Differences between revisions 2 and 3
Revision 2 as of 2022-05-21 17:06:42
Size: 2152
Editor: DominicRicottone
Comment:
Revision 3 as of 2022-09-24 04:14:24
Size: 2247
Editor: DominicRicottone
Comment:
Deletions are marked like this. Additions are marked like this.
Line 2: Line 2:

'''`syslog(8)`''' is a logging facility that also supports routing log messages over the network.
Line 11: Line 13:
In most distributions, the best implementation of a syslog daemon is `syslog-ng(8)`. In most distributions, the best implementation of a syslog daemon is `syslog-ng`.
Line 13: Line 15:
The BSDs offer a `syslogd(8)` package. The BSDs offer a `syslogd` package.

Syslogd

syslog(8) is a logging facility that also supports routing log messages over the network.

Contents

  1. Syslogd
    1. Installation
    2. Configuration
      1. Syslog-Ng
      2. Syslogd
    3. Usage
      1. FreeBSD Implementation

Installation

In most distributions, the best implementation of a syslog daemon is syslog-ng.

The BSDs offer a syslogd package.

For Docker or Podman containers, use the balabit/syslog-ng image. This is the correct upstream project.

Configuration

Syslog-Ng

A basic configuration for syslog-ng(8) is: 

source src_my_containers {
  tcp("0.0.0.0" port(601));
}

destination dest_my_promtail {
  syslog("my-promtail-hostname" transport("tcp") port(601));
}

log {
  source(src_my_containers);
  destination(dest_my_promtail);
}

This would be written to /etc/syslog-ng/syslog-ng.conf.

Syslogd

The BSD syslogd(8) needs disparate configuration on both the client and server.

First, the service should be started on the client with: 

syslogd_enable="YES"
syslogd_flags="-s"

This blocks accepting messages on this client.

Second, the service should be started on the server with: 

syslogd_enable="YES"
syslogd_flags="-a client.example.com"

This allows accepting messages from client.example.com.

The services should be configured in /etc/syslog.conf. Note that the patterns and directives can be separated by spaces or tabs.

For the server, try: 

+client.example.com
*.*    /var/log/client.log

For the client, try: 

*.*    @server.example.com

Finally the services can be (re)started. 

service syslogd restart

Usage

FreeBSD Implementation

FreeBSD's syslogd(8) has distinct options. See their documentation here.

Option

Description

-C

Create log files if they don't exist

-s

Disable logging messages from remote hosts

-ss

Disable all network sockets, effectively disabling remote logging

CategoryRicottone

Syslogd (last edited 2023-04-08 13:38:13 by DominicRicottone)