Syslog-NG
Main site: http://www.balabit.hu/en/downloads/syslog-ng/
Unofficial FAQ: http://www.campin.net/syslog-ng/faq.html
Misc. config info: http://www.campin.net/newlogcheck.html
Flexible and extensible syslog daemon. Stolen from JohnVanVoorhies notes.
syslog-ng.conf
- Source
http://www.balabit.hu/static/syslog-ng/reference/reference.html
- input sources to syslog; can be network socket, named pipe, file
- example below: configure to listen on tcp and udp ports (default 514) as well as internal and normal syslog source
source src {
unix-dgram("/dev/log");
internal();
tcp();
udp();
};
- Filter
http://www.balabit.hu/static/syslog-ng/reference/x530.html#FILTERFUNC
- perform log routinging within the program
- example below: configure to match word deny from host blurp
filter f_blurp_deny { host("blurp") and match("deny"); };
- Destination
- deliver log files to any of file, pipe, network socket, program
Configuration
- To replace klog:
source src { unix-stream("/dev/log");
internal();
pipe("/proc/kmsg");
- [create new source for logging info if not already present]
- create a filter to match log information on (possibly by hostname)
- create a log destination (possibly a filename or directory tree)
- create a destination statement using the filter and log destination specified above
email notification script: http://lists.balabit.hu/pipermail/syslog-ng/2002-February/002936.html
Related Links
BackLog - Windows event log --> syslog convertor
- Ties into Swatch