1SYSLOG-NG(8) The syslog-ng manual page SYSLOG-NG(8)
2
6 syslog-ng - syslog-ng system logger application
7
9 syslog-ng [options]
10
12 This manual page is only an abstract, for the complete documentation of
13 syslog-ng, see The Administrator Guide[1] or the official syslog-ng
14 website[2].
15 The application is a flexible and highly scalable system logging
17 application. Typically, syslog-ng is used to manage log messages and
18 implement centralized logging, where the aim is to collect the log
19 messages of several devices on a single, central log server. The
20 different devices - called syslog-ng clients - all run syslog-ng, and
21 collect the log messages from the various applications, files, and
22 other sources. The clients send all important log messages to the
23 remote syslog-ng server, where the server sorts and stores them.
24
26 --caps
27 Run process with the specified POSIX capability flags.
28 · If the --no-caps option is not set, and the host supports
30 CAP_SYSLOG, uses the following capabilities:
31 "cap_net_bind_service, cap_net_broadcast, cap_net_raw,
32 cap_dac_read_search, cap_dac_override, cap_chown, cap_fowner=p
33 cap_syslog=ep"
34 · If the --no-caps option is not set, and the host does not
36 support CAP_SYSLOG, uses the following capabilities:
37 "cap_net_bind_service, cap_net_broadcast,
38 cap_net_raw,cap_dac_read_search, cap_dac_override, cap_chown,
39 cap_fowner=p cap_sys_admin=ep"
40 For example:
42 /usr/local/sbin/syslog-ng -Fv --caps cap_sys_admin,cap_chown,cap_dac_override,cap_net_bind_service,cap_fowner=pi
44 Note that the capabilities are not case sensitive, the following
46 command is also good:
47 /usr/local/sbin/syslog-ng -Fv --caps
48 CAP_SYS_ADMIN,CAP_CHOWN,CAP_DAC_OVERRIDE,CAP_NET_BIND_SERVICE,CAP_FOWNER=pi
49 For details on the capability flags, see the following man pages:
51 cap_from_text(3) and capabilities(7)
52 --cfgfile <file> or -f <file>
54 Use the specified configuration file.
55 --chroot <dir> or -C <dir>
57 Change root to the specified directory. The configuration file is
58 read after chrooting so, the configuration file must be available
59 within the chroot. That way it is also possible to reload the
60 syslog-ng configuration after chrooting. However, note that the
61 --user and --group options are resolved before chrooting.
62 --control <file> or -c <file>
64 Set the location of the syslog-ng control socket. Default value:
65 /var/run/syslog-ng.ctl
66 --debug or -d
68 Start syslog-ng in debug mode.
69 --default-modules
71 A comma-separated list of the modules that are loaded
72 automatically. Modules not loaded automatically can be loaded by
73 including the @module <modulename> statement in the configuration
74 file. The following modules are loaded by default: . Available only
75 in and later.
76 --enable-core
78 Enable syslog-ng to write core files in case of a crash to help
79 support and debugging.
80 --fd-limit <number>
82 Set the minimal number of required file descriptors (fd-s). This
83 sets how many files syslog-ng can keep open simultaneously. Default
84 value: 4096. Note that this does not override the global ulimit
85 setting of the host.
86 --foreground or -F
88 Do not daemonize, run in the foreground. When running in the
89 foreground, starts from the current directory ($CWD) so it can
90 create core files (normally, starts from $PREFIX/var).
91 --group <group> or -g <group>
93 Switch to the specified group after initializing the configuration
94 file.
95 --help or -h
97 Display a brief help message.
98 --module-registry
100 Display the list and description of the available modules. Note
101 that not all of these modules are loaded automatically, only the
102 ones specified in the --default-modules option. Available only in
103 and later.
104 --no-caps
106 Run syslog-ng as root, without capability-support. This is the
107 default behavior. On Linux, it is possible to run syslog-ng as
108 non-root with capability-support if syslog-ng was compiled with the
109 --enable-linux-caps option enabled. (Execute syslog-ng --version to
110 display the list of enabled build parameters.)
111 To run with specific capabilities, use the --caps option.
113 --persist-file <persist-file> or -R <persist-file>
115 Set the path and name of the syslog-ng.persist file where the
116 persistent options and data are stored.
117 --pidfile <pidfile> or -p <pidfile>
119 Set path to the PID file where the pid of the main process is
120 stored.
121 --preprocess-into <output-file>
123 After processing the configuration file and resolving included
124 files and variables, write the resulting configuration into the
125 specified output file. Available only in and later.
126 --process-mode <mode>
128 Sets how to run syslog-ng: in the foreground (mainly used for
129 debugging), in the background as a daemon, or in safe-background
130 mode. By default, syslog-ng runs in safe-background mode. This mode
131 creates a supervisor process called supervising syslog-ng , that
132 restarts syslog-ng if it crashes.
133 --stderr or -e
135 Log internal messages of syslog-ng to stderr. Mainly used for
136 debugging purposes in conjunction with the --foreground option. If
137 not specified, syslog-ng will log such messages to its internal
138 source.
139 --syntax-only or -s
141 Verify that the configuration file is syntactically correct and
142 exit.
143 --user <user> or -u <user>
145 Switch to the specified user after initializing the configuration
146 file (and optionally chrooting). Note that it is not possible to
147 reload the syslog-ng configuration if the specified user has no
148 privilege to create the /dev/log file.
149 --verbose or -v
151 Enable verbose logging used to troubleshoot syslog-ng.
152 --version or -V
154 Display version number and compilation information, and also the
155 list and short description of the available modules. For detailed
156 description of the available modules, see the --module-registry
157 option. Note that not all of these modules are loaded
158 automatically, only the ones specified in the --default-modules
159 option.
160 --worker-threads
162 Sets the number of worker threads can use, including the main
163 thread. Note that certain operations in can use threads that are
164 not limited by this option. This setting has effect only when is
165 running in multithreaded mode. Available only in and later. See The
166 3.17 Administrator Guide for details.
167
169 /usr/local/
170 /usr/local/etc/syslog-ng.conf
172
174 syslog-ng.conf(5)
175 Note
177 For the detailed documentation of see The 3.17 Administrator
178 Guide[3]
179 If you experience any problems or need help with syslog-ng, visit
181 the syslog-ng mailing list[4].
182 For news and notifications about of syslog-ng, visit the syslog-ng
184 blogs[5].
185
187 This manual page was written by the Balabit Documentation Team
188 <documentation@balabit.com>.
189
192 1. The Administrator Guide
193 https://www.balabit.com/support/documentation/
194 2. the official syslog-ng website
196 https://www.balabit.com/log-management
197 3. The 3.17 Administrator Guide
199 https://www.balabit.com/documents/syslog-ng-ose-latest-guides/en/syslog-ng-ose-guide-admin/html/index.html
200 4. syslog-ng mailing list
202 https://lists.balabit.hu/mailman/listinfo/syslog-ng
203 5. syslog-ng blogs
205 https://syslog-ng.org/blogs/
2063.17 08/10/2018 SYSLOG-NG(8)