PZolee's blog

Software testing

About me



Name:
Zoltán Pallagi

Bio:
Job title: Senior software tester engineer, Age: 29. Degree: Information Technology Engineer (BMF). More information

Join to syslog-ng community:

Archives

<<
>>

syslog-ng example configurations

Monday, October 18, 2010 @ 09:10 PM Author: Zoltán Pallagi

I’ve just checked the keywords of Google Analytics results of my blog and realized that many people had looked for example syslog-ng configurations. So I wrote a few examples for common scenarios. I tried them with syslog-ng v3.2 but they should work for syslog-ng v3.x as well.
Fore more examples and details see the documentation of syslog-ng: examples

For starting, here is a very simply syslog-ng configuration(about version string see the documentation: config version), that will read logs from s_file and write them into d_file:

@version: 3.2
source s_file{file("/var/log/inputfile*.log" follow-freq(1));};
destination d_file{file("/var/log/messages");};
log{
source(s_file);
destination (d_file);
};

Using TCP destination instead of file:


@version: 3.2
source s_file{file("/var/log/inputfile*.log" follow-freq(1));};
destination d_tcp{tcp("1270.0.1" port(514));};
log{
source(s_file);
destination (d_tcp);
};

Using template in file destination and TCP source instead of file:


@version: 3.2
source s_tcp{tcp(port(514));};
destination d_file{file("/var/log/messages"
template("$HOST $ISODATE mymessage: $MSGn"));};
log{
source(s_tcp);
destination (d_file);
};

Reading the content of a file without parsing (syslog-ng tries to parse file content as BSD format message by default and uses the first word of it as the value of $PROGRAM macro. Sometimes, it’s not really useful.):


@version: 3.2
source s_file{file("/var/log/inputfile*.log" flags(no-parse) follow-freq(1));};
destination d_file{file("/var/log/messages"
template("$HOST $ISODATE $MSGn")
);};
log{
source(s_file);
destination (d_file);
};

To use filter:


@version: 3.2
source s_file{file("/var/log/inputfile*.log" flags(no-parse) follow-freq(1));};
destination d_file{file("/var/log/messages"
template("$HOST $ISODATE $MSGn")
);};
filter f_filter{match("testmessage");};
log{
source(s_file);
filter(f_filter);
destination (d_file);
};

Collecting system logs:


@version: 3.2
source s_local {
internal(); # syslog-ng internal logs
#It will work on the most Linux but you should use the defaults of your distribution
unix-stream("/dev/log");
file("/proc/kmsg" program_override("kernel"));
};
destination d_file{file("/var/log/messages");};
log{
source(s_local);
destination (d_file);
};

Using flow-control for log path:


@version: 3.2
#Global options
options {
keep_hostname(yes);
};
source s_tcp{tcp(port(514));};
destination d_syslog{syslog("destserver" port(514));};
log {
source (s_tcp);
destination (d_syslog);
flags(flow-control);
};

Finally, an example for using SQL destination:

@version: 3.2
source s_file{file("/var/log/inputfile*.log" follow-freq(1));};
destination d_sql {
sql(
type("mysql")
host("10.100.20.46")
username("test_user")
password("password")
database("test_db")
table("testtable-$YEAR-$MONTH-$DAY")
columns("insert_time int", "date_time varchar(32)", "facility int", "priority int", "host varchar(255)", "program varchar(64)", "pid int", "message varchar(4000)")
values("${R_UNIXTIME}", "${S_YEAR}-${S_MONTH}-${S_DAY} ${S_HOUR}:${S_MIN}:${S_SEC}", "$FACILITY_NUM", "$LEVEL_NUM", "$HOST", "$PROGRAM", "${PID:-0}", "$MSGONLY")
indexes("insert_time", "date_time", "facility", "host", "program")
);
};
log{
source (s_file);
destination (d_sql);
};

Tags: , ,