A
- AIX
- installing syslog-ng, Installing syslog-ng on RPM-based platforms (Red Hat, SUSE, AIX)
- redirecting errorlog to syslog-ng, Installing syslog-ng on RPM-based platforms (Red Hat, SUSE, AIX)
- ALLSYL100, Starting the Alliance subsystem
- artificial ignorance
- message classification, Using pattern parsers
- AS/400, Collecting logs from IBM System i
- auditing policy, Configuring the auditing policy on Windows
- configuring on Windows 2003 Server, Turning on auditing on Windows 2003 Server
- configuring on Windows XP, Turning on security logging on Windows XP, Turning on security logging for domain controllers
- authentication, Secure logging using TLS, Encrypting log messages with TLS
- syslog-ng agent, Using SSL-encrypted connections with the syslog-ng agent
C
- CentOS
- installing syslog-ng, Installing syslog-ng on RPM-based platforms (Red Hat, SUSE, AIX)
- certificate revocation lists
- syslog-ng agent, Using mutual authentication with syslog-ng agent
- certificates, Secure logging using TLS, Using SSL-encrypted connections with the syslog-ng agent
- importing on Windows, Importing certificates with the Microsoft Management Console
- CHGSECAUD, Configuring System i security auditing
- chroots, Collecting logs from chroot
- classifying messages
- concepts of, Classifying log messages
- configuration, Classifying messages
- creating databases, Creating pattern databases
- filtering, Filtering messages based on classification, Filtering messages based on classification
- pattern matching concepts, How pattern matching works
- client authentication
- syslog-ng agent, Using mutual authentication with syslog-ng agent
- client mode, Client mode
- client-side failover
- syslog-ng agent, Configuring destinations
- compatibility with Snare, file(), pipe(), program(), sun-streams() driver, syslog(), tcp(), tcp6(), udp() and udp6(), unix-stream() and unix-dgram()
- compiling syslog-ng OSE, Compiling syslog-ng from source
- configuration file
- detecting changes, Logging configuration changes
- including other files, Including configuration files
- configuring syslog-ng
- on IBM System i, Configuring syslog-ng Agent for IBM System i
- on Linux/Unix, Configuring syslog-ng
- on Windows, Collecting logs from Windows hosts
- syslog-ng agent, Installing the syslog-ng agent in standalone mode
- Coordinated Universal Time, A note on timezones and timestamps
- core files, Creating syslog-ng core files
- CRL
- syslog-ng agent, Using mutual authentication with syslog-ng agent
- CSV parsers, CSV parsers
D
- daylight saving changes, Daylight saving changes
- defining global objects, Defining global objects
- deleting syslog-ng, Uninstalling syslog-ng
- destination drivers, Global objects, Destinations and destination drivers
- database driver, Storing messages in an SQL database, sql()
- file() driver, Storing messages in plain-text files, file()
- list of, Destinations and destination drivers, Configuring syslog-ng
- logstore() driver, Storing messages in encrypted files, logstore()
- pipe() driver, Sending messages to named pipes, pipe()
- program() driver, Sending messages to external applications, program()
- reference, Destination drivers
- sql() driver, Storing messages in an SQL database, sql()
- syslog() driver, Sending messages to a remote logserver using the IETF-syslog protocol, syslog()
- tcp() driver, Sending messages to a remote logserver using the legacy BSD-syslog protocol, tcp(), tcp6(), udp(), and udp6()
- tcp6() driver, Sending messages to a remote logserver using the legacy BSD-syslog protocol, tcp(), tcp6(), udp(), and udp6()
- udp() driver, Sending messages to a remote logserver using the legacy BSD-syslog protocol, tcp(), tcp6(), udp(), and udp6()
- udp6() driver, Sending messages to a remote logserver using the legacy BSD-syslog protocol, tcp(), tcp6(), udp(), and udp6()
- unix-dgram() driver, Sending messages to UNIX domain sockets, unix-stream() & unix-dgram()
- unix-stream() driver, Sending messages to UNIX domain sockets, unix-stream() & unix-dgram()
- usertty() driver, usertty(), usertty()
- destinations, Logging with syslog-ng, Global objects, Destinations and destination drivers
- defining, Sources and source drivers, Destinations and destination drivers
- FreeTDS configuration, Configuring Microsoft SQL Server to accept logs from syslog-ng
- Microsoft SQL Server configuration, Configuring Microsoft SQL Server to accept logs from syslog-ng
