The syslog-ng Administrator Guide

Document version: 1.0.20
Release date: April 11, 2008
Latest version available at the BalaBit Documentation Page

3.5. Log paths

Log paths determine what happens with the incoming log messages. Messages coming from the sources listed in the log statement and matching all the filters are sent to the listed destinations.

To define a log path, add a log statement to the syslog-ng configuration file using the following syntax:

log {
    source(s1); source(s2); ... 
    filter(f1); filter(f2); ... 
    destination(d1); destination(d2); ... 
    flags(flag1[, flag2...]); 
    };
[Warning] Warning

Log statements are processed in the order they appear in the configuration file.

[Example] Example 3.6. A simple log statement

The following log statement sends all messages arriving to the localhost to a remote server.

source s_localhost { tcp(ip(127.0.0.1) port(1999) ); };
destination d_tcp { tcp("10.1.2.3" port(1999); localport(999)); };
log { source(s_localhost); destination(d_tcp); };

All matching log statements are processed by default, so a single log message might be sent to the same destination several times, provided the destination is listed in several log statements.

This default behavior can be changed using the flags() parameter. Flags apply to individual log paths; they are not global options. The following flags available in syslog-ng:

For details on the individual flags, see Section 9.3, “Log path flags”. The effect and use of the flow-control flag is detailed in Section 8.3, “Managing incoming and outgoing messages with flow-control”.

[Note] Note

Note that a message goes to every matching destination by default. To change this behavior, use the final flag. See Section 9.3, “Log path flags” for details.

© 2007 BalaBit IT Security
Please send your comments or documentation bugs to: documentation@balabit.com

Prev  Up  Next
3.4. Destinations and destination drivers  Home | Contents  3.6. Filters