syslog-ng.conf(5) syslog-ng.conf(5)
NAME
/etc/syslog-ng/syslog-ng.conf - syslog-ng configuration file
DESCRIPTION
The configuration file for syslog-ng
A message route in syslog-ng is made up from three parts: a source, a
destination and filtering rules.
SOURCES
You can declare source statements using the "source" keyword:
source <sourcename> { sourcedriver params; sourcedriver params; ... };
Sourcename is an identifier you'll use to refer to this group of
messages. Sourcedriver is a method of getting a given message. The
following drivers are available:
* file <filename> - reads messages from the given file
* unix-dgram <filename> - reads messages from the given AF_UNIX,
SOCK_DGRAM socket (BSDi style)
* unix-stream <filename> - reads messages from the given AF_UNIX,
SOCK_STREAM socket (Linux style)
* udp <ip>,<port> - network source using the UDP protocol. If you do
not want to bind to a specific interface use 0.0.0.0.
* tcp <ip>,<port> - network source using the TCP protocol.
* sun-streams <filename> - local source used on Solaris systems
DESTINATIONS
Destinations can be created using the destination keyword:
destination <destname> { destdriver params; destdriver params; ... ;
};
* file <filename> - writes messages to the given file
* unix-dgram <filename> - writes messages to the given AF_UNIX,
SOCK_DGRAM socket (BSDi style)
* unix-stream <filename> - writes messages to the given AF_UNIX,
SOCK_STREAM socket (Linux style)
* udp <ip>,<port> - network destination using the UDP protocol
- 1 - Formatted: April 19, 2024
syslog-ng.conf(5) syslog-ng.conf(5)
* tcp <ip>,<port> - network destination using the TCP protocol
* usertty <username> - sends log to the given user's terminal
FILTERS
You can create filters using the filter keyword:
filter <filtername> { expression; };
Where expression is a simple boolean expression. You can use "and",
"or" and "not" to connect builtin functions. Functions can be one of:
* facility(list of comma seperated facility names)
* level(list of comma seperated priority nammes OR a range separated
by "..")
* program(regexp to match program name)
* host(regexp to match host name)
* match(regexp to match the contents of the message)
LOG STATEMENTS
You can connect sources and destinations using the log statement:
log { source S1; source S2; ... filter F1; filter F2; ... destination
D1; destination D2; ... };
Where Sx refers to one of the declared log sources, Fx one of the
filters and Dx one of the destinations.
Filters are ANDed together.
OPTIONS
You can specify several global options to syslog-ng in the options
statement:
options { opt1; opt2; ... };
Where an option can be any of the following:
chain_hostnames(yes|no)
Enable or disable the chained hostname format.
- 2 - Formatted: April 19, 2024
syslog-ng.conf(5) syslog-ng.conf(5)
long_hostnames(yes|no)
This is a deprecated alias for chain_hostnames().
keep_hostname(yes|no)
Specifies whether to trust hostname as it is included in the log
message. If keep_hostname is yes and there is a hostname in the
message it is not touched, otherwise it is always rewritten based
on the information where the message was received from.
use_dns(yes|no)
Enable or disable DNS usage. syslog-ng blocks on DNS queries, so
enabling DNS may lead to a Denial of Service attack. To prevent
DoS, protect your syslog-ng network endpoint with firewall rules,
and make sure that all hosts, which may get to syslog-ng is
resolvable.
use_fqdn(yes|no)
Add Fully Qualified Domain Name instead of short hostname.
check_hostname(yes|no)
Enable or disable whether the hostname contains valid characters.
bad_hostname(regex)
A regexp which matches hostnames which should not be taken as
such.
dns_cache(yes|no)
Enable or disable DNS cache usage.
dns_cache_expire(n)
Number of seconds while a successful lookup is cached.
dns_cache_expire_failed(n)
Number of seconds while a failed lookup is cached.
dns_cache_size(n)
Number of hostnames in the DNS cache.
create_dirs(yes|no)
Enable or disable directory creation for destination files.
- 3 - Formatted: April 19, 2024
syslog-ng.conf(5) syslog-ng.conf(5)
dir_owner(uid)
User id.
dir_group(gid)
Group id.
dir_perm(perm)
Permission value (octal mask).
owner(uid)
User id for created files.
group(gid)
Group id for created files.
perm(perm)
Permission value for created files.
gc_busy_threshold(n)
Sets the threshold value for the garbage collector, when syslog-
ng is busy. GC phase starts when the number of allocated objects
reach this number. Default: 3000.
gc_idle_threshold(n)
Sets the threshold value for the garbage collector, when syslog-
ng is idle. GC phase starts when the number of allocated objects
reach this number. Default: 100.
log_fifo_size(n)
The number of lines fitting to the output queue. An output queue
is present for all destinations.
log_msg_size(n)
Maximum length of message in bytes (NOTE: some syslogd
implementations have a fixed limit of 1024 characters).
mark(n)
The number of seconds between two MARK lines. NOTE: not
implemented yet.
- 4 - Formatted: April 19, 2024
syslog-ng.conf(5) syslog-ng.conf(5)
stats(n)
The number of seconds between two STATS messages.
sync(n)
The number of lines buffered before written to file (can be
overridden locally).
time_reap(n)
The time to wait before an idle destination file is closed.
time_reopen(n)
The time to wait before a died connection is reestablished.
use_time_recvd(yes|no)
This variable is used only for macro expansion where the meaning
of the time specific macros depend on this setting, however as
there are separate macros for referring to the received timestamp
(R_ macros) and the log message timestamp (S_), so using this
value is not recommended.
FILES
/etc/syslog-ng/syslog-ng.conf
COPYRIGHT
syslog-ng and this file is Copyright (c) 1999-2004 BalaBit IT Ltd,
portions were contributed by Jose Pedro Oliveira.
SEE ALSO
syslog-ng(8), syslogd(8)
- 5 - Formatted: April 19, 2024