- MSSQL configuration, Configuring Microsoft SQL Server to accept logs from syslog-ng
- sql() configuration, Storing messages in an SQL database, Using the sql() driver with an Oracle database, Using the sql() driver with a Microsoft SQL database, sql()
- syslog-ng agent, Configuring destinations
- disk buffer, Using disk-based buffering, sql(), syslog(), tcp(), tcp6(), udp(), and udp6()
- location of, Enabling disk-based buffering
- on Windows, Collecting logs from Windows hosts
- disk queue (see disk buffer)
- disk-based buffering, Using disk-based buffering, sql(), syslog(), tcp(), tcp6(), udp(), and udp6()
- dropping messages, Dropping messages
F
- facilities, The PRI message part, The PRI message part, General recommendations, Filter functions
- fail-over, High availability support
- failure script, Running a failure script
- fd limit, file(), logstore()
- feature releases, Stable and feature releases of syslog-ng
- file descriptors, file(), logstore()
- file encryption, Secure storage of log messages
- filters, Logging with syslog-ng, Global objects, Filters, Optimizing regular expressions in filters, Handling large message load
- defining, Filters
- facilities, , Filter functions
- facility and priority (level) ranges, Filters
- priorities, Filter functions
- reference, Filter functions
- wildcards, Filters
- flags, Log paths, Log path flags
- flow-control, Managing incoming and outgoing messages with flow-control, Configuring flow-control
- example, Configuring flow-control
- multiple destinations, Flow-control and multiple destinations
- formatting messages, Formatting messages, filenames, directories, and tablenames
I
- IBM iSeries, Collecting logs from IBM System i
- IBM System i, Collecting logs from IBM System i
- importing certificates, Importing certificates with the Microsoft Management Console
- inheriting settings on Windows, Domain versus local settings
- installation path, Installing syslog-ng
- installing syslog-ng, Installing syslog-ng, Installing syslog-ng using the .run installer
- from DEB package, Installing syslog-ng on Debian-based platforms
- from RPM package, Installing syslog-ng on RPM-based platforms (Red Hat, SUSE, AIX)
- in silent mode, Installing syslog-ng without user-interaction
- on AIX, Installing syslog-ng on RPM-based platforms (Red Hat, SUSE, AIX)
- on CentOS, Installing syslog-ng on RPM-based platforms (Red Hat, SUSE, AIX)
- on clients and relays, Installing syslog-ng in client or relay mode
- on logservers, Installing syslog-ng in server mode
- on Red Hat Enterprise Server, Installing syslog-ng on RPM-based platforms (Red Hat, SUSE, AIX)
- on SUSE Linux Enterprise Server, Installing syslog-ng on RPM-based platforms (Red Hat, SUSE, AIX)
- on Windows, Installing the syslog-ng agent
- syslog-ng agent on domain controllers, Installing the syslog-ng agent
- installing syslog-ng OSE from source, Compiling syslog-ng from source
L
- license, Server mode, Licensing
- installing, Installing and upgrading the license
- local time, The HEADER message part, The HEADER message part
- log messages, structure, The structure of a log message
- BSD-syslog protocol, BSD-syslog or legacy-syslog messages
- IETF-syslog protocol, IETF-syslog messages
- legacy-syslog protocol, BSD-syslog or legacy-syslog messages
- RFC 3164, BSD-syslog or legacy-syslog messages
- RFC 5424, IETF-syslog messages
- log paths, Logging with syslog-ng, Log paths
- defining, Log paths
- flags, Log paths, Log path flags
- flow-control, Managing incoming and outgoing messages with flow-control, Configuring flow-control
- log pipes (see embedded log statements)
- log statements, Global objects (see log paths)
- embedded, Embedded log statements
- log statistics, Log statistics
- on unix-socket, Log statistics
- logcat, Storing messages in encrypted files
- logchksign, Logging configuration changes
- logging procedure, Logging with syslog-ng
- logstore, Secure storage of log messages, Storing messages in encrypted files
- losing messages, Possible causes of losing log messages
- from eventlog containers, Troubleshooting syslog-ng Agent for Windows
M
- macros, Global objects, Formatting messages, filenames, directories, and tablenames
- date and time, Macros available in the syslog-ng Agent
- eventlog sources, Macros available in the syslog-ng Agent
- file sources, Macros available in the syslog-ng Agent
- protocol, Macros available in the syslog-ng Agent
