Syslog-ng

From Gentoo Wiki
Jump to: navigation, search

syslog-ng is a powerful, massively configurable monitoring and logging daemon.

Installation

USE flags

USE flags for app-admin/syslog-ng syslog replacement with advanced filtering features

amqp Enable support for AMQP destinations local
caps Use Linux capabilities library to control privilege global
dbi Enable dev-db/libdbi (database-independent abstraction layer) support global
geoip2 Add support for geo lookup based on IPs via dev-libs/libmaxminddb local
http Enable support for HTTP destinations local
json Enable support for JSON template formatting via dev-libs/json-c local
mongodb Enable support for mongodb destinations local
pacct Enable support for reading Process Accounting files (EXPERIMENTAL, Linux only) local
redis Enable support for Redis destinations local
smtp Enable support for SMTP destinations local
spoof-source Enable support for spoofed source addresses local
tcpd Add support for TCP wrappers global

Emerge

Install app-admin/syslog-ng:

root #emerge --ask app-admin/syslog-ng
Note
It is a bad idea to run more than one system logger on a physical host. Other local loggers should be removed or disabled.

Additional software

When using a system logger such as syslog-ng, it is a wise idea to install log rotation software to appropriately trim the logs as they consume more disk space. Logrotate is a fine option:

root #emerge --ask app-admin/logrotate

Configuration

The default configuration provided by the ebuild is quite minimal. For a more comprehensive configuration see the configuration provided for Hardened Gentoo in:

/usr/share/doc/syslog-ng-*/syslog-ng.conf.gentoo.hardened.bz2

Files

The default source for syslog messages is:

FILE /etc/syslog-ng/syslog-ng.conf
source src { unix-stream("/dev/log"); internal(); };

If the system is running systemd, the default source needs to be changed to the following[1]:

FILE /etc/syslog-ng/syslog-ng.conf
source src { systemd-journal(); internal(); };

Service

OpenRC

Add the syslog-ng daemon to the default runlevel so that logging starts on system boot:

root #rc-update add syslog-ng default

Start the syslog-ng daemon now:

root #rc-service syslog-ng start

systemd

To start the syslog-ng daemon when the system boots enable the service:

root #systemctl enable syslog-ng@default

To start the daemon now:

root #systemctl start syslog-ng@default

See also

External resources

References