syslog-ng
syslog-ng is a syslogd replacement that supports IPv6 and is capable of transferring log messages reliably using TCP and SSL and filtering the content of messages using regular expressions. It has several macros that allow users to dynamically create target directories and files or reformat messages.
| Tags | Logging |
|---|---|
| Licenses | GPL |
| Operating Systems | POSIX AIX BSD FreeBSD NetBSD OpenBSD IRIX Linux Solaris |
| Implementation | C |
Recent releases
- 30 May 2009 21:53
Changes: A large number of bugfixes and some minor enhancements were made.
- 18 Jan 2009 15:16
Changes: This major release adds significant features like SSL support, message parsing and rewriting, a new statistics subsystem, and more.
- 27 Nov 2007 11:01
Changes: This release fixes two denial of service issues and a couple of other bugs.
- 10 Sep 2007 04:06
Changes: The configure script was fixed to automatically detect whether libnet is installed and to disable spoof-source support if it isn't. The processing of the global log_fifo_size() option was fixed; in some cases, the global option did not have an effect. Possible blocking on /proc/kmsg during boot, when a great number of messages kernel messages are generated, was fixed. A possible segfault during the syslog-ng exit procedure was fixed. This could be triggered by stopping a syslog-ng instance after it had been reloaded at least once.
- 07 Jul 2005 04:57
Changes: This release adds major bugfixes and a documentation update.
- All comments
Recent commentsRe: syslog-ng not able to specify listening address?
> I can't seem to find any way to do this
> ... any suggestions?
>
> It doesn't seem as if there is a config
> or command-line option to tell syslog-ng
> to only listen on a certain IP address.
> This would be very useful, as I have a
> logging server that I want to have
> multiple IP addresses and different
> configs of syslog-ng listening on each.
>
> Does this exist and I'm not seeing it,
> or should it be a feature request?
Hey,
You define "sources" to do that. So, lets say you've got a management server with an internal ip of 10.1.10.1. You want the servers in the network to relay their logs to it. You can set your server to listen on that port by doing this in your syslog-ng.conf:
source s_internal_network {
#Receives messages on this boxes internal interface on port 1234.
tcp(ip(10.1.10.1) port(1234) max-connections(30));
};
Then configure a destination and a filter if necessary, then restart syslog-ng. if you do a netstat -pantu you will see that syslog-ng is listening on 10.1.10.1 port 1234.
Hope that helps. The manual is pretty easy to follow, unlike most dry and terrible documentation associated with linux tools, so check it out!
syslog-ng webmin module
I love anything with "-ng" after its name and this software is a perfect example of why. Really like it. The only thing hangign us up with it is that there is no webmin module for it. Let's face it, some people, even me, from time to time, need a GUI, and the regular syslog module in webmin does not work. If any one knocked down this issue, we would be forever in your debt.
Peace. Love. Linux.
Jason
syslog-ng not able to specify listening address?
I can't seem to find any way to do this ... any suggestions?
It doesn't seem as if there is a config or command-line option to tell syslog-ng to only listen on a certain IP address. This would be very useful, as I have a logging server that I want to have multiple IP addresses and different configs of syslog-ng listening on each.
Does this exist and I'm not seeing it, or should it be a feature request?
Re: Syslog-ng best thing since sliced bread
> The ability to send the log stream to
> the stdin of a program is a feature you
> just can't find anywhere else.
I don't know if this was the case back then, but with current versions of syslogd you can. From the manpage of syslogd version 1.4.1:
kern.=debug |/usr/adm/debug
This sends kernel debug messages to a FIFO from which another program can read. Though to make it appear on stdin you'd have to wrap it with a shell redirect using cat.
network logging doesn't work well yet
I'm in need of a network logging solution which can survive network outages.
It appears syslog-ng does not perform well. When I gave it a remote network destination, It only logged to a single file and no messages appeared in any of the designated files. When I removed the remote destination from the configuration, things worked properly. I assume it is blocking on writes to the network.
Worse, errors in the config file result in a message like
parse error at 11
Parse error reading configuration file, exiting.
Not exactly illuminating. Eventually I found out how to specify a remote destination thanks to google :
destination central { tcp(10.21.0.3 port(514) ); };
Of course, the documentation on the web site was pretty much useless, with a single trite sentence documenting the tcp destination.
The documentation will doubtless improve as the product matures, but I don't know if this software has the necessary architecture to reliably deliver messages to remote machines in the face of network outages or local daemon restarts.