The syslog-ng 3.0 Administrator Guide

The syslog() driver sends messages to a remote host (e.g., a syslog-ng server or relay) on the local intranet or internet using the new standard syslog protocol developed by IETF (see Section 2.19.2, “IETF-syslog messages” for details about the new protocol). The protocol supports sending messages using the UDP, TCP, or the encrypted TLS networking protocols.

The required arguments of the driver are the address of the destination host (where messages should be sent). The transport method (networking protocol) is optional, syslog-ng uses the TCP protocol by default. For the list of available optional parameters, see Section 8.2.6, “syslog()”.

Declaration:
                syslog(host transport [options]);

	Note
	Note that the syslog destination driver has required parameters, while the source driver defaults to the local bind address, and every parameter is optional.

The udp transport method automatically sends multicast packets if a multicast destination address is specified. The tcp and tls methods do not support multicasting.

	Note
	The default ports for the different transport protocols are as follows: UDP — 514; TLS — 6514.

Example 3.25. Using the syslog() driver

destination d_tcp { syslog(ip("10.1.2.3") transport("tcp") port(1999) localport(999)); }; If name resolution is configured, the hostname of the target server can be used as well. destination d_tcp { syslog(ip("target_host") transport("tcp") port(1999) localport(999)); }; Send the log messages using TLS encryption and use mutual authentication. See Section 8.10, “TLS options” for details on the encryption and authentication options. destination d_syslog_tls{ syslog("10.100.20.40" transport("tls") port(6514) tls(peer-verify(required-trusted) ca_dir('/opt/syslog-ng/etc/syslog-ng/keys/ca.d/') key_file('/opt/syslog-ng/etc/syslog-ng/keys/client_key.pem') cert_file('/opt/syslog-ng/etc/syslog-ng/keys/client_certificate.pem')) );};