Sending via syslog-ng

  • Syslog-ng is an open source implementation of the syslog protocol.
  • It has several additional functionalities when compared to syslog including filters, flexible configuration, TPC support, SSL, and more. 
  • It usually consists of a configuration file (usually /etc/syslog-ng/syslog-ng.conf) and a directory (usually /etc/syslog-ng/conf.d/) to store the filters and templates for processing syslog-ng rules in a structured form and separated by files.

See below how to manually configure syslog-ng to forward the system internal events to an external relay.

For the primary Linux distributions, this configuration can be done automatically.

Configuration

To forward the internal logs of a system to a Devo relay over TCP, add the following line to the /etc/syslog-ng/syslog-ng.conf configuration file: 

source s_src {
       system();
       internal();
};
destination d_devo_unix {tcp("DEVO-RELAY" port(PORT)
                            template("<$PRI>$DATE $HOST box.unix.$PROGRAM: $MESSAGE\n"));};
log { source(s_src); destination(d_devo_unix); };
  • Replace DEVO-RELAY and PORT with the server name and port of the Devo relay. To view a list of active relays, go to Administration → Relays in the Devo web application.
  • The destination statement directs syslog-ng to forward events from syslog to the machine specified by the DEVO-RELAY:PORT combination. 

Now restart syslog-ng:

/etc/init.d/syslog-ng restart

Use the logger command to send test messages. 

$ logger "Hello from an unsecure log source1"
$ logger "Hello from an unsecure log source2"
$ logger "Hello from an unsecure log source3"
$ logger "Hello from an unsecure log source4"
$ logger "Hello from an unsecure log source5"

In the Devo web application, go to Data Search, locate the box.unix table and make sure that the logger messages appear in the table.

If the system has SELinux enabled in enforcing mode (run the getenforce command to check the status), it may be necessary to add exceptions to the SELinux policy. See SELinux policy for more information.

Have we answered your question?

If not, please contact our technical support team via email by clicking the button below.

CONTACT US