- reference, Macros
- syslog-ng agent, Macros available in the syslog-ng Agent
- message classification, Classifying messages, Filtering messages based on classification, Filtering messages based on classification, Creating pattern databases
- message facilities, The PRI message part, The PRI message part, Filter functions
- message filtering
- syslog-ng agent, Filtering messages
- using parsers, Using parser results in filters and templates
- message format
- syslog-ng agent, Customizing the message format
- message loss, Possible causes of losing log messages
- message parsing, Parsing messages, Classifying messages, Filtering messages based on classification, Message parsers, Filtering messages based on classification
- message rate
- on Windows, Limiting the rate of messages
- message templates, Formatting messages, filenames, directories, and tablenames
- Microsoft SQL
- sql() configuration, Using the sql() driver with a Microsoft SQL database
- Microsoft SQL Server configuration, Configuring Microsoft SQL Server to accept logs from syslog-ng
- modes of operation, Modes of operation
- client mode, Client mode
- relay mode, Relay mode
- server mode, Server mode
- MSSQL
- sql() configuration, Using the sql() driver with a Microsoft SQL database, sql()
- mutual authentication, Secure logging using TLS, Mutual authentication using TLS
- syslog-ng agent, Using mutual authentication with syslog-ng agent
O
- optimizing syslog-ng performance, Handling large message load
- regular expressions, Optimizing regular expressions in filters
- options, Global objects
- reference, Global options
- Oracle
- sql() configuration, Using the sql() driver with an Oracle database, sql()
- output buffer, Managing incoming and outgoing messages with flow-control, Configuring flow-control
- output queue, Using disk-based buffering
- overflow queue (see output buffer)
- overriding facility, Sources and source drivers
P
- parallel connections, Handling lots of parallel connections
- parameters
- log_disk_fifo_size(), Using disk-based buffering, sql(), syslog(), tcp(), tcp6(), udp(), and udp6()
-
log_fetch_limit()
, Managing incoming and outgoing messages with flow-control, Configuring flow-control, Handling lots of parallel connections
-
log_fifo_size()
, Managing incoming and outgoing messages with flow-control, Configuring flow-control, Handling lots of parallel connections
-
log_iw_size()
, Managing incoming and outgoing messages with flow-control, Configuring flow-control
-
max_connections()
, Managing incoming and outgoing messages with flow-control, Configuring flow-control, Handling lots of parallel connections
- time_sleep(), Handling lots of parallel connections
- parsers, Logging with syslog-ng, Global objects, Parsing messages, Classifying messages, Filtering messages based on classification, Filtering messages based on classification
- reference, Message parsers
- parsing messages, Parsing messages, Classifying messages, Filtering messages based on classification, Message parsers, Using pattern parsers, Filtering messages based on classification
- concepts of, Segmenting messages
- filtering parsed messages, Using parser results in filters and templates
- pattern database, Classifying messages, Filtering messages based on classification, Filtering messages based on classification, Creating pattern databases
- creating parsers, Using pattern parsers
- structure of, The structure of the pattern database
- using the results, Using parser results in filters and templates
- pattern databases
- concepts of, Classifying log messages
- pattern matching precedence, How pattern matching works
- pattern matching
- procedure of, How pattern matching works
- PostgreSQL
- sql() configuration, Storing messages in an SQL database, sql()
- preventing message loss (see flow-control)
R
- reading messages form external applications, program()
- Red Hat Enterprise Server
- installing syslog-ng, Installing syslog-ng on RPM-based platforms (Red Hat, SUSE, AIX)
- regular expressions, Filters, Optimizing regular expressions in filters, Handling large message load, Regular expressions
- case-insensitive, Filters
- escaping, Filters
- pcre, Regular expressions
- posix, Filter functions
- relay mode, Relay mode
- releases, Stable and feature releases of syslog-ng
- removing syslog-ng, Uninstalling syslog-ng
- replacing message text, Rewriting messages, Rewriting messages
