Table of Contents

syslog-ng Command and Configuration



Command

Check Configuration syslog-ng -s
syslog-ng -s -f configfile


Configuration

Format

source xxxxx{
};

filter xxxxx {
};

destination xxxxx {
};

log { source(xxxxx); filter(xxxxx); destination(xxxxx); };


Filter

Sample

filter f_demo_regexp {
    program("demo_program") and
    match("time error .* is too large .* set clock manually");
};
filter f_demo_optimized_regexp {
    program("demo_program") and
    match("time error") and
    match("is too large") and
    match("set clock manually");
};
filter     f_mesg {
    level(emerg..info)
    and not match('aaaaa')
    and not match('bbbbb')
    and not(match('192.168.0.10') and match('aaa bbb ccc'))
    and not match('test');
};


Regular expressions

https://www.syslog-ng.com/technical-documents/doc/syslog-ng-open-source-edition/3.18/administration-guide/64


Remote Logging

# Remote logging
source s_remote {
    tcp(ip(0.0.0.0) port(514));
    udp(ip(0.0.0.0) port(514));
};

destination d_separatedbyhosts {
    file("/var/log/syslog-ng/$HOST/messages" owner("root") group("root") perm(0640) dir_perm(0750) create_dirs(yes));
};

log { source(s_remote); destination(d_separatedbyhosts); };