On the Syslog-NG log server | ||
|---|---|---|
 | Part VI. Assorted servers and services |  |
On the Syslog-NG log server | ||
|---|---|---|
| | Part VI. Assorted servers and services | |
Table of Contents
![[Note]](http://jurjenbokma.com/ApprenticesNotes/images/admon/note.png) | Note |
|---|---|
ToDo: log over TCP instead of UDP, and encrypt communication between client and server (using a tunnel?) This document shows plain-text logging over UDP. While this is simple, it is hardly bandwidth-efficient, and certainly not secure. |
Syslog-NG
is an improvement upon syslog with regard to configurability.
We followed the SysLog-NG Administrator Guide, in which syslog-ng is documented well.
Procedure 43.
Creating a syslog-ng server
Install syslog-ng:
apt-get install syslog-ng
In /etc/syslog-ng/syslog-ng.conf.dist, configure the server to listen to incoming logs:
source s_all {
# message generated by Syslog-NG
internal();
# standard Linux log source (this is the default place for the syslog()
# function to send logs to)
unix-stream("/dev/log");
# messages from the kernel
file("/proc/kmsg" log_prefix("kernel: "));
# use the following line if you want to receive remote UDP logging messages
# (this is equivalent to the "-r" syslogd flag)
# enabled --JB 20070718
udp();
};
Restart the daemon:
/etc/init.d/syslog-ng restart
Now you can see the daemon listen on udp port 514:
netstat -lpn|grep syslog
udp 0 0 0.0.0.0:514 0.0.0.0:* 2692/syslog-ng
unix 2 [ ACC ] STREAM LISTENING 7009 2692/syslog-ng /dev/log
| |  | |
| Log analyzing Apache on Debian. |  | Creating a Syslog-NG client |