- rewrite
- reference, Rewriting messages
- rewrite rules, Logging with syslog-ng, Global objects, Rewriting messages
- rewriting messages, Rewriting messages, Rewriting messages
- concepts of, Modifying messages
S
- sedding messages, Rewriting messages, Rewriting messages
- segmenting messages, Parsing messages, CSV parsers
- server license, Licensing
- server mode, Server mode
- setting facility, Sources and source drivers
- setting message fields, Rewriting messages, Rewriting messages
- signing log files, Secure storage of log messages
- skipping messages, Dropping messages
- snare, Configuring destinations
- Snare
- receiving Snare-compatible messages, file(), pipe(), program(), sun-streams() driver, syslog(), tcp(), tcp6(), udp() and udp6(), unix-stream() and unix-dgram()
- Snare-compatibility, file(), pipe(), program(), sun-streams() driver, syslog(), tcp(), tcp6(), udp() and udp6(), unix-stream() and unix-dgram()
- source drivers, Global objects, Sources and source drivers
- file() driver, Collecting messages from text files, file()
- internal() driver, internal()
- list of, Sources and source drivers, Configuring syslog-ng
- pipe() driver, Collecting messages from named pipes, pipe()
- program() driver, program()
- reference, Source drivers
- sun-streams() driver, Collecting messages on Sun Solaris, sun-streams() driver
- syslog() driver, Collecting messages using the IETF syslog protocol, syslog()
- tcp() driver, Collecting messages from remote hosts using the BSD syslog protocol, tcp(), tcp6(), udp() and udp6()
- tcp6() driver, Collecting messages from remote hosts using the BSD syslog protocol, tcp(), tcp6(), udp() and udp6()
- udp() driver, Collecting messages from remote hosts using the BSD syslog protocol, tcp(), tcp6(), udp() and udp6()
- udp6() driver, Collecting messages from remote hosts using the BSD syslog protocol, tcp(), tcp6(), udp() and udp6()
- unix-dgram() driver, unix-stream() and unix-dgram()
- unix-stream() driver, unix-stream() and unix-dgram()
- sources, Logging with syslog-ng, Global objects, Sources and source drivers
- eventlog, Eventlog sources
- on different platforms, Sources and source drivers
- windows log files, File sources and logrotation
- splitting messages, Parsing messages, CSV parsers
- SQL NULL values, sql()
- stable releases, Stable and feature releases of syslog-ng
- statistics, Log statistics
- supported architectures, Supported platforms
- supported operating systems, Supported platforms, Collecting logs from Windows hosts
- SUSE Linux Enterprise Server
- installing syslog-ng, Installing syslog-ng on RPM-based platforms (Red Hat, SUSE, AIX)
- syslog-ng
- troubleshooting, Troubleshooting syslog-ng
- syslog-ng agent, Collecting logs from Windows hosts
- certificate revocation lists, Using mutual authentication with syslog-ng agent
- client authentication, Using mutual authentication with syslog-ng agent
- client-side failover, Configuring destinations
- configuring domain controllers, Installing the syslog-ng agent on the domain controller and the hosts of a domain
- configuring domain hosts, Installing the syslog-ng agent on the domain controller and the hosts of a domain
- configuring the logserver, Configuring destinations
- creating core dumps, Creating core and memory dumps
- CRL, Using mutual authentication with syslog-ng agent
- default message format, Macros available in the syslog-ng Agent
- destinations, Configuring destinations
- disabling sources and filters, Global settings of the syslog-ng agent
- eventlog sources, Eventlog sources
- failover servers, Configuring destinations
- file sources, File sources and logrotation
- filtering messages, Filtering messages
- importing certificates, Importing certificates with the Microsoft Management Console
- installing, Installing the syslog-ng agent
- installing the agent from the domain controller, Installing the syslog-ng agent on the domain controller and the hosts of a domain
- installing the agent in standalone mode, Installing the syslog-ng agent in standalone mode
- message format, Customizing the message format
- mutual authentication, Using mutual authentication with syslog-ng agent
- Snare-compatibility, file(), pipe(), program(), sun-streams() driver, syslog(), tcp(), tcp6(), udp() and udp6(), unix-stream() and unix-dgram()
- throttle, Limiting the rate of messages
- timestamp, Customizing the timestamp used by the syslog-ng Agent
