Syslog-ng Installation

syslog-ng can be used to collect local syslog messages & monitor log files on your servers and then forward them to Loggly.

syslog-ng OSE is an open source alternative to the standard syslog daemon that's commonly found on UNIX and UNIX-like (*nix) systems. It uses the basic syslog protocol, but extends it with content-based filtering, flexible configuration options and adds important features, such as using TCP (as well as TLS), which is much more reliable than UDP. syslog-ng OSE is developed by Balabit. Great documentation for advanced configuration is available on their web site, but we'll share a standard config here.

Installation

Using a Package Manager

Depending on your Linux distribution you can use yum or APT (do this with root or sudo privileges):

# apt-get install syslog-ng

You will most likely need to enable Extra Packages for Enterprise Linux (EPEL)

# yum install syslog-ng

Configure either using our Configure-syslog script or manually.

Compiling From Source

Download syslog-ng source code & eventlog source code. Install both eventlog & syslog-ng. Eventlog is a generic event logging library developed by Balabit. Once you've unzipped both packages (evenlog_x.x.xx.tar.gz & syslog-ng-x.xx.tar.gz), do this in each of those directories:

$ ./configure
$ make
$ sudo make install

Configure either using our Configure-syslog script or manually.

On Amazon EC2

The Amazon EC2 Linux distribution includes rsyslog by default. First you must remove rsyslog. Use rpm instead of yum so you keep the dependencies you need to access the machine. Enable the epel repo because it’s not enabled by default. Also grab the syslog-ng-libdbi dependency because it’s not pulled by yum automatically.

sudo rpm -e --nodeps rsyslog
sudo yum install --enablerepo=epel syslog-ng
sudo yum install --enablerepo=epel syslog-ng-libdbi
sudo /etc/init.d/syslog-ng start

Configure either using our Configure-syslog script or manually.

Check your syslog-ng version

You'll need to know which version of syslog-ng you've got installed. We recommend running on the latest, but at least version 3.2 for best results.

$ syslog-ng -V
Thanks for the feedback! We'll use it to improve our support documentation.


Top