The syslog-ng Administrator GuideDocument version: 1.0.20
|
 |
The syslog-ng Administrator GuideDocument version: 1.0.20
|
|
The syslog-ng Premium Edition application has three distinct modes of operation: Client, Server, and Relay. The syslog-ng application running on a host determines the mode of operation automatically based on the license and the configuration file.
![[Note]](./note.png) |
Note |
|---|---|
Microsoft Windows based hosts can run only the syslog-ng agent. The syslog-ng agent operates only in client mode. |
In client mode, syslog-ng collects the local logs generated by the host and forwards them through a network connection to the central syslog-ng server or to a relay. Clients can also log the messages locally into files.
No license file is required to run syslog-ng in client mode.
In relay mode, syslog-ng receives logs through the network from syslog-ng clients and forwards them to the central syslog-ng server using a network connection. Relays can also log the messages from the relay host into a local file, or forward these messages to the central syslog-ng server.
Relays cannot write messages received from the network into local files, only buffer the messages to the hard disk when disk-based buffering is used.
No license file is required to run syslog-ng in relay mode.
In server mode, syslog-ng acts as a central log-collecting server. It receives messages from syslog-ng clients and relays over the network, and stores them locally in files, or passes them to other applications, e.g., log analyzers.
Running syslog-ng Premium Edition in server mode requires a license file. The license determines how many individual hosts can connect to the server.
Running syslog-ng Open Source Edition in server mode does not require a license file.
© 2007 BalaBit IT Security
Please send your comments or documentation bugs to: documentation@balabit.com
