Syslog-ng
syslog-ng is Article description::a powerful, highly configurable monitoring and logging daemon.
Installation
USE flags
USE flags for app-admin/syslog-ng syslog replacement with advanced filtering features
amqp
|
Enable support for AMQP destinations |
caps
|
Use Linux capabilities library to control privilege |
dbi
|
Enable dev-db/libdbi (database-independent abstraction layer) support |
geoip2
|
Add support for geo lookup based on IPs via dev-libs/libmaxminddb |
http
|
Enable support for HTTP destinations |
ipv6
|
Add support for IP version 6 |
json
|
Enable support for JSON template formatting via dev-libs/json-c |
kafka
|
Enable support for Kafka destinations |
libressl
|
Use dev-libs/libressl instead of dev-libs/openssl when applicable (see also the ssl useflag) |
mongodb
|
Enable support for mongodb destinations |
pacct
|
Enable support for reading Process Accounting files (EXPERIMENTAL, Linux only) |
python
|
Add optional support/bindings for the Python language |
redis
|
Enable support for Redis destinations |
smtp
|
Enable support for SMTP destinations |
snmp
|
Add support for the Simple Network Management Protocol if available |
spoof-source
|
Enable support for spoofed source addresses |
systemd
|
Enable use of systemd-specific libraries and features like socket activation or session tracking |
tcpd
|
Add support for TCP wrappers |
test
|
Enable dependencies and/or preparations necessary to run tests (usually controlled by FEATURES=test but can be toggled independently) |
Emerge
Install app-admin/syslog-ng:
root #emerge --ask app-admin/syslog-ngIt is a bad idea to run more than one system logger on a physical host. Other local loggers should be removed or disabled.
Additional software
When using a system logger such as syslog-ng, it is a wise idea to install log rotation software to appropriately trim the logs as they consume more disk space. Logrotate is a fine option:
root #emerge --ask app-admin/logrotateConfiguration
The default configuration provided by the ebuild is quite minimal. For a more comprehensive configuration see the configuration provided for Hardened Gentoo in:
/usr/share/doc/syslog-ng-*/syslog-ng.conf.gentoo.hardened.bz2
Files
The default source for syslog messages is:
/etc/syslog-ng/syslog-ng.confsource src { unix-stream("/dev/log"); internal(); };
If the system is running systemd, the default source needs to be changed to the following[1]:
/etc/syslog-ng/syslog-ng.confsource src { systemd-journal(); internal(); };
Service
OpenRC
Add the syslog-ng daemon to the default runlevel so that logging starts on system boot:
root #rc-update add syslog-ng defaultStart the syslog-ng daemon now:
root #rc-service syslog-ng startsystemd
To start the syslog-ng daemon when the system boots enable the service:
root #systemctl enable syslog-ng@defaultTo start the daemon now:
root #systemctl start syslog-ng@defaultSee also
- syslog-ng (Security Handbook) - The system logging with syslog-ng is covered in the Security Handbook.
- Rsyslog — an open source software used on UNIX and Unix-like computer systems for forwarding log messages in an IP network.
External resources
References
- ↑ Balabit. Collecting messages from the systemd-journal system log storage, The syslog-ng Open Source Edition 3.7 Administrator Guide, January 22nd, 2016. Retrieved on January 30th, 2016.