Chat now with support
Chat with Support

syslog-ng Premium Edition 7.0.9 - Administration Guide

Preface Introduction to syslog-ng The concepts of syslog-ng Installing syslog-ng The syslog-ng PE quick-start guide The syslog-ng PE configuration file Collecting log messages — sources and source drivers
How sources work default-network-drivers: Receive and parse common syslog messages internal: Collecting internal messages file: Collecting messages from text files wildcard-file: Collecting messages from multiple text files network: Collecting messages using the RFC3164 protocol (network() driver) osquery: Collect and parse osquery result logs pipe: Collecting messages from named pipes program: Receiving messages from external applications snmptrap: Read Net-SNMP traps sun-streams: Collecting messages on Sun Solaris syslog: Collecting messages using the IETF syslog protocol (syslog() driver) system: Collecting the system-specific log messages of a platform systemd-journal: Collecting messages from the systemd-journal system log storage systemd-syslog: Collecting systemd messages using a socket tcp, tcp6, udp, udp6: Collecting messages from remote hosts using the BSD syslog protocol unix-stream, unix-dgram: Collecting messages from UNIX domain sockets windowsevent: Collecting Windows event logs
Sending and storing log messages — destinations and destination drivers
elasticsearch: Sending messages directly to Elasticsearch version 1.x elasticsearch2: Sending messages directly to Elasticsearch version 2.0 or higher file: Storing messages in plain-text files hdfs: Storing messages on the Hadoop Distributed File System (HDFS) http: Posting messages over HTTP kafka: Publishing messages to Apache Kafka logstore: Storing messages in encrypted files mongodb: Storing messages in a MongoDB database network: Sending messages to a remote log server using the RFC3164 protocol (network() driver) pipe: Sending messages to named pipes program: Sending messages to external applications smtp: Generating SMTP messages (e-mail) from logs Splunk: Sending log messages to Splunk sql: Storing messages in an SQL database syslog: Sending messages to a remote logserver using the IETF-syslog protocol syslog-ng: Forwarding messages and tags to another syslog-ng node tcp, tcp6, udp, udp6: Sending messages to a remote log server using the legacy BSD-syslog protocol (tcp(), udp() drivers) unix-stream, unix-dgram: Sending messages to UNIX domain sockets usertty: Sending messages to a user terminal — usertty() destination
Routing messages: log paths, flags, and filters Global options of syslog-ng PE TLS-encrypted message transfer Reliable Log Transfer Protocol Manipulating messages Parsers and segmenting structured messages Processing message content with a pattern database Correlating log messages Enriching log messages with external data Monitoring statistics and metrics of syslog-ng Multithreading and scaling in syslog-ng PE Troubleshooting syslog-ng Best practices and examples The syslog-ng manual pages About us

Installing syslog-ng on Debian-based platforms


To install syslog-ng on operating systems that use the Debian Software Package (deb) format, complete the following steps. The following supported operating systems use this format:

  • Debian Wheezy

  • Debian Jessie

  • Ubuntu 12.04 LTS (Precise Pangolin)

  • Ubuntu 14.04 LTS (Trusty Tahr)

  • Ubuntu 16.04 LTS (Xenial Xerus)


If you already had syslog-ng Open Source Edition (OSE) installed on the host, and are upgrading to syslog-ng Premium Edition, make sure that the ${SYSLOGNG_OPTIONS} environmental variable does not contain a -p <path-to-pid-file> option. If it does, remove this option from the environmental variable, because it can prevent syslog-ng PE from stopping properly. Typically, the environmental variable is set in the files /etc/default/syslog-ng or /etc/sysconfig/syslog-ng, depending on the operating system you use.

  1. Login to your syslog-ng PE account and download the syslog-ng PE DEB package for your system.

  2. Issue the following command as root:

    dpkg -i syslog-ng-premium-edition-<version>-<OS>-<arch>.deb

  3. Answer the configuration questions of syslog-ng PE. These are described in detail in Installing syslog-ng using the .run installer.

    For information on configuring syslog-ng PE, see the The syslog-ng PE quick-start guide.

Upgrading syslog-ng PE

This section describes the possible upgrade paths of syslog-ng PE.

Upgrading from previous syslog-ng PE versions to 7

Upgrading is supported from the following syslog-ng PE versions:

  • syslog-ng PE 6 LTS (6.0.x)

To upgrade an existing syslog-ng PE installation, see Upgrading to syslog-ng PE 7.

Upgrading to syslog-ng PE 7


To upgrade to syslog-ng PE 7, complete the following steps:

  1. Download the new installer package from the Support Portal. Use the same package type as you used for the installation (for example, use the .run package for the upgrade if you have originally installed syslog-ng PE using a .run installer).

  2. Download the new license file from My License Assets.

  3. Install syslog-ng PE and check the warnings. Upgrade the respective parts of your configuration if needed.

  4. On the host where you are running syslog-ng PE in server mode, replace the old license file with the new one.


    Hazard of data loss! Without the new license file, syslog-ng PE will run in relay mode, and will not store the incoming messages locally.

  5. Set the version of the configuration file to 7.0.9.

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating