From Gentoo Wiki
Jump to: navigation, search

syslog-ng is a powerful, highly configurable monitoring and logging daemon.


USE flags

USE flags for app-admin/syslog-ng syslog replacement with advanced filtering features

amqp Enable support for AMQP destinations
caps Use Linux capabilities library to control privilege
geoip2 Add support for geo lookup based on IPs via dev-libs/libmaxminddb
http Enable support for HTTP destinations
json Enable support for JSON template formatting via dev-libs/json-c
kafka Enable support for Kafka destinations
mongodb Enable support for mongodb destinations
pacct Enable support for reading Process Accounting files (EXPERIMENTAL, Linux only)
redis Enable support for Redis destinations
smtp Enable support for SMTP destinations
spoof-source Enable support for spoofed source addresses
tcpd Add support for TCP wrappers


Install app-admin/syslog-ng:

root #emerge --ask app-admin/syslog-ng
It is a bad idea to run more than one system logger on a physical host. Other local loggers should be removed or disabled.

Additional software

When using a system logger such as syslog-ng, it is a wise idea to install log rotation software to appropriately trim the logs as they consume more disk space. Logrotate is a fine option:

root #emerge --ask app-admin/logrotate


The default configuration provided by the ebuild is quite minimal. For a more comprehensive configuration see the configuration provided for Hardened Gentoo in:



The default source for syslog messages is:

FILE /etc/syslog-ng/syslog-ng.conf
source src { unix-stream("/dev/log"); internal(); };

If the system is running systemd, the default source needs to be changed to the following[1]:

FILE /etc/syslog-ng/syslog-ng.conf
source src { systemd-journal(); internal(); };



Add the syslog-ng daemon to the default runlevel so that logging starts on system boot:

root #rc-update add syslog-ng default

Start the syslog-ng daemon now:

root #rc-service syslog-ng start


To start the syslog-ng daemon when the system boots enable the service:

root #systemctl enable syslog-ng@default

To start the daemon now:

root #systemctl start syslog-ng@default

See also

External resources