The syslog-ng Premium Edition 6 LTS Administrator Guide

Copyright © 2017 Balabit SA. All rights reserved. This document is protected by copyright and is distributed under licenses restricting its use, copying, distribution, and decompilation. No part of this document may be reproduced in any form by any means without prior written authorization of Balabit.

This documentation and the product it describes are considered protected by copyright according to the applicable laws.

This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit (https://www.openssl.org/). This product includes cryptographic software written by Eric Young (eay@cryptsoft.com)

AIX™, AIX 5L™, AS/400™, BladeCenter™, eServer™, IBM™, the IBM™ logo, IBM System i™, IBM System i5™, IBM System x™, iSeries™, i5/OS™, Netfinity™, NetServer™, OpenPower™, OS/400™, PartnerWorld™, POWER™, ServerGuide™, ServerProven™, and xSeries™ are trademarks or registered trademarks of International Business Machines.

Alliance Log Agent for System i™ is a registered trademark of Patrick Townsend & Associates, Inc.

The Balabit™ name and the Balabit™ logo are registered trademarks of Balabit SA.

Debian™ is a registered trademark of Software in the Public Interest Inc.

Hadoop™ and the Hadoop elephant logo are trademarks of the Apache Software Foundation.

Linux™ is a registered trademark of Linus Torvalds.

MapR™, is a trademark of MapR Technologies, Inc.

Elasticsearch™ and Kibana™ is a trademark of Elasticsearch BV, registered in the U.S. and in other countries.

Apache Kafka and the Apache Kafka Logo are trademarks of the Apache Software Foundation.

MySQL™ is a registered trademark of Oracle and/or its affiliates.

Oracle™, JD Edwards™, PeopleSoft™, and Siebel™ are registered trademarks of Oracle Corporation and/or its affiliates.

Red Hat™, Inc., Red HatEnterprise Linux™ and Red HatLinux™ are trademarks of Red Hat, Inc.

SUSE™ is a trademark of SUSE AG, a Novell business.

Solaris™ is a registered trademark of Oracle and/or its affiliates.

Splunk>, Listen to Your Data, The Engine for Machine Data, Splunk Cloud, Splunk Light and SPL are trademarks and registered trademarks of Splunk Inc. in the United States and other countries.

The syslog-ng™ name and the syslog-ng™ logo are registered trademarks of Balabit.

Windows™ 95, 98, ME, 2000, XP, Server 2003, Vista, Server 2008, 7, 8, and Server 2012 are registered trademarks of Microsoft Corporation.

For details on FIPS-compliance, see this page.

All other product names mentioned herein are the trademarks of their respective owners.

DISCLAIMER. Balabit is not responsible for any third-party websites mentioned in this document. Balabit does not endorse and is not responsible or liable for any content, advertising, products, or other material on or available from such sites or resources. Balabit will not be responsible or liable for any damage or loss caused or alleged to be caused by or in connection with use of or reliance on any such content, goods, or services that are available on or through any such sites or resources.

November 17, 2017

This manual is the primary documentation of the syslog-ng Premium Edition 6 LTS product.


