2
.\" Title: syslog-ng.conf
3
.\" Author: [see the "Author" section]
4
.\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/>
6
.\" Manual: The syslog-ng.conf manual page
7
.\" Source: syslog-ng 3.2
10
.TH "SYSLOG\-NG\&.CONF" "5" "06/30/2010" "syslog\-ng" "The syslog-ng.conf manual page"
11
.\" -----------------------------------------------------------------
12
.\" * set default formatting
13
.\" -----------------------------------------------------------------
14
.\" disable hyphenation
16
.\" disable justification (adjust text to left margin only)
18
.\" -----------------------------------------------------------------
19
.\" * MAIN CONTENT STARTS HERE *
20
.\" -----------------------------------------------------------------
22
syslog-ng.conf \- syslog\-ng configuration file
24
.HP \w'\fBsyslog\-ng\&.conf\fR\ 'u
25
\fBsyslog\-ng\&.conf\fR
28
This manual page is only an abstract; for the complete documentation of syslog\-ng, see
29
\m[blue]\fBThe syslog\-ng Administrator Guide\fR\m[]\&\s-2\u[2]\d\s+2\&.
31
The syslog\-ng application is a flexible and highly scalable system logging application\&. Typically, syslog\-ng is used to manage log messages and implement centralized logging, where the aim is to collect the log messages of several devices on a single, central log server\&. The different devices \- called syslog\-ng clients \- all run syslog\-ng, and collect the log messages from the various applications, files, and other
32
\fIsources\fR\&. The clients send all important log messages to the remote syslog\-ng server, where the server sorts and stores them\&.
34
The syslog\-ng application reads incoming messages and forwards them to the selected
35
\fIdestinations\fR\&. The syslog\-ng application can receive messages from files, remote hosts, and other
38
Log messages enter syslog\-ng in one of the defined sources, and are sent to one or more
41
Sources and destinations are independent objects;
43
define what syslog\-ng does with a message, connecting the sources to the destinations\&. A log path consists of one or more sources and one or more destinations; messages arriving to a source are sent to every destination listed in the log path\&. A log path defined in syslog\-ng is called a
44
\fIlog statement\fR\&.
46
Optionally, log paths can include
47
\fIfilters\fR\&. Filters are rules that select only certain messages, for example, selecting only messages sent by a specific application\&. If a log path includes filters, syslog\-ng sends only the messages satisfying the filter rules to the destinations set in the log path\&.
48
.SH "CONFIGURING SYSLOG-NG"
50
Global objects (for example sources, destinations, log paths, or filters) are defined in the syslog\-ng configuration file\&. Object definitions consist of the following elements:
60
\fIType of the object\fR: One of
79
\fIIdentifier of the object\fR: A unique name identifying the object\&. When using a reserved word as an identifier, enclose the identifier in quotation marks\&.
85
.nr an-no-space-flag 1
92
Use identifiers that refer to the type of the object they identify\&. For example, prefix source objects with
93
\fIs_\fR, destinations with
94
\fId_\fR, and so on\&.
107
\fIParameters\fR: The parameters of the object, enclosed in braces
108
\fI{parameters}\fR\&.
119
\fISemicolon\fR: Object definitions end with a semicolon (\fI;\fR)\&.
122
The syntax is summarized as follows:
124
The syntax of log statements is as follows:
131
source(s1); source(s2); \&.\&.\&.
132
optional_element(filter1|parser1|rewrite1); optional_element(filter2|parser2|rewrite2);\&.\&.\&.
133
destination(d1); destination(d2); \&.\&.\&.
134
flags(flag1[, flag2\&.\&.\&.]);
141
The following log statement sends all messages arriving to the localhost to a remote server\&.
147
source s_localhost { tcp(ip(127\&.0\&.0\&.1) port(1999) ); };
148
destination d_tcp { tcp("10\&.1\&.2\&.3" port(1999); localport(999)); };
149
log { source(s_localhost); destination(d_tcp); };
155
The syslog\-ng application has a number of global options governing DNS usage, the timestamp format used, and other general points\&. Each option may have parameters, similarly to driver specifications\&. To set global options, add an option statement to the syslog\-ng configuration file using the following syntax:
161
options { option1(params); option2(params); \&.\&.\&. };
167
The sources, destinations, and filters available in syslog\-ng are listed below\&. For details, see
168
\m[blue]\fBThe syslog\-ng Administrator Guide\fR\m[]\&\s-2\u[2]\d\s+2\&.
