The syslog-ng application is a flexible and highly scalable system logging application that is ideal for creating centralized and trusted logging solutions.
Typically, syslog-ng is used to manage log messages and implement centralized logging, where the aim is to collect the log messages of several devices on a single, central log server. The different devices — called syslog-ng clients — all run syslog-ng, and collect the log messages from the various applications, files, and other sources. The clients send all important log messages to the remote syslog-ng server, which sorts and stores them.
The syslog-ng Premium Edition application has three
Figure 1: Client-mode operation
In client mode, syslog-ng collects the local logs generated by the host and forwards them through a network connection to the central syslog-ng server or to a relay. Clients often also log the messages locally into files.
No license file is required to run syslog-ng in client mode.
Figure 2: Relay-mode operation
In relay mode, syslog-ng receives logs through the network from syslog-ng clients and forwards them to the central syslog-ng server using a network connection. Relays also log the messages from the relay host into a local file, or forward these messages to the central syslog-ng server.
You cannot use the following destinations in relay mode: elasticsearch(), elasticsearch2(), hdfs(), kafka(), mongodb(), pipe(), smtp(), sql(). The file() and logstore() destinations work only for local messages that are generated on the relay.
No license file is required to run syslog-ng in relay mode.