Table of Contents

Preface
1. Summary of contents
2. Target audience and prerequisites
3. Products covered in this guide
4. Typographical conventions
5. Contact and support information
5.1. Sales contact
5.2. Support contact
5.3. Training
6. About this document
6.1. Summary of changes
6.2. Feedback
6.3. Acknowledgments
1. Introduction to syslog-ng
1.1. What syslog-ng is
1.2. What syslog-ng is not
1.3. Why is syslog-ng needed?
1.4. What is new in syslog-ng Premium Edition 6 LTS?
1.5. Who uses syslog-ng?
1.5.1. Public references of syslog-ng Premium Edition
1.6. Supported platforms
1.6.1. Limitations on Microsoft Windows platforms
1.6.2. Certified packages
2. The concepts of syslog-ng
2.1. The philosophy of syslog-ng
2.2. Logging with syslog-ng
2.2.1. The route of a log message in syslog-ng
2.3. Modes of operation
2.3.1. Client mode
2.3.2. Relay mode
2.3.3. Server mode
2.4. Global objects
2.5. Timezones and daylight saving
2.5.1. How syslog-ng PE assigns timezone to the message
2.5.2. A note on timezones and timestamps
2.6. Versions and releases of syslog-ng PE
2.7. Licensing
2.7.1. Licensing benefits
2.7.2. Licensing model and modes of operation
2.7.3. Licensing examples
2.8. GPL and LGPL licenses
2.9. High availability support
2.10. The structure of a log message
2.10.1. BSD-syslog or legacy-syslog messages
2.10.2. IETF-syslog messages
2.11. Message representation in syslog-ng PE
2.12. Structuring macros, metadata, and other value-pairs
2.12.1. Specifying data types in value-pairs
2.13. Things to consider when forwarding messages between syslog-ng PE hosts
2.14. NFS file system for log files
3. Installing syslog-ng
3.1. Prerequisites to installing syslog-ng PE
3.2. Security-enhanced Linux: grsecurity, SELinux
3.3. Installing syslog-ng using the .run installer
3.3.1. Installing syslog-ng PE in client or relay mode
3.3.2. Installing syslog-ng PE in server mode
3.3.3. Installing syslog-ng PE without user-interaction
3.4. Installing syslog-ng PE on RPM-based platforms (Red Hat, SUSE, AIX)
3.5. Using syslog-ng PE on SELinux
3.6. Installing syslog-ng on Debian-based platforms
3.7. Installing syslog-ng PE using .pkg installer
3.7.1. Installing syslog-ng PE with user-interaction
3.7.2. Installing syslog-ng PE without user-interaction
3.7.3. Installing syslog-ng PE from a transformed PKG package
3.8. Installing syslog-ng PE on Windows platforms
3.9. Installing syslog-ng without user-interaction on Windows
3.10. Managing syslog-ng PE from Puppet
3.11. Upgrading syslog-ng PE
3.11.1. Upgrading from previous syslog-ng PE versions to 6 LTS
3.11.2. Upgrading to syslog-ng PE 6 LTS
3.11.3. Upgrading syslog-ng PE to other package versions
3.11.4. Upgrading from syslog-ng PE to syslog-ng OSE
3.11.5. Upgrading from complete syslog-ng PE to client setup version of syslog-ng PE
3.12. Uninstalling syslog-ng PE
3.13. Configuring Microsoft SQL Server to accept logs from syslog-ng
4. The syslog-ng PE quick-start guide
4.1. Configuring syslog-ng on client hosts
4.2. Configuring syslog-ng on server hosts
4.3. Configuring syslog-ng relays
4.3.1. Configuring syslog-ng on relay hosts
4.3.2. How relaying log messages works
5. The syslog-ng PE configuration file
5.1. Location of the syslog-ng configuration file
5.2. The configuration syntax in detail
5.3. Notes about the configuration syntax
5.4. Global and environmental variables
5.5. Logging configuration changes
5.6. Modules in syslog-ng PE
5.6.1. Loading modules
5.7. Managing complex syslog-ng configurations
5.7.1. Including configuration files
5.7.2. Reusing configuration blocks
6. Collecting log messages — sources and source drivers
6.1. How sources work
6.2. Collecting messages from Windows eventlog sources
6.2.1. eventlog() source options
6.2.2. Limitations of using the EVT API on Windows Vista or newer
6.3. Collecting internal messages
6.3.1. internal() source options
6.4. Collecting messages from text files
6.4.1. Notes on reading kernel messages
6.4.2. File sources and the RFC5424 message format
6.4.3. file() source options
6.5. Collecting messages using the RFC3164 protocol (network() driver)
6.5.1. network() source options
6.6. Collecting messages from named pipes
6.6.1. pipe() source options
6.7. Receiving messages from external applications
6.7.1. program() source options
6.8. Collecting messages from tables or relational database
6.8.1. Supported SQL sources by platform
6.8.2. sql() source options
6.8.3. Customizing SQL queries
6.9. Collecting messages on Sun Solaris
