The syslog-ng Open Source Edition 3.1 Administrator Guide
Table of Contents
- Preface
- 1. Summary of contents
- 2. Target audience and prerequisites
- 3. Products covered in this guide
- 4. Typographical conventions
- 5. Contact and support information
- 5.1. Sales contact
- 5.2. Support contact
- 5.3. Training
- 6. About this document
- 6.1. What is new in this main edition of The syslog-ng Administrator Guide?
- 6.2. Feedback
- 6.3. Acknowledgments
- 1. Introduction to syslog-ng
- 1.1. What syslog-ng is
- 1.2. What syslog-ng is not
- 1.3. Why is syslog-ng needed?
- 1.4. What is new in syslog-ng Open Source Edition 3.1?
- 1.5. Who uses syslog-ng?
- 1.6. Supported platforms
- 2. The concepts of syslog-ng
- 2.1. The philosophy of syslog-ng
- 2.2. Logging with syslog-ng
- 2.2.1. The route of a log message in syslog-ng
- 2.2.2. Embedded log statements
- 2.3. Modes of operation
- 2.3.1. Client mode
- 2.3.2. Relay mode
- 2.3.3. Server mode
- 2.4. Global objects
- 2.5. Timezone handling
- 2.6. Daylight saving changes
- 2.7. Secure logging using TLS
- 2.8. Formatting messages, filenames, directories, and tablenames
- 2.9. Segmenting messages
- 2.10. Modifying messages
- 2.11. Classifying log messages
- 2.11.1. The structure of the pattern database
- 2.11.2. How pattern matching works
- 2.11.3. Artificial ignorance
- 2.12. Managing incoming and outgoing messages with flow-control
- 2.12.1. Flow-control and multiple destinations
- 2.13. Stable and feature releases of syslog-ng OSE
- 2.14. High availability support
- 2.15. Possible causes of losing log messages
- 2.16. The structure of a log message
- 2.16.1. BSD-syslog or legacy-syslog messages
- 2.16.2. IETF-syslog messages
- 3. Installing syslog-ng
- 3.1. Installing syslog-ng using the .run installer
- 3.1.1. Installing syslog-ng in client or relay mode
- 3.1.2. Installing syslog-ng in server mode
- 3.1.3. Installing syslog-ng without user-interaction
- 3.2. Installing syslog-ng on RPM-based platforms (Red Hat, SUSE, AIX)
- 3.2.1. Installing syslog-ng on RPM-based systems
- 3.3. Installing syslog-ng on Debian-based platforms
- 3.3.1. Installing syslog-ng on Debian-based systems
- 3.4. Compiling syslog-ng from source
- 3.4.1. Compiling syslog-ng from source
- 3.5. Uninstalling syslog-ng
- 3.6. Configuring Microsoft SQL Server to accept logs from syslog-ng
- 3.6.1. Configuring Microsoft SQL Server to accept logs from syslog-ng
- 4. Configuring syslog-ng
- 4.1. The syslog-ng configuration file
- 4.1.1. Including configuration files
- 4.2. Defining global objects
- 4.2.1. Notes about the configuration syntax
- 4.3. Sources and source drivers
- 4.3.1. Collecting internal messages
- 4.3.2. Collecting messages from text files
- 4.3.3. Collecting messages from named pipes
- 4.3.4. Collecting messages on Sun Solaris
- 4.3.5. Collecting messages using the IETF syslog protocol
- 4.3.6. Collecting messages from remote hosts using the BSD syslog protocol
- 4.3.7. Collecting messages from UNIX domain sockets
- 4.4. Destinations and destination drivers
- 4.4.1. Storing messages in plain-text files
- 4.4.2. Sending messages to named pipes
- 4.4.3. Sending messages to external applications
- 4.4.4. Storing messages in an SQL database
- 4.4.5. Sending messages to a remote logserver using the IETF-syslog protocol
- 4.4.6. Sending messages to a remote logserver using the legacy BSD-syslog protocol
- 4.4.7. Sending messages to UNIX domain sockets
- 4.4.8. usertty()
- 4.5. Log paths
