syslog-ng.conf(5)

1syslog-ng.conf(5)             File Formats Manual            syslog-ng.conf(5)
2
3
4

NAME

6       /etc/syslog-ng/syslog-ng.conf - syslog-ng configuration file
7

DESCRIPTION

9       The configuration file for syslog-ng
10
11       A  message  route in syslog-ng is made up from three parts: a source, a
12       destination and filtering rules.
13
14

SOURCES

16       You can declare source statements using the "source" keyword:
17
18       source <sourcename> { sourcedriver params; sourcedriver params; ... };
19
20       Sourcename is an identifier you'll use to refer to this group  of  mes‐
21       sages.   Sourcedriver  is a method of getting a given message. The fol‐
22       lowing drivers are available:
23
24       * file <filename> - reads messages from the given file
25
26       * unix-dgram <filename>  -  reads  messages  from  the  given  AF_UNIX,
27       SOCK_DGRAM socket (BSDi style)
28
29       *  unix-stream  <filename>  -  reads  messages  from the given AF_UNIX,
30       SOCK_STREAM socket (Linux style)
31
32       * udp <ip>,<port> - network source using the UDP protocol.  If  you  do
33       not want to bind to a specific interface use 0.0.0.0.
34
35       * tcp <ip>,<port> - network source using the TCP protocol.
36
37       * sun-streams <filename> - local source used on Solaris systems
38
39

DESTINATIONS

41       Destinations can be created using the destination keyword:
42
43       destination <destname> { destdriver params; destdriver params; ... ; };
44
45       * file <filename> - writes messages to the given file
46
47       *  unix-dgram  <filename>  -  writes  messages  to  the  given AF_UNIX,
48       SOCK_DGRAM socket (BSDi style)
49
50       * unix-stream <filename>  -  writes  messages  to  the  given  AF_UNIX,
51       SOCK_STREAM socket (Linux style)
52
53       * udp <ip>,<port> - network destination using the UDP protocol
54
55       * tcp <ip>,<port> - network destination using the TCP protocol
56
57       * usertty <username> - sends log to the given user's terminal
58
59

FILTERS

61       You can create filters using the filter keyword:
62
63       filter <filtername> { expression; };
64
65       Where  expression  is  a  simple boolean expression. You can use "and",
66       "or" and "not" to connect builtin functions. Functions can be one of:
67
68       * facility(list of comma seperated facility names)
69
70       * level(list of comma seperated priority nammes OR a range separated by
71       "..")
72
73       * program(regexp to match program name)
74
75       * host(regexp to match program name)
76
77       * match(regexp to match program name)
78
79

LOG STATEMENTS

81       You can connect sources and destinations using the log statement:
82
83       log  {  source S1; source S2; ... filter F1; filter F2; ... destination
84       D1; destination D2; ... };
85
86       Where Sx refers to one of the declared log sources, Fx one of the  fil‐
87       ters and Dx one of the destinations.
88
89       Filters are ANDed together.
90
91

OPTIONS

93       You  can  specify  several  global  options to syslog-ng in the options
94       statement:
95
96       options { opt1; opt2; ... };
97
98       Where an option can be any of the following:
99
100
101
102       chain_hostnames(yes|no)
103              Enable or disable the chained hostname format.
104
105
106       long_hostnames(yes|no)
107              This is a deprecated alias for chain_hostnames().
108
109
110       keep_hostname(yes|no)
111              Specifies whether to trust hostname as it is included in the log
112              message.  If keep_hostname is yes and there is a hostname in the
113              message it is not touched,  otherwise  it  is  always  rewritten
114              based on the information where the message was received from.
115
116
117       use_dns(yes|no)
118              Enable  or  disable DNS usage.  syslog-ng blocks on DNS queries,
119              so enabling DNS may lead to a Denial of Service attack.  To pre‐
120              vent  DoS, protect your syslog-ng network endpoint with firewall
121              rules, and make sure that all hosts, which may get to  syslog-ng
122              is resolvable.
123
124
125       use_fqdn(yes|no)
126              Add Fully Qualified Domain Name instead of short hostname.
127
128
129       check_hostname(yes|no)
130              Enable  or  disable  whether the hostname contains valid charac‐
131              ters.
132
133
134       bad_hostname(regex)
135              A regexp which matches hostnames which should not  be  taken  as
136              such.
137
138
139       dns_cache(yes|no)
140              Enable or disable DNS cache usage.
141
142
143       dns_cache_expire(n)
144              Number of seconds while a successful lookup is cached.
145
146
147       dns_cache_expire_failed(n)
148              Number of seconds while a failed lookup is cached.
149
150
151       dns_cache_size(n)
152              Number of hostnames in the DNS cache.
153
154
155       create_dirs(yes|no)
156              Enable or disable directory creation for destination files.
157
158
159       dir_owner(uid)
160              User id.
161
162
163       dir_group(gid)
164              Group id.
165
166
167       dir_perm(perm)
168              Permission value (octal mask).
169
170
171       owner(uid)
172              User id for created files.
173
174
175       group(gid)
176              Group id for created files.
177
178
179       perm(perm)
180              Permission value for created files.
181
182
183       gc_busy_threshold(n)
184              Sets the threshold value for the garbage collector, when syslog-
185              ng is busy.  GC  phase  starts  when  the  number  of  allocated
186              objects reach this number.  Default: 3000.
187
188
189       gc_idle_threshold(n)
190              Sets the threshold value for the garbage collector, when syslog-
191              ng is idle.  GC  phase  starts  when  the  number  of  allocated
192              objects reach this number.  Default: 100.
193
194
195       log_fifo_size(n)
196              The number of lines fitting to the output queue. An output queue
197              is present for all destinations.
198
199
200       log_msg_size(n)
201              Maximum length of message in bytes (NOTE: some syslogd implemen‐
202              tations have a fixed limit of 1024 characters).
203
204
205       mark(n)
206              The  number of seconds between two MARK lines.  NOTE: not imple‐
207              mented yet.
208
209
210       stats(n)
211              The number of seconds between two STATS messages.
212
213
214       sync(n)
215              The number of lines buffered before  written  to  file  (can  be
216              overridden locally).
217
218
219       time_reap(n)
220              The time to wait before an idle destination file is closed.
221
222
223       time_reopen(n)
224              The time to wait before a died connection is reestablished.
225
226
227       use_time_recvd(yes|no)
228              This variable is used only for macro expansion where the meaning
229              of the time specific macros depend on this setting,  however  as
230              there  are  separate  macros for referring to the received time‐
231              stamp (R_ macros) and the log message timestamp (S_),  so  using
232              this value is not recommended.
233
234

FILES

236       /etc/syslog-ng/syslog-ng.conf
237

COPYRIGHT

239       syslog-ng and this file is Copyright (c) 1999-2004 BalaBit IT Ltd, por‐
240       tions were contributed by Jose Pedro Oliveira.
241
242