6.9.1. sun-streams() source options
6.10. Collecting messages using the IETF syslog protocol (syslog() driver)
6.10.1. syslog() source options
6.11. Collecting the system-specific log messages of a platform
6.12. Collecting messages from the systemd-journal system log storage
6.12.1. systemd-journal() source options
6.13. Collecting systemd messages using a socket
6.14. Collecting messages from remote hosts using the BSD syslog protocol
6.14.1. tcp(), tcp6(), udp() and udp6() source options — OBSOLETE
6.15. Collecting messages from UNIX domain sockets
6.15.1. unix-stream() and unix-dgram() source options
7. Sending and storing log messages — destinations and destination drivers
7.1. Sending messages directly to Elasticsearch version 1.x
7.1.1. Prerequisites
7.1.2. How syslog-ng PE interacts with Elasticsearch
7.1.3. Client modes
7.1.4. Elasticsearch destination options
7.2. Sending messages directly to Elasticsearch version 2.0 or higher
7.2.1. Prerequisites
7.2.2. How syslog-ng PE interacts with Elasticsearch
7.2.3. Client modes
7.2.4. Elasticsearch destination options
7.3. Storing messages in plain-text files
7.3.1. file() destination options
7.4. Storing messages on the Hadoop Distributed File System (HDFS)
7.4.1. Prerequisites
7.4.2. How syslog-ng PE interacts with HDFS
7.4.3. Storing messages with MapR-FS
7.4.4. HDSF destination options
7.5. Publishing messages to Apache Kafka
7.5.1. Prerequisites
7.5.2. How syslog-ng PE interacts with Apache Kafka
7.5.3. Kafka destination options
7.6. Storing messages in encrypted files
7.6.1. Displaying the contents of logstore files
7.6.2. Journal files
7.6.3. logstore() destination options
7.7. Storing messages in a MongoDB database
7.7.1. How syslog-ng PE connects the MongoDB server
7.7.2. mongodb() destination options
7.8. Sending messages to a remote log server using the RFC3164 protocol (network() driver)
7.8.1. network() destination options
7.9. Sending messages to named pipes
7.9.1. pipe() destination options
7.10. Sending messages to external applications
7.10.1. program() destination options
7.11. Generating SMTP messages (e-mail) from logs
7.11.1. smtp() destination options
7.11.2. Error handling
7.12. Sending SNMP traps
7.12.1. Converting Cisco syslog messages to "clogMessageGenerated" SNMP traps
7.12.2. snmp() destination options
7.13. Storing messages in an SQL database
7.13.1. Using the sql() driver with an Oracle database
7.13.2. Using the sql() driver with a Microsoft SQL database
7.13.3. The way syslog-ng interacts with the database
7.13.4. MySQL-specific interaction methods
7.13.5. MsSQL-specific interaction methods
7.13.6. Supported SQL destinations by platform
7.13.7. sql() destination options
7.14. Sending messages to a remote log server using the IETF-syslog protocol
7.14.1. syslog() destination options
7.15. Sending messages to a remote log server using the legacy BSD-syslog protocol (tcp(), udp() drivers)
7.15.1. tcp(), tcp6(), udp(), and udp6() destination options
7.16. Sending messages to UNIX domain sockets
7.16.1. unix-stream() and unix-dgram() destination options
7.17. Sending messages to a user terminal — usertty() destination
8. Routing messages: log paths, reliability, and filters
8.1. Log paths
8.1.1. Embedded log statements
8.1.2. Log path flags
8.2. Managing incoming and outgoing messages with flow-control
8.2.1. Flow-control and multiple destinations
8.2.2. Configuring flow-control
8.3. Using disk-based and memory buffering
8.3.1. Enabling reliable disk-based buffering
8.3.2. Enabling normal disk-based buffering
8.3.3. Enabling memory buffering
8.4. Client-side failover
8.5. Filters
8.5.1. Using filters
8.5.2. Combining filters with boolean operators
8.5.3. Comparing macro values in filters
8.5.4. Using wildcards, special characters, and regular expressions in filters
8.5.5. Tagging messages
8.5.6. Filter functions
8.6. Dropping messages
9. Global options of syslog-ng PE
9.1. Configuring global syslog-ng options
9.2. Global options
10. TLS-encrypted message transfer
10.1. Secure logging using TLS
10.2. Encrypting log messages with TLS
10.2.1. Configuring TLS on the syslog-ng clients
10.2.2. Configuring TLS on the syslog-ng server
10.3. Mutual authentication using TLS
10.3.1. Configuring TLS on the syslog-ng clients
10.3.2. Configuring TLS on the syslog-ng server
10.4. TLS options
11. FIPS-compliant syslog-ng
11.1. Installing FIPS-compliant syslog-ng PE
11.2. Limitations of the FIPS-compliant syslog-ng PE
11.3. Legal Notice of FIPS Compliance of Syslog-ng Premium Edition
