The syslog-ng 3.0 Administrator Guide

Document version: Thirteenth
Release date: September 23, 2010
Latest version available at the BalaBit Documentation Page

3.3.5. Collecting messages using the IETF syslog protocol

The syslog() driver enables to receive messages from the network using the new standard syslog protocol and message format (also called IETF-syslog protocol; described in RFC 5424-28, see Section 2.19.2, “IETF-syslog messages”). UDP, TCP, and TLS-encrypted TCP can all be used to transport the messages.

For the list of available optional parameters, see Section 8.1.6, “syslog()”.

Declaration:
            syslog(ip() port() transport() options());
[Example] Example 3.13. Using the syslog() driver

TCP source listening on the localhost on port 1999.

source s_syslog { syslog(ip(127.0.0.1) port(1999) transport("tcp")); };

UDP source with defaults.

source s_udp { syslog( transport("udp")); };

Encrypted source where the client is also authenticated. See Section 8.10, “TLS options” for details on the encryption settings.

source s_syslog_tls{ syslog(
                    ip(10.100.20.40)
                    transport("tls")
                    tls(
                    peer-verify(required-trusted)
                    ca_dir('/opt/syslog-ng/etc/syslog-ng/keys/ca.d/')
                    key_file('/opt/syslog-ng/etc/syslog-ng/keys/server_privatekey.pem')
                    cert_file('/opt/syslog-ng/etc/syslog-ng/keys/server_certificate.pem')
                    )
                    );};
Prev  Up  Next
3.3.4. Collecting messages on Sun Solaris  Home | Contents  3.3.6. Collecting messages from remote hosts using the BSD syslog protocol

© 2007-2010 BalaBit IT Security
Please send your comments or documentation bugs to: documentation@balabit.com