Good day,
I’m trying to find out how to configure syslog-ng to send it’s messages to a reporting server? Also I’m trying to find some good configuration materials, and I have not really had much success. If someone can assist me in find the documentation for this product that would be great. I have a mixture of SLES10/11 servers and I would like to test syslog-ng on those servers, before putting this into the production network.
Thank you,
DS
Hi ds,
from you description I’m assuming that you want to forward syslog messages from your local syslog-ng to a common/central/… syslog-ng server. If you meant a different kind of “reporting server”, please be more specific.
Here’s a sample /etc/syslog-ng/syslog-ng.conf:
options { long_hostnames(off); sync(0); perm(0640); stats(3600); };
source src {
internal();
unix-dgram("/dev/log");
};
destination remoteserver { udp( "192.168.1.2" port( 514)); };
destination localserver { file( "/var/log/messages" fsync(no)); };
log { source(src); destination( remoteserver); };
log { source(src); destination( localserver); };
This will both send the messages to syslog on server 192.168.1.2 and to a local message file. “destination” configures available destinations, “log” configures actual logging actions. You’ll have to put in the right IP address for your common server in the config statement for “destination remoteserver”.
There’s no need to log to both remote and local - depending on your needs, you might have a sole remote destination.
Make sure you’re allowing incoming messages from the network with your central logging server.
“man syslog-ng” is rather brief, but refers to “The syslog-ng Administrator Guide”, which I just had a look at… seems to be full of white papers, anything specific you’re missing?
Regards
Jens