- troubleshooting, Troubleshooting syslog-ng Agent for Windows, Creating core and memory dumps
- upgrading, Upgrading syslog-ng Agent for Windows 2.x to 3.0.x
- upgrading 3.0.1, Upgrading syslog-ng Agent for Windows 3.0.1 to version 3.0.2
- upgrading 3.0.2, Upgrading syslog-ng Agent for Windows 3.0.2 to version 3.0.3
- upgrading to 3.0.4, Upgrading syslog-ng Agent for Windows to version 3.0.4
- syslog-ng Agent
- configuration file, Using an XML-based configuration file
- for IBM System i, Collecting logs from IBM System i
- inheriting settings, Domain versus local settings
- System i configuration, Configuring syslog-ng Agent for IBM System i
- timezone, Controlling the syslog-ng agent services
- XML, Using an XML-based configuration file
- syslog-ng Agent for IBM System i, Collecting logs from IBM System i
- downgrading, Reverting to a previous version after an upgrade
- filtering, Filtering log entries
- installation, Installing the syslog-ng Agent for IBM System i
- reverting to older version, Reverting to a previous version after an upgrade
- supported log sources, Supported sources
- supported output formats, Supported output formats
- upgrading, Upgrading the syslog-ng Agent for IBM System i
- syslog-ng binaries
- location of, Installing syslog-ng
- syslog-ng clients
- configuring, Configuring syslog-ng clients
- syslog-ng relays
- configuring, Configuring syslog-ng relays
- syslog-ng servers
- configuring, Configuring syslog-ng servers
- syslog-ng.conf, The syslog-ng configuration file
- fingerprint, Logging configuration changes
- includes, Including configuration files
- System i
- ALLSYL100 subsystem, Starting the Alliance subsystem
- clearing logs manually, Application maintenance
- configuring server applications, Configuring IBM System i Servers
- configuring the syslog-ng Agent, Configuring syslog-ng Agent for IBM System i
- custom journal entries, Work with security types
- destination server, Configuring communication between the syslog-ng Agent and the server
- enable logging in Apache, Configuring Apache server logs
- enable logging in OpenSSH, OpenSSH server logs
- enabling security auditing, Enabling security auditing manually
- enabling security auditing manually, Enabling security auditing manually
- enabling user auditing, Enabling user auditing, Enabling object auditing
- QAUDJRN, Work with security types
- security auditing, Configuring System i security auditing
- security types, Work with security types
- starting the subsystem, Starting the Alliance subsystem
- troubleshooting, Troubleshooting the syslog-ng Agent for IBM System i
- user-created journal entries, Work with security types
- viewing logs, View application logs
- System i security audit journal, Supported sources
T
- templates, Global objects, Formatting messages, filenames, directories, and tablenames, Templates and macros
- defining, Templates and macros
- example, Templates and macros
- throttle
- on Windows, Limiting the rate of messages
- timestamp, The HEADER message part, The HEADER message part, General recommendations, A note on timezones and timestamps
- syslog-ng agent, Customizing the timestamp used by the syslog-ng Agent
- timestamping
- Microsoft Authenticode Timestamping, logstore(), Global options
- RFC3161, logstore(), Global options
- URL, Global options
- Timestamping Authority, Secure storage of log messages
- timezone
- in chroots, Collecting logs from chroot
- Windows, Customizing the timestamp used by the syslog-ng Agent, Controlling the syslog-ng agent services
- timezones, Timezone handling, A note on timezones and timestamps
- TLS, Secure logging using TLS, Collecting messages using the IETF syslog protocol, Collecting messages from remote hosts using the BSD syslog protocol, syslog(), tcp(), tcp6(), udp() and udp6()
- configuring, Encrypting log messages with TLS, Mutual authentication using TLS
- reference, TLS options
- syslog-ng agent, Using SSL-encrypted connections with the syslog-ng agent
- transport layer security (see TLS)
- troubleshooting, Troubleshooting syslog-ng
- core files, Creating syslog-ng core files
- failure scrip, Running a failure script
- syslog-ng, Creating syslog-ng core files, Running a failure script
- syslog-ng agent, Troubleshooting syslog-ng Agent for Windows
- TSA, Secure storage of log messages
© 2007-2010 BalaBit IT Security
Please send your comments or documentation bugs to: documentation@balabit.com
