1syslog-ng.conf(5) File Formats Manual syslog-ng.conf(5)
2
3
4
6 /etc/syslog-ng/syslog-ng.conf - syslog-ng configuration file
7
9 The configuration file for syslog-ng
10
11 A message route in syslog-ng is made up from three parts: a source, a
12 destination and filtering rules.
13
14
16 You can declare source statements using the "source" keyword:
17
18 source <sourcename> { sourcedriver params; sourcedriver params; ... };
19
20 Sourcename is an identifier you'll use to refer to this group of mes‐
21 sages. Sourcedriver is a method of getting a given message. The fol‐
22 lowing drivers are available:
23
24 * file <filename> - reads messages from the given file
25
26 * unix-dgram <filename> - reads messages from the given AF_UNIX,
27 SOCK_DGRAM socket (BSDi style)
28
29 * unix-stream <filename> - reads messages from the given AF_UNIX,
30 SOCK_STREAM socket (Linux style)
31
32 * udp <ip>,<port> - network source using the UDP protocol. If you do
33 not want to bind to a specific interface use 0.0.0.0.
34
35 * tcp <ip>,<port> - network source using the TCP protocol.
36
37 * sun-streams <filename> - local source used on Solaris systems
38
39
41 Destinations can be created using the destination keyword:
42
43 destination <destname> { destdriver params; destdriver params; ... ; };
44
45 * file <filename> - writes messages to the given file
46
47 * unix-dgram <filename> - writes messages to the given AF_UNIX,
48 SOCK_DGRAM socket (BSDi style)
49
50 * unix-stream <filename> - writes messages to the given AF_UNIX,
51 SOCK_STREAM socket (Linux style)
52
53 * udp <ip>,<port> - network destination using the UDP protocol
54
55 * tcp <ip>,<port> - network destination using the TCP protocol
56
57 * usertty <username> - sends log to the given user's terminal
58
59
61 You can create filters using the filter keyword:
62
63 filter <filtername> { expression; };
64
65 Where expression is a simple boolean expression. You can use "and",
66 "or" and "not" to connect builtin functions. Functions can be one of:
67
68 * facility(list of comma seperated facility names)
69
70 * level(list of comma seperated priority nammes OR a range separated by
71 "..")
72
73 * program(regexp to match program name)
74
75 * host(regexp to match program name)
76
77 * match(regexp to match program name)
78
79
81 You can connect sources and destinations using the log statement:
82
83 log { source S1; source S2; ... filter F1; filter F2; ... destination
84 D1; destination D2; ... };
85
86 Where Sx refers to one of the declared log sources, Fx one of the fil‐
87 ters and Dx one of the destinations.
88
89 Filters are ANDed together.
90
91
93 You can specify several global options to syslog-ng in the options
94 statement:
95
96 options { opt1; opt2; ... };
97
98 Where an option can be any of the following:
99
100
101
102 chain_hostnames(yes|no)
103 Enable or disable the chained hostname format.
104
105
106 long_hostnames(yes|no)
107 This is a deprecated alias for chain_hostnames().
108
109
110 keep_hostname(yes|no)
111 Specifies whether to trust hostname as it is included in the log
112 message. If keep_hostname is yes and there is a hostname in the
113 message it is not touched, otherwise it is always rewritten
114 based on the information where the message was received from.
115
116
117 use_dns(yes|no)
118 Enable or disable DNS usage. syslog-ng blocks on DNS queries,
119 so enabling DNS may lead to a Denial of Service attack. To pre‐
120 vent DoS, protect your syslog-ng network endpoint with firewall
121 rules, and make sure that all hosts, which may get to syslog-ng
122 is resolvable.
123
124
125 use_fqdn(yes|no)
126 Add Fully Qualified Domain Name instead of short hostname.
127
128
129 check_hostname(yes|no)
130 Enable or disable whether the hostname contains valid charac‐
131 ters.
132
133
134 bad_hostname(regex)
135 A regexp which matches hostnames which should not be taken as
136 such.
137
138
139 dns_cache(yes|no)
140 Enable or disable DNS cache usage.
141
142
143 dns_cache_expire(n)
144 Number of seconds while a successful lookup is cached.
145
146
147 dns_cache_expire_failed(n)
148 Number of seconds while a failed lookup is cached.
149
150
151 dns_cache_size(n)
152 Number of hostnames in the DNS cache.
153
154
155 create_dirs(yes|no)
156 Enable or disable directory creation for destination files.
157
158
159 dir_owner(uid)
160 User id.
161
162
163 dir_group(gid)
164 Group id.
165
166
167 dir_perm(perm)
168 Permission value (octal mask).
169
170
171 owner(uid)
172 User id for created files.
173
174
175 group(gid)
176 Group id for created files.
177
178
179 perm(perm)
180 Permission value for created files.
181
182
183 gc_busy_threshold(n)
184 Sets the threshold value for the garbage collector, when syslog-
185 ng is busy. GC phase starts when the number of allocated
186 objects reach this number. Default: 3000.
187
188
189 gc_idle_threshold(n)
190 Sets the threshold value for the garbage collector, when syslog-
191 ng is idle. GC phase starts when the number of allocated
192 objects reach this number. Default: 100.
193
194
195 log_fifo_size(n)
196 The number of lines fitting to the output queue. An output queue
197 is present for all destinations.
198
199
200 log_msg_size(n)
201 Maximum length of message in bytes (NOTE: some syslogd implemen‐
202 tations have a fixed limit of 1024 characters).
203
204
205 mark(n)
206 The number of seconds between two MARK lines. NOTE: not imple‐
207 mented yet.
208
209
210 stats(n)
211 The number of seconds between two STATS messages.
212
213
214 sync(n)
215 The number of lines buffered before written to file (can be
216 overridden locally).
217
218
219 time_reap(n)
220 The time to wait before an idle destination file is closed.
221
222
223 time_reopen(n)
224 The time to wait before a died connection is reestablished.
225
226
227 use_time_recvd(yes|no)
228 This variable is used only for macro expansion where the meaning
229 of the time specific macros depend on this setting, however as
230 there are separate macros for referring to the received time‐
231 stamp (R_ macros) and the log message timestamp (S_), so using
232 this value is not recommended.
233
234
236 /etc/syslog-ng/syslog-ng.conf
237
239 syslog-ng and this file is Copyright (c) 1999-2004 BalaBit IT Ltd, por‐
240 tions were contributed by Jose Pedro Oliveira.
241
242
244 syslog-ng(8), syslogd(8)
245
246
247
248
249 syslog-ng.conf(5)