Linux 2.1 on the x86 architecture
Red Hat Enterprise Linux 3 on the x86_64 AMD64 & Intel EM64T architecture
Red Hat Enterprise Linux 4 on the x86 and x86_64 AMD64 & Intel EM64T architectures
Red Hat Enterprise Linux 5 on the x86 and x86_64 AMD64 & Intel EM64T architectures
Red Hat Enterprise Linux 6 on the x86 and x86_64 AMD64 & Intel EM64T architectures
Starting from version 5.4, syslog-ng Premium Edition is MapR certified.
This chapter discusses the technical concepts of syslog-ng.
Typically, syslog-ng is used to manage log messages and implement centralized logging, where the aim is to collect the log messages of several devices on a single, central log server. The different devices — called syslog-ng clients — all run syslog-ng, and collect the log messages from the various applications, files, and other sources. The clients send all important log messages to the remote syslog-ng server, which sorts and stores them.
The syslog-ng application reads incoming messages and forwards them to the selected destinations. The syslog-ng application can receive messages from files, remote hosts, and other sources.
Log messages enter syslog-ng in one of the defined sources, and are sent to one or more destinations.
Sources and destinations are independent objects, log paths define what syslog-ng does with a message, connecting the sources to the destinations. A log path consists of one or more sources and one or more destinations: messages arriving from a source are sent to every destination listed in the log path. A log path defined in syslog-ng is called a log statement.
Optionally, log paths can include filters. Filters are rules that select only certain messages, for example, selecting only messages sent by a specific application. If a log path includes filters, syslog-ng sends only the messages satisfying the filter rules to the destinations set in the log path.
Other optional elements that can appear in log statements are parsers and rewriting rules. Parsers segment messages into different fields to help processing the messages, while rewrite rules modify the messages by adding, replacing, or removing parts of the messages.