3.17. Configuring syslog-ng servers

To configure syslog-ng on a server host, complete the following steps:

Procedure 3.17.1. Configuring syslog-ng on server hosts

Install the syslog-ng application on the host. See Chapter 4, Installing syslog-ng for details installing syslog-ng on specific operating systems.
Configure the network sources that collect the log messages sent by the clients and relays.
Create local destinations that will store the log messages, e.g., files or programs.
Create a log statement connecting the network sources to the local destinations.
Configure the local sources that collect the log messages of the syslog-ng server.
Create a log statement connecting the local sources to the local destinations.

Set filters, options (e.g., TLS encryption) and other advanced features as necessary.

	Note
	By default, the syslog-ng server will treat the relayed messages as if they were created by the relay host, not the host that originally sent them to the relay. In order to use the original hostname on the syslog-ng server, use the `keep_hostname(yes)` option both on the syslog-ng relay and the syslog-ng relay. This option can be set individually for every source if needed.

	Example 3.54. A simple configuration for servers
The following is a simple configuration file for syslog-ng Premium Edition that collects incoming log messages and stores them in a logstore file. @version:3.0 options { time_reap(30); mark_freq(10); keep_hostname(yes); }; source s_local { unix-stream("/dev/log"); internal();}; source s_network { syslog(transport(tcp))}; destination d_logstore { logstore( "/var/log/syslog-ng-pe/out/logstore.lgs" encrypt_certificate("/opt/syslog-ng/etc/kulcsok/public-certificate.pem") chunk_size(10000) chunk_time(1) compress(2) owner("root") group("root") perm(0777) ); }; log { source(s_local); source(s_network); destination(d_logstore); };

Example 3.54. A simple configuration for servers

The following is a simple configuration file for syslog-ng Premium Edition that collects incoming log messages and stores them in a logstore file.

@version:3.0
    options { 
        time_reap(30);
        mark_freq(10);
        keep_hostname(yes);
        };
                
    source s_local { unix-stream("/dev/log"); internal();};                
    source s_network { syslog(transport(tcp))};
                
    destination d_logstore { 
        logstore(
            "/var/log/syslog-ng-pe/out/logstore.lgs"
            encrypt_certificate("/opt/syslog-ng/etc/kulcsok/public-certificate.pem")			
            chunk_size(10000) 
            chunk_time(1)
            compress(2)
            owner("root")
            group("root")
            perm(0777)
            ); };
                
    log { source(s_local); source(s_network); destination(d_logstore); };

Prev	Up	Next
3.16. Configuring syslog-ng relays	Home \| Contents	3.18. Installing and upgrading the license

The syslog-ng 3.0 Administrator Guide

Document version: Thirteenth
Release date: September 23, 2010
Latest version available at the BalaBit Documentation Page

3.17. Configuring syslog-ng servers

The syslog-ng 3.0 Administrator Guide Document version: Thirteenth Release date: September 23, 2010 Latest version available at the BalaBit Documentation Page
Previous \| Up \| Home \| Contents \| Index \| Glossary \| Next

The syslog-ng 3.0 Administrator Guide

Document version: ThirteenthRelease date: September 23, 2010Latest version available at the BalaBit Documentation Page

3.17. Configuring syslog-ng servers

Document version: Thirteenth
Release date: September 23, 2010
Latest version available at the BalaBit Documentation Page