12. Reliable Log Transfer Protocol
12.1. Logging using RLTP
12.1.1. How RLTP™ connections work
12.1.2. Using RLTP™ in a client-relay-server scenario
12.2. RLTP™ options
12.3. Examples for using RLTP
13. Manipulating messages
13.1. Customizing message format
13.1.1. Formatting messages, filenames, directories, and tablenames
13.1.2. Templates and macros
13.1.3. Date-related macros
13.1.4. Hard vs. soft macros
13.1.5. Macros of syslog-ng PE
13.1.6. Using template functions
13.1.7. Template functions of syslog-ng PE
13.2. Modifying messages
13.2.1. Replacing message parts
13.2.2. Setting message fields to specific values
13.2.3. Creating custom SDATA fields
13.2.4. Setting multiple message fields to specific values
13.2.5. Conditional rewrites
13.3. Regular expressions
13.3.1. Types and options of regular expressions
13.3.2. Optimizing regular expressions
14. Parsing and segmenting structured messages
14.1. Parsing messages with comma-separated and similar values
14.1.1. Options of CSV parsers
14.2. Parsing key=value pairs
14.2.1. Options of key=value parsers
14.3. The JSON parser
14.3.1. Options of JSON parsers
15. Processing message content with a pattern database
15.1. Classifying log messages
15.1.1. The structure of the pattern database
15.1.2. How pattern matching works
15.1.3. Artificial ignorance
15.2. Using pattern databases
15.2.1. Using parser results in filters and templates
15.2.2. Downloading sample pattern databases
15.3. Correlating log messages
15.3.1. Referencing earlier messages of the context
15.4. Triggering actions for identified messages
15.4.1. Conditional actions
15.4.2. External actions
15.4.3. Actions and message correlation
15.5. Creating pattern databases
15.5.1. Using pattern parsers
15.5.2. The syslog-ng pattern database format
16. Statistics and metrics of syslog-ng
17. Multithreading and scaling in syslog-ng PE
17.1. Multithreading concepts of syslog-ng PE
17.2. Configuring multithreading
17.3. Optimizing multithreaded performance
18. Troubleshooting syslog-ng
18.1. Possible causes of losing log messages
18.2. Creating syslog-ng core files
18.3. Collecting debugging information with strace, truss, or tusc
18.4. Running a failure script
18.5. Stopping syslog-ng
18.6. Reporting bugs and finding help
18.7. Recover data from orphaned diskbuffer files
19. Best practices and examples
19.1. General recommendations
19.2. Handling large message load
19.3. Using name resolution in syslog-ng
19.3.1. Resolving hostnames locally
19.4. Collecting logs from chroot
19.5. Configuring log rotation
A. The syslog-ng manual pages
dqtool — Display the contents of a disk-buffer file created with syslog-ng Premium Edition
loggen — Generate syslog messages at a specified rate
lgstool — Inspect and validate the binary log files (logstores) created with syslog-ng Premium Edition
pdbtool — An application to test and convert syslog-ng pattern database rules
persist-tool — Display the content of the persist file
syslog-debun — syslog-ng DEBUg buNdle generator
syslog-ng — syslog-ng system logger application
syslog-ng.conf — syslog-ng configuration file
syslog-ng-ctl — Display message statistics and enable verbose, debug and trace modes in syslog-ng Premium Edition
syslog-ng-query — Query metrics and statistic data from a running syslog-ng Premium Edition instance
syslog-windebun.ps1 — syslog-ng WINdows DEBUg buNdle generator PowerShell script
B. END USER LICENSE AGREEMENT FOR BALABIT PRODUCT (EULA)
C. GNU General Public License
C.1. Preamble
C.2. TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
C.2.1. Section 0
C.2.2. Section 1
C.2.3. Section 2
C.2.4. Section 3
C.2.5. Section 4
C.2.6. Section 5
C.2.7. Section 6
C.2.8. Section 7
C.2.9. Section 8
C.2.10. Section 9
C.2.11. Section 10
C.2.12. NO WARRANTY Section 11
C.2.13. Section 12
C.3. How to Apply These Terms to Your New Programs
D. GNU Lesser General Public License
D.1. Preamble
D.2. TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
D.2.1. Section 0
D.2.2. Section 1
D.2.3. Section 2
D.2.4. Section 3
D.2.5. Section 4
D.2.6. Section 5
D.2.7. Section 6
D.2.8. Section 7
D.2.9. Section 8
D.2.10. Section 9
D.2.11. Section 10
D.2.12. Section 11
D.2.13. Section 12
D.2.14. Section 13
D.2.15. Section 14
D.2.16. NO WARRANTY Section 15
D.2.17. Section 16
D.3. How to Apply These Terms to Your New Libraries
E. Creative Commons Attribution Non-commercial No Derivatives (by-nc-nd) License
Glossary
List of syslog-ng PE parameters
Index

