§2024-05-17

• syslog-ng Open Source Edition 3.25 - Administration Guide

alexlai@hc4nas02:~$ syslog-ng --version
syslog-ng 3 (3.25.1)
Config version: 3.25
Installer-Version: 3.25.1
Revision: 3.25.1-3
...

• sample syslog-ng.conf

# This is a comment explaining the purpose of the configuration file
@version: 3.25

# Include additional configuration from "scl.conf"
@include "scl.conf"

# Set options for syslog-ng
options {
    # Clean up internal timing-related resources every 30 seconds
    time-reap(30);

    # Mark the kernel every 10 seconds
    # When the syslog-ng daemon marks the kernel log, it essentially adds a 
    # timestamp or some marker indicating the current state of the system. 
    mark-freq(10);

    # Retain the original hostname in log messages
    keep-hostname(yes);
};

# Define a source named "s_local" to collect logs from the local system
source s_local {
    system(); internal();
};

# Define a source named "s_network" to collect syslog messages from the network using TCP transport
source s_network {
    syslog(transport(tcp));
};

# Define a destination named "d_logs" to write logs to a file
destination d_logs {
    file(
        "/var/log/syslog-ng/logs.txt"
        owner("root")
        group("root")
        perm(0777)
    );
};

# Log messages from sources "s_local" and "s_network" to destination "d_logs"
log {
    source(s_local); source(s_network); destination(d_logs);
};