171
.nr an-no-space-flag 1
174
.B Table\ \&1.\ \&Source drivers available in syslog-ng
197
Messages generated internally in syslog\-ng\&.
202
Opens the specified file and reads messages\&.
207
Opens the specified named pipe and reads messages\&.
212
Opens the specified application and reads messages from its standard output\&.
215
sun\-stream(), sun\-streams()
217
Opens the specified \fISTREAMS\fR device on Solaris systems and reads incoming messages\&.
222
Listens for incoming messages using the new IETF\-standard syslog protocol\&.
227
Listens on the specified TCP port for incoming messages using the BSD\-syslog protocol over IPv4 and IPv6 networks, respectively\&.
232
Listens on the specified UDP port for incoming messages using the BSD\-syslog protocol over IPv4 and IPv6 networks, respectively\&.
237
Opens the specified unix socket in \fISOCK_DGRAM\fR mode and listens for incoming messages\&.
242
Opens the specified unix socket in \fISOCK_STREAM\fR mode and listens for incoming messages\&.
248
.nr an-no-space-flag 1
251
.B Table\ \&2.\ \&Destination drivers available in syslog-ng
275
Writes messages to the specified file\&.
280
Writes messages to the specified named pipe\&.
285
Forks and launches the specified program, and sends messages to its standard input\&.
290
Sends messages into an SQL database\&. In addition to the standard syslog\-ng packages, the \fIsql()\fR destination requires database\-specific packages to be installed\&. Refer to the section appropriate for your platform in ???\&.
295
Sends messages to the specified remote host using the IETF\-syslog protocol\&. The IETF standard supports message transport using the UDP, TCP, and TLS networking protocols\&.
300
Sends messages to the specified TCP port of a remote host using the BSD\-syslog protocol over IPv4 and IPv6, respectively\&.
305
Sends messages to the specified UDP port of a remote host using the BSD\-syslog protocol over IPv4 and IPv6, respectively\&.
310
Sends messages to the specified unix socket in \fISOCK_DGRAM\fR style (BSD)\&.
315
Sends messages to the specified unix socket in \fISOCK_STREAM\fR style (Linux)\&.
320
Sends messages to the terminal of the specified user, if the user is logged in\&.
327
@expanded_sysconfdir@/syslog\-ng\&.conf
334
\m[blue]\fBThe syslog\-ng Administrator Guide\fR\m[]\&\s-2\u[2]\d\s+2
336
If you experience any problems or need help with syslog\-ng, visit the
337
\m[blue]\fBsyslog\-ng mailing list\fR\m[]\&\s-2\u[3]\d\s+2
339
For news and notifications about the documentation of syslog\-ng, visit the
340
\m[blue]\fBBalaBit Documentation Blog\fR\m[]\&\s-2\u[4]\d\s+2\&.
343
This manual page was written by the BalaBit Documentation Team <documentation@balabit\&.com>\&.
346
Copyright \(co 2000\-2009 BalaBit IT Security Ltd\&. Published under the Creative Commons Attribution\-Noncommercial\-No Derivative Works (by\-nc\-nd) 3\&.0 license\&. See
347
\m[blue]\fBhttp://creativecommons\&.org/\fR\m[]
348
for details\&. The latest version is always available at
349
\m[blue]\fBhttp://www\&.balabit\&.com/support/documentation\fR\m[]\&.
352
official syslog-ng website
354
\%http://www.balabit.com/network-security/syslog-ng/
357
The syslog-ng Administrator Guide
359
\%http://www.balabit.com/support/documentation/
362
syslog-ng mailing list
364
\%https://lists.balabit.hu/mailman/listinfo/syslog-ng
367
BalaBit Documentation Blog
369
\%http://robert.blogs.balabit.com