List of Examples

2.1. A simple example
2.2. High Availability (HA) cluster
2.3. Using alternative log servers with syslog-ng PE clients
2.4. Using syslog-ng PE relays
2.5. Multiple facilities
2.6. Using type-hinting
2.7. Using the value-pairs() option
2.8. Using the rekey() option
3.1. Extracting syslog-ng PE from a transformed PKG package
4.1. The default configuration file of syslog-ng PE
4.2. A simple configuration for clients
4.3. A simple configuration for servers
4.4. A simple configuration for relays
5.1. A simple configuration file
5.2. Using required and optional parameters
5.3. Using global variables
5.4. Reusing configuration blocks
5.5. Defining blocks with multiple elements
5.6. Passing arguments to blocks
6.1. A simple source statement
6.2. A source statement using two source drivers
6.3. Setting default priority and facility
6.4. Source statement on a Linux based operating system
6.5. Using the eventlog() driver
6.6. Using the internal() driver
6.7. Initial window size of a connection
6.8. Using the file() driver
6.9. Tailing files
6.10. Using wildcards in the filename
6.11. File-related information in message
6.12. Initial window size of file sources
6.13. Processing Tomcat logs
6.14. Monitoring multiple directories
6.15. Using the network() driver
6.16. Initial window size of a connection
6.17. Processing Tomcat logs
6.18. Using the pipe() driver
6.19. Initial window size of a connection
6.20. Using the program() driver
6.21. Initial window size of a connection
6.22. Using a MySQL source
6.23. A sample archive query
6.24. SQL source option columns
6.25. A sample connect query
6.26. SQL source option datetime-column(col_name, [format])
6.27. A sample fetch query
6.28. Initial window size of a connection
6.29. SQL source option prefix()
6.30. SQL source option template()
6.31. SQL source fetch-query
6.32. Using the sun-streams() driver
6.33. Initial window size of a connection
6.34. Using the syslog() driver
6.35. Initial window size of a connection
6.36. Processing Tomcat logs
6.37. Sending all fields through syslog protocol using the systemd-journal() driver
6.38. Filtering for a specific field using the systemd-journal() driver
6.39. Sending all fields in value-pairs using the systemd-journal() driver
6.40. Using the systemd-syslog() driver
6.41. Using the unix-stream() and unix-dgram() drivers
6.42. Initial window size of a connection
6.43. Processing Tomcat logs
7.1. A simple destination statement
7.2. Sending log data to Elasticsearch version 1.x
7.3. Example for the .yml file
7.4. Examples for using disk-buffer()
7.5. Sending log data to Elasticsearch version 2.x and above
7.6. Example for the .yml file
7.7. Examples for using disk-buffer()
7.8. Using the file() driver
7.9. Using the file() driver with macros in the file name and a template for the message
7.10. Storing logfiles on HDFS
7.11. Storing logfiles with MapR-FS
7.12. Examples for using disk-buffer()
7.13. Sending log data to Apache Kafka
7.14. Examples for using disk-buffer()
7.15. Using the logstore() driver
7.16. Calculating memory usage of logstore journals
7.17. Setting journal block number and size
7.18. Setting journal block number and size
7.19. Using the mongodb() driver
7.20. Examples for using disk-buffer()
7.21. Using the network() driver
7.22. Examples for using disk-buffer()
7.23. Specifying failover servers for syslog() destinations
7.24. Spoofing the source address on Microsoft Windows
7.25. Using the pipe() driver
7.26. Using the program() destination driver
7.27. Examples for using disk-buffer()
7.28. Using the smtp() driver
7.29. Simple e-mail alerting with the smtp() driver
7.30. Examples for using disk-buffer()
7.31. Using the snmp() destination driver
7.32. Defining a Cisco-specific SNMP destination
7.33. Defining SNMP objects
7.34. Using the sql() driver
7.35. Using the sql() driver with an Oracle database
