3.1. The syslog-ng configuration file

The syslog-ng application is configured by editing the syslog-ng.conf file. Use any regular text editor application to modify the file. The precompiled syslog-ng packages include sample configuration files as well.

Every syslog-ng configuration file must begin with a line containing the version information of syslog-ng. For syslog-ng version 3.0, this line looks like:

@version:3.0

Versioning the configuration file was introduced in syslog-ng 3.0. If the configuration file does not contain the version information, syslog-ng assumes that the file is for syslog-ng version 2.x. In this case it interprets the configuration and sends warnings about the parts of the configuration that should be updated. Version 3.0 and later will correctly operate with configuration files of version 2.x, but the default values of certain parameters have changed since 3.0.

All identifiers, option names and attributes, and any other strings used in the syslog-ng configuration file are case sensitive. Objects must be defined before they are referenced in another statement.

Example 3.1. A simple configuration file

	Example 3.1. A simple configuration file
The following is a very simple configuration file for syslog-ng: it collects the internal messages of syslog-ng and the messages from `/dev/log` into the `/var/log/messages_syslog-ng.log` file. @version:3.0 source s_local { unix-stream("/dev/log"); internal(); }; destination d_file_normal {file("/var/log/messages_syslog-ng.log"); }; log { source(s_local); destination(d_file); };

The following is a very simple configuration file for syslog-ng: it collects the internal messages of syslog-ng and the messages from /dev/log into the /var/log/messages_syslog-ng.log file.

@version:3.0
                
source s_local { unix-stream("/dev/log"); internal(); };

destination d_file_normal {file("/var/log/messages_syslog-ng.log"); };

log { source(s_local); destination(d_file); };

	Tip
Before activating a new configuration, check that your configuration file is syntactically correct using the syslog-ng --syntax-only command. To activate the configuration, reload the configuration of syslog-ng using the /etc/init.d/syslog-ng reload command.

Tip

Before activating a new configuration, check that your configuration file is syntactically correct using the syslog-ng --syntax-only command.

To activate the configuration, reload the configuration of syslog-ng using the /etc/init.d/syslog-ng reload command.

The syslog-ng.conf and license.txt files are located under the /opt/syslog-ng/etc/ directory.

	Note
	Earlier versions of syslog-ng PE stored the configuration and license files under different directories, depending on the platform; typically under `/etc/syslog-ng/`.

On Microsoft Windows platforms the syslog-ng agent stores its configuration in the system registry, and can be configured from a graphical interface. See Chapter 5, Collecting logs from Windows hosts for details.

Prev	Up	Next
Chapter 3. Configuring syslog-ng	Home \| Contents	3.1.1. Including configuration files

The syslog-ng 3.0 Administrator Guide

Document version: Thirteenth
Release date: September 23, 2010
Latest version available at the BalaBit Documentation Page