Syslogd

syslogd(8) is a logging facility that also supports routing log messages over the network.

Contents

  1. Syslogd
    1. Installation
    2. Configuration
      1. Syslog-Ng
      2. Syslogd
    3. Usage
      1. FreeBSD Implementation
    4. See also

Installation

For most Linux distributions, the best implementation of a syslog daemon is syslog-ng. BSD distributions offer a syslogd package.

For Docker or Podman containers, use the balabit/syslog-ng image. This is the correct upstream project.

Configuration

Syslog-Ng

A basic configuration for syslog-ng(8) is: 

source src_my_containers {
  tcp("0.0.0.0" port(601));
}

destination dest_my_promtail {
  syslog("my-promtail-hostname" transport("tcp") port(601));
}

log {
  source(src_my_containers);
  destination(dest_my_promtail);
}

This would be written to /etc/syslog-ng/syslog-ng.conf.

Syslogd

The BSD syslogd(8) needs disparate configuration on both the client and server.

First, the service should be started on the client with: 

syslogd_enable="YES"
syslogd_flags="-s"

This blocks accepting messages on this client.

Second, the service should be started on the server with: 

syslogd_enable="YES"
syslogd_flags="-a client.example.com"

This allows accepting messages from client.example.com.

The services should be configured in /etc/syslog.conf. Note that the patterns and directives can be separated by spaces or tabs.

For the server, try: 

+client.example.com
*.*    /var/log/client.log

For the client, try: 

*.*    @server.example.com

Finally the services can be (re)started. 

service syslogd restart

Usage

FreeBSD Implementation

FreeBSD's syslogd(8) has distinct options. See their documentation here.

Option

Description

-C

Create log files if they don't exist

-s

Disable logging messages from remote hosts

-ss

Disable all network sockets, effectively disabling remote logging

See also

syslog-ng(8)

syslogd(8)

CategoryRicottone

Syslogd (last edited 2023-04-08 13:38:13 by DominicRicottone)