This is Gentoo's testing wiki. It is a non-operational environment and its textual content is outdated.
Please visit our production wiki at https://wiki.gentoo.org
Syslog-ng
syslog-ng is a powerful, massively configurable monitoring and logging daemon.
Installation
USE flags
USE flags for app-admin/syslog-ng syslog replacement with advanced filtering features
amqp
|
Enable support for AMQP destinations |
caps
|
Use Linux capabilities library to control privilege |
dbi
|
Enable dev-db/libdbi (database-independent abstraction layer) support |
geoip2
|
Add support for geo lookup based on IPs via dev-libs/libmaxminddb |
grpc
|
Enable GRPC based driver support (OpenTelemetry) via net-libs/grpc |
http
|
Enable support for HTTP destinations |
json
|
Enable support for JSON template formatting via dev-libs/json-c |
kafka
|
Enable support for Kafka destinations |
mongodb
|
Enable support for mongodb destinations |
mqtt
|
Enable MQTT support via net-libs/paho-mqtt-c |
pacct
|
Enable support for reading Process Accounting files (EXPERIMENTAL, Linux only) |
python
|
Add optional support/bindings for the Python language |
redis
|
Enable support for Redis destinations |
smtp
|
Enable support for SMTP destinations |
snmp
|
Add support for the Simple Network Management Protocol if available |
spoof-source
|
Enable support for spoofed source addresses |
systemd
|
Enable use of systemd-specific libraries and features like socket activation or session tracking |
tcpd
|
Add support for TCP wrappers |
test
|
Enable dependencies and/or preparations necessary to run tests (usually controlled by FEATURES=test but can be toggled independently) |
Emerge
Install app-admin/syslog-ng:
root #emerge --ask app-admin/syslog-ngIt is a bad idea to run more than one system logger on a physical host. Other local loggers should be removed or disabled.
Additional software
When using a system logger such as syslog-ng, it is a wise idea to install log rotation software to appropriately trim the logs as they consume more disk space. Logrotate is a fine option:
root #emerge --ask app-admin/logrotateConfiguration
The default configuration provided by the ebuild is quite minimal. For a more comprehensive configuration see the configuration provided for Hardened Gentoo in:
/usr/share/doc/syslog-ng-*/syslog-ng.conf.gentoo.hardened.bz2
Files
The default source for syslog messages is:
/etc/syslog-ng/syslog-ng.confsource src { unix-stream("/dev/log"); internal(); };
If the system is running systemd, the default source needs to be changed to the following[1]:
/etc/syslog-ng/syslog-ng.confsource src { systemd-journal(); internal(); };
Service
OpenRC
Add the syslog-ng daemon to the default runlevel so that logging starts on system boot:
root #rc-update add syslog-ng defaultStart the syslog-ng daemon now:
root #rc-service syslog-ng startsystemd
To start the syslog-ng daemon when the system boots enable the service:
root #systemctl enable syslog-ng@defaultTo start the daemon now:
root #systemctl start syslog-ng@defaultSee also
- syslog-ng (Security Handbook) - The system logging with syslog-ng is covered in the Security Handbook.
- Rsyslog
External resources
References
- ↑ Balabit. Collecting messages from the systemd-journal system log storage, The syslog-ng Open Source Edition 3.7 Administrator Guide, January 22nd, 2016. Retrieved on January 30th, 2016.