3.16. Configuring syslog-ng relays

To configure syslog-ng on a relay host, complete the following steps:

Procedure 3.6. Configuring syslog-ng on relay hosts

Install the syslog-ng application on the host. See Chapter 4, Installing syslog-ng for details installing syslog-ng on specific operating systems.
Configure the network sources that collect the log messages sent by the clients.
Create a network destination that points to the syslog-ng server.
Create a log statement connecting the network sources to the syslog-ng server.
Configure the local sources that collect the log messages of the relay host.
Create a log statement connecting the local sources to the syslog-ng server.

Set filters and options (e.g., TLS encryption) as necessary.

	Note
	By default, the syslog-ng server will treat the relayed messages as if they were created by the relay host, not the host that originally sent them to the relay. In order to use the original hostname on the syslog-ng server, use the `keep_hostname(yes)` option both on the syslog-ng relay and the syslog-ng relay. This option can be set individually for every source if needed.

In relay mode, syslog-ng cannot write messages received from network sources into files; the file() destination is disabled. The following sources are network sources: syslog(), tcp(), tcp6(), udp(), udp6().

	Example 3.53. A simple configuration for relays
The following is a simple configuration file that collects local and incoming log messages and forwards them to a logserver using the IETF-syslog protocol. @version:3.0 options { mark_freq(30); keep_hostname(yes); }; source s_local { unix-stream("/dev/log"); internal(); }; source s_network { syslog(transport(tcp))}; destination d_syslog_tcp { syslog("192.168.1.5" transport("tcp") port(2010) ); }; log { source(s_local); source(s_network); destination(d_syslog_tcp); };

Example 3.53. A simple configuration for relays

The following is a simple configuration file that collects local and incoming log messages and forwards them to a logserver using the IETF-syslog protocol.

@version:3.0
                
                options { 
                mark_freq(30);
                keep_hostname(yes);                
                };
                
                source s_local { unix-stream("/dev/log"); internal(); };
                source s_network { syslog(transport(tcp))};
                
                destination d_syslog_tcp {
                syslog("192.168.1.5" transport("tcp") port(2010)
                );
                };
                
                log { source(s_local); source(s_network); 
                      destination(d_syslog_tcp); };

Prev	Up	Next
3.15. Configuring syslog-ng clients	Home \| Contents	3.17. Configuring syslog-ng servers

The syslog-ng 3.0 Administrator Guide

Document version: Tenth
Release date: January 8, 2010
Latest version available at the BalaBit Documentation Page