- 4.5.1. Using embedded log statements
- 4.5.2. Configuring flow-control
- 4.6. Filters
- 4.6.1. Using filters
- 4.6.2. Optimizing regular expressions in filters
- 4.6.3. Tagging messages
- 4.7. Templates and macros
- 4.8. Parsing messages
- 4.9. Classifying messages
- 4.9.1. Downloading sample pattern databases
- 4.9.2. Using parser results in filters and templates
- 4.10. Rewriting messages
- 4.11. Configuring global syslog-ng options
- 4.12. Encrypting log messages with TLS
- 4.12.1. Configuring TLS on the syslog-ng clients
- 4.12.2. Configuring TLS on the syslog-ng server
- 4.13. Mutual authentication using TLS
- 4.13.1. Configuring TLS on the syslog-ng clients
- 4.13.2. Configuring TLS on the syslog-ng server
- 4.14. Configuring syslog-ng clients
- 4.14.1. Configuring syslog-ng on client hosts
- 4.15. Configuring syslog-ng relays
- 4.15.1. Configuring syslog-ng on relay hosts
- 4.16. Configuring syslog-ng servers
- 4.16.1. Configuring syslog-ng on server hosts
- 4.17. Troubleshooting syslog-ng
- 4.17.1. Creating syslog-ng core files
- 4.17.2. Running a failure script
- 4.17.3. Stopping syslog-ng
- 5. Best practices and examples
- 5.1. General recommendations
- 5.2. Handling lots of parallel connections
- 5.3. Handling large message load
- 5.4. Using name resolution in syslog-ng
- 5.4.1. Resolving hostnames locally
- 5.5. Collecting logs from chroot
- 5.5.1. Collecting logs from chroot
- 5.6. Replacing klogd on Linux
- 5.6.1. Replacing klogd on Linux
- 5.7. A note on timezones and timestamps
- 5.8. Dropping messages
- 6. Reference
- 6.1. Source drivers
- 6.1.1. internal()
- 6.1.2. file()
- 6.1.3. pipe()
- 6.1.4. program()
- 6.1.5. sun-streams() driver
- 6.1.6. syslog()
- 6.1.7. tcp(), tcp6(), udp() and udp6()
- 6.1.8. unix-stream() and unix-dgram()
- 6.2. Destination drivers
- 6.2.1. file()
- 6.2.2. pipe()
- 6.2.3. program()
- 6.2.4. sql()
- 6.2.5. syslog()
- 6.2.6. tcp(), tcp6(), udp(), and udp6()
- 6.2.7. unix-stream() & unix-dgram()
- 6.2.8. usertty()
- 6.3. Log path flags
- 6.4. Filter functions
- 6.4.1. Using regular expressions in filters
- 6.5. Macros
- 6.6. Message parsers
- 6.6.1. CSV parsers
- 6.6.2. Pattern databases
- 6.7. Rewriting messages
- 6.8. Regular expressions
- 6.9. Global options
- 6.10. TLS options
- Appendix 1. The syslog-ng manual pages
-
syslog-ng — syslog-ng system logger application
-
syslog-ng.conf — syslog-ng configuration file
-
pdbtool — An application to test and convert syslog-ng pattern database rules
-
loggen — Generate syslog messages at a specified rate
-
syslog-ng-ctl — Display message statistics and enable verbose, debug and trace modes in syslog-ng Open Source Edition
- Appendix 2. GNU General Public License
- 2.1. Preamble
- 2.2. TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
- 2.2.1. Section 0
- 2.2.2. Section 1
- 2.2.3. Section 2
- 2.2.4. Section 3
- 2.2.5. Section 4
- 2.2.6. Section 5
- 2.2.7. Section 6
- 2.2.8. Section 7
- 2.2.9. Section 8
- 2.2.10. Section 9
- 2.2.11. Section 10
- 2.2.12. NO WARRANTY Section 11
- 2.2.13. Section 12
- 2.3. How to Apply These Terms to Your New Programs
- Appendix 3. Deprecated pattern database schemes
- 3.1. The syslog-ng pattern database format V1
- 3.2. The syslog-ng pattern database format V2
- Appendix 4. Creative Commons Attribution Non-commercial No Derivatives (by-nc-nd) License
- Glossary
- List of syslog-ng OSE parameters
- Index
© 2007-2010 BalaBit IT Security
Please send your comments or documentation bugs to: documentation@balabit.com
