3
/etc/syslog-ng/syslog-ng.conf - syslog-ng configuration file
7
The configuration file for \fBsyslog-ng\fP
9
A message route in syslog-ng is made up from three parts: a source,
10
a destination and filtering rules.
14
You can declare source statements using the "source" keyword:
16
source <sourcename> { sourcedriver params; sourcedriver params; ... };
18
Sourcename is an identifier you'll use to refer to this group of messages.
19
Sourcedriver is a method of getting a given message. The following drivers
22
* file <filename> - reads messages from the given file
24
* unix-dgram <filename> - reads messages from the given AF_UNIX, SOCK_DGRAM socket (BSDi style)
26
* unix-stream <filename> - reads messages from the given AF_UNIX, SOCK_STREAM socket (Linux style)
28
* udp <ip>,<port> - network source using the UDP protocol. If you do not want to bind to a specific interface use 0.0.0.0.
30
* tcp <ip>,<port> - network source using the TCP protocol.
32
* sun-streams <filename> - local source used on Solaris systems
36
Destinations can be created using the destination keyword:
38
destination <destname> { destdriver params; destdriver params; ... ; };
40
* file <filename> - writes messages to the given file
42
* unix-dgram <filename> - writes messages to the given AF_UNIX, SOCK_DGRAM socket (BSDi style)
44
* unix-stream <filename> - writes messages to the given AF_UNIX, SOCK_STREAM socket (Linux style)
46
* udp <ip>,<port> - network destination using the UDP protocol
48
* tcp <ip>,<port> - network destination using the TCP protocol
50
* usertty <username> - sends log to the given user's terminal
54
You can create filters using the filter keyword:
56
filter <filtername> { expression; };
58
Where expression is a simple boolean expression. You can use "and", "or"
59
and "not" to connect builtin functions. Functions can be one of:
61
* facility(list of comma seperated facility names)
63
* level(list of comma seperated priority nammes OR a range separated by "..")
65
* program(regexp to match program name)
67
* host(regexp to match hostname)
69
* match(regexp to match message)
73
You can connect sources and destinations using the log statement:
75
log { source S1; source S2; ... filter F1; filter F2; ... destination D1; destination D2; ... };
77
Where Sx refers to one of the declared log sources, Fx one of the filters and
78
Dx one of the destinations.
80
Filters are ANDed together.
84
You can specify several global options to syslog-ng in the options statement:
86
options { opt1; opt2; ... };
88
Where an option can be any of the following:
92
.B chain_hostnames(yes|no)
93
Enable or disable the chained hostname format.
96
.B long_hostnames(yes|no)
97
This is a deprecated alias for chain_hostnames().
100
.B keep_hostname(yes|no)
101
Specifies whether to trust hostname as it is included in the log message. If
102
keep_hostname is yes and there is a hostname in the message it is not
103
touched, otherwise it is always rewritten based on the information where the
104
message was received from.
108
Enable or disable DNS usage. syslog-ng blocks on DNS queries, so
109
enabling DNS may lead to a Denial of Service attack. To prevent DoS,
110
protect your syslog-ng network endpoint with firewall rules, and make
111
sure that all hosts, which may get to syslog-ng is resolvable.
115
Add Fully Qualified Domain Name instead of short hostname.
118
.B check_hostname(yes|no)
119
Enable or disable whether the hostname contains valid characters.
122
.B bad_hostname(regex)
123
A regexp which matches hostnames which should not be taken as such.
127
Enable or disable DNS cache usage.
130
.B dns_cache_expire(n)
131
Number of seconds while a successful lookup is cached.
134
.B dns_cache_expire_failed(n)
135
Number of seconds while a failed lookup is cached.
139
Number of hostnames in the DNS cache.
142
.B create_dirs(yes|no)
143
Enable or disable directory creation for destination files.
155
Permission value (octal mask).
159
User id for created files.
163
Group id for created files.
167
Permission value for created files.
170
.B gc_busy_threshold(n)
171
Sets the threshold value for the garbage collector, when syslog-ng is
172
busy. GC phase starts when the number of allocated objects reach this
173
number. Default: 3000.
176
.B gc_idle_threshold(n)
177
Sets the threshold value for the garbage collector, when syslog-ng is
178
idle. GC phase starts when the number of allocated objects reach this
179
number. Default: 100.
183
The number of lines fitting to the output queue. An output queue is present
184
for all destinations.
188
Maximum length of message in bytes (NOTE: some syslogd implementations have
189
a fixed limit of 1024 characters).
193
The number of seconds between two MARK lines.
194
NOTE: not implemented yet.
198
The number of seconds between two STATS messages.
202
The number of lines buffered before written to file
203
(can be overridden locally).
207
The time to wait before an idle destination file is closed.
211
The time to wait before a died connection is reestablished.
214
.B use_time_recvd(yes|no)
215
This variable is used only for macro expansion where the meaning of the time
216
specific macros depend on this setting, however as there are separate macros
217
for referring to the received timestamp (R_ macros) and the log message timestamp (S_),
218
so using this value is not recommended.
221
/etc/syslog-ng/syslog-ng.conf
223
syslog-ng and this file is Copyright (c) 1999-2004 BalaBit IT Ltd, portions
224
were contributed by Jose Pedro Oliveira.
227
syslog-ng(8), syslogd(8)
added
removed
doc/syslog-ng.conf.5