7.36. Using the sql() driver with an MSSQL database
7.37. Examples for using disk-buffer()
7.38. Setting flags for SQL destinations
7.39. Using SQL NULL values
7.40. Value: default
7.41. Using the syslog() driver
7.42. Examples for using disk-buffer()
7.43. Specifying failover servers for syslog() destinations
7.44. Spoofing the source address on Microsoft Windows
7.45. Using the unix-stream() driver
7.46. Examples for using disk-buffer()
7.47. Using the usertty() driver
8.1. A simple log statement
8.2. Using embedded log paths
8.3. Using log path flags
8.4. Soft flow-control
8.5. Hard flow-control
8.6. Sizing parameters for flow-control
8.7. Example for using reliable disk-based buffering
8.8. Example for using normal disk-based buffering
8.9. Example for using memory buffering
8.10. A simple filter statement
8.11. Comparing macro values in filters
8.12. Filtering with widcards
8.13. Selecting messages using the in-list filter
8.14. Adding tags and filtering messages with tags
8.15. Skipping messages
9.1. Using global options
9.2. Calculating memory usage of logstore journals
9.3. Limiting the memory use of journal files
10.1. A destination statement using TLS
10.2. A source statement using TLS
10.3. Disabling mutual authentication
10.4. A destination statement using mutual authentication
10.5. A source statement using TLS
12.1. Simple RLTP™ connection
12.2. RLTP™ with TLS encryption
13.1. Using templates and macros
13.2. Using ${RCPTID} macro
13.3. Using SDATA macros
13.4. Using the format-cef-extension template function
13.5. Using the format-json template function
13.6. Using the format-welf() template function
13.7. Using the grep template function
13.8. Using the $(hash) template function
13.9. Anonymizing IP addresses
13.10. Using pattern databases and the if template function
13.11. Using the indent-multi-line template function
13.12. Using numerical template functions
13.13. Using substitution rules
13.14. Anonymizing IP addresses
13.15. Setting message fields to a particular value
13.16. Rewriting custom SDATA fields
13.17. Using groupset rewrite rules
13.18. Using conditional rewriting
13.19. Using Posix regular expressions
13.20. Using PCRE regular expressions
13.21. Optimizing regular expressions in filters
14.1. Segmenting hostnames separated with a dash
14.2. Parsing Apache log files
14.3. Segmenting a part of a message
14.4. Adding the end of the message to the last column
14.5. Using a key=value parser
14.6. Using a JSON parser
14.7. Using the marker option in JSON parser
15.1. Defining pattern databases
15.2. Using classification results
15.3. Using classification results for filtering messages
15.4. Using pattern parsers as macros
15.5. How syslog-ng PE calculates context-timeout
15.6. Using message correlation
15.7. Referencing values from an earlier message
15.8. Sending triggered messages to the internal() source
15.9. Generating messages for pattern database matches
15.10. Generating messages with inherited values
15.11. Actions based on the number of messages
15.12. Sending triggered messages to external applications
15.13. Referencing values from an earlier message
15.14. Using the inherit-properties option
15.15. Sending alert when a client disappears
15.16. Pattern parser syntax
15.17. Using the STRING and ESTRING parsers
15.18. A V4 pattern database containing a single rule
15.19. Generating messages for pattern database matches
15.20. Generating messages with inherited values
15.21. Generating messages for pattern database matches
15.22. Generating messages with inherited values
17.1. Enabling multithreading
19.1. File destination for log rotation
19.2. Logstore destination for log rotation
19.3. Command for cron for log rotation
A.1. lgstool cat filter
A.2. lgstool tail filter
A.3. Using required and optional parameters
A.4. Using global options

