The syslog-ng 3.0 Administrator GuideDocument version: Fourth
|
 |
The syslog-ng 3.0 Administrator GuideDocument version: Fourth
|
|
The following options can be specified in the options statement, as described in Section 3.10, “Configuring global syslog-ng options”.
| Name | Accepted values | Default | Description |
|---|---|---|---|
| bad_hostname() | regular expression | no | A regexp containing hostnames which should not be handled as hostnames. |
| chain_hostnames() | yes or no | no | Enable or disable the chained hostname format. |
| check_hostname() | yes or no | no | Enable or disable checking whether the hostname contains valid characters. |
| create_dirs() | yes or no | no | Enable or disable directory creation for destination files. |
| dir_group() | groupid | root | The default group for newly created directories. |
| dir_owner() | userid | root | The default owner of newly created directories. |
| dir_perm() | permission value | 0700 | The default permission for newly created directories. |
| dns_cache() | yes or no | yes | Enable or disable DNS cache usage. |
| dns_cache_expire() | number | 3600 | Number of seconds while a successful lookup is cached. |
| dns_cache_expire_failed() | number | 60 | Number of seconds while a failed lookup is cached. |
| dns_cache_hosts() | filename | unset | Name of a file in /etc/hosts format that
contains static IP->hostname mappings. Use this option to resolve
hostnames locally without using a DNS. Note that any change to this file
triggers a reload in syslog-ng and is instantaneous. |
| dns_cache_size() | number | 1007 | Number of hostnames in the DNS cache. |
| frac_digits() | number | 0 | The syslog-ng application can store fractions of a second in the
timestamps according to the ISO8601 format. The
frac_digits() parameter specifies the number of
digits stored. The digits storing the fractions are padded by zeros if
the original timestamp of the message specifies only seconds. Fractions
can always be stored for the received time of the messages. |
| flush_lines() | number | 0 | Specifies how many lines are flushed to a destination at a time.
Syslog-ng waits for this number of lines to accumulate and sends them
off in a single batch. Setting this number high increases throughput as
fully filled frames are sent to the network, but also increases message
latency. The latency can be limited by the use of the
flush_timeout option. |
| flush_timeout() | time in milliseconds | 10000 | Specifies the time syslog-ng waits for lines to accumulate in its
output buffer. See the flush_lines() option for
more information. |
| group() | groupid | root | The default group of output files. By default, syslog-ng changes the
privileges of accessed files (e.g., /dev/null) to
root.root 0600. To disable modifying
privileges, use this option with the -1
value. |
| keep_hostname() | yes or no | no | Enable or disable hostname rewriting. Enable this option to use hostname-related macros. This option can be specified globally, and per-source as well. The local setting of the source overrides the global option if available. |
| keep_timestamp() | yes or no | yes | Specifies whether syslog-ng should accept the timestamp received from the sending application or client. If disabled, the time of reception will be used instead. This option can be specified globally, and per-source as well. The local setting of the source overrides the global option if available. |
| log_fifo_size() | number | 100 | The number of lines fitting to the output queue |
| log_msg_size() | number | 8192 | Maximum length of a message in bytes. |
| normalize_hostnames() | yes or no | no | Normalize hostnames, which currently translates to converting them to lower case. (requires 1.9.9) |
| owner() | userid | root | The default owner of output files. By default, syslog-ng changes the
privileges of accessed files (e.g., /dev/null) to
root.root 0600. To disable modifying
privileges, use this option with the -1
value. |
| mark() | number | 1200 | An alias for the obsolete mark_freq() option,
retained for compatibility with syslog-ng version 1.6.x. |
| mark_freq() | number | 1200 | The number of seconds between two MARK
messages. MARK messages are generated when there
was no message traffic to inform the receiver that the connection is
still alive. Note that only local messages postpone the sending of the
MARK message, relayed messages do not. If set
to zero (0), no MARK
messages are sent. |
| perm() | permission value | 0600 | The default permission for output files. By default, syslog-ng
changes the privileges of accessed files (e.g.,
/dev/null) to root.root
0600. To disable modifying privileges, use this option with
the -1 value. |
| recv_time_zone() | time offset (e.g.: +03:00) |
local timezone | Specifies the time zone associated with the incoming messages, if not specified otherwise in the message or in the source driver. See also Section 2.5, “Timezone handling” and Section 7.7, “A note on timezones and timestamps” for details. |
| send_time_zone() | time offset (e.g.: +03:00) |
local timezone | Specifies the time zone associated with the messages sent by syslog-ng, if not specified otherwise in the message or in the destination driver. See Section 2.5, “Timezone handling” for details. |
| stats_freq() | number | 600 | The period between two STATS messages in seconds. STATS are log messages sent by syslog-ng, containing statistics about dropped log messages. |
| sync() or sync_freq() (DEPRECATED) | number | 0 | Obsolete aliases for flush_lines()
|
| time_reap() | number | 60 | The time to wait in seconds before an idle destination file is closed. |
| time_reopen() | number | 60 | The time to wait in seconds before a dead connection is reestablished. |
| time_sleep() | number | 0 | The time to wait in milliseconds between each invocation of the
poll() iteration. |
| ts_format() | rfc3164, bsd, rfc3339, iso | rfc3164 | Specifies the timestamp format used when syslog-ng itself formats a
timestamp and nothing else specifies a format (e.g.:
STAMP macros, internal messages, messages without
original timestamps). See also Section 7.7, “A note on timezones and timestamps”. |
| use_dns() | yes, no, persist_only | yes | Enable or disable DNS usage. The persist_only option attempts to resolve hostnames locally from file (e.g., from/etc/hosts). syslog-ng blocks on DNS queries, so
enabling DNS may lead to a Denial of Service attack. To prevent DoS, protect
your syslog-ng network endpoint with firewall rules, and make sure that all
hosts which may get to syslog-ng are resolvable. This option can be
specified globally, and per-source as well. The local setting of the source
overrides the global option if available. |
| use_fqdn() | yes or no | no | Add Fully Qualified Domain Name instead of short hostname. This option can be specified globally, and per-source as well. The local setting of the source overrides the global option if available. |
| use_time_recvd() (DEPRECATED) | yes or no | no |
This option controls how the time related macros are expanded in
filename and content templates. If set to yes, then the non-prefixed
versions of the time related macros (e.g.:
NOTE: The timestamps in the messages are generated by the originating host and might not be accurate. This option is deprecated as many users assumed that it controls
the timestamp as it is written to logfiles/destinations, which is
not the case. To change how messages are formatted, specify a
content-template referring to the appropriate prefixed
( |
Table 8.23. List of global options supported in syslog-ng
© 2007-2008 BalaBit IT Security
Please send your comments or documentation bugs to: documentation@balabit.com