syslog-ng can be used to collect local syslog messages & monitor log files on your servers and then forward them to Loggly.
syslog-ng OSE is an open source alternative to the standard syslog daemon that's commonly found on UNIX and UNIX-like (*nix) systems. It uses the basic syslog protocol, but extends it with content-based filtering, flexible configuration options and adds important features, such as using TCP (as well as TLS), which is much more reliable than UDP. syslog-ng OSE is developed by Balabit. Great documentation for advanced configuration is available on their web site, but we'll share a standard config here.
Using a Package Manager
Depending on your Linux distribution you can use yum or APT (do this with root or sudo privileges):
# apt-get install syslog-ng
You will most likely need to enable Extra Packages for Enterprise Linux (EPEL)
# yum install syslog-ng
Compiling From Source
Download syslog-ng source code & eventlog source code. Install both eventlog & syslog-ng. Eventlog is a generic event logging library developed by Balabit. Once you've unzipped both packages (evenlog_x.x.xx.tar.gz & syslog-ng-x.xx.tar.gz), do this in each of those directories:
$ ./configure $ make $ sudo make install
On Amazon EC2
The Amazon EC2 Linux distribution includes rsyslog by default. First you must remove rsyslog. Use rpm instead of yum so you keep the dependencies you need to access the machine. Enable the epel repo because it’s not enabled by default. Also grab the syslog-ng-libdbi dependency because it’s not pulled by yum automatically.
sudo rpm -e --nodeps rsyslog sudo yum install --enablerepo=epel syslog-ng sudo yum install --enablerepo=epel syslog-ng-libdbi sudo /etc/init.d/syslog-ng start
Check your syslog-ng version
You'll need to know which version of syslog-ng you've got installed. We recommend running on the latest, but at least version 3.2 for best results.
$ syslog-ng -V