List of Procedures

2.2.1. The route of a log message in syslog-ng
2.5.1. How syslog-ng PE assigns timezone to the message
3.3.1. Installing syslog-ng PE in client or relay mode
3.3.2. Installing syslog-ng PE in server mode
3.4. Installing syslog-ng PE on RPM-based platforms (Red Hat, SUSE, AIX)
3.5. Using syslog-ng PE on SELinux
3.6. Installing syslog-ng on Debian-based platforms
3.7.1. Installing syslog-ng PE with user-interaction
3.7.2. Installing syslog-ng PE without user-interaction
3.7.3. Installing syslog-ng PE from a transformed PKG package
3.8. Installing syslog-ng PE on Windows platforms
3.10. Managing syslog-ng PE from Puppet
3.11.2. Upgrading to syslog-ng PE 6 LTS
3.13. Configuring Microsoft SQL Server to accept logs from syslog-ng
4.1. Configuring syslog-ng on client hosts
4.2. Configuring syslog-ng on server hosts
4.3.1. Configuring syslog-ng on relay hosts
6.14.1.1. Change an old source driver to the network() driver
7.1.1. Prerequisites
7.2.1. Prerequisites
7.4.1. Prerequisites
7.4.2. How syslog-ng PE interacts with HDFS
7.4.3. Storing messages with MapR-FS
7.5.1. Prerequisites
7.7.1. How syslog-ng PE connects the MongoDB server
7.15.1.1. Change an old destination driver to the network() driver
10.2.1. Configuring TLS on the syslog-ng clients
10.2.2. Configuring TLS on the syslog-ng server
10.3.1. Configuring TLS on the syslog-ng clients
10.3.2. Configuring TLS on the syslog-ng server
12.1.1. How RLTP™ connections work
13.2.5.1. How conditional rewriting works
18.2. Creating syslog-ng core files
18.4. Running a failure script
19.3.1. Resolving hostnames locally
19.4. Collecting logs from chroot