Differences between revisions 4 and 5
Revision 4 as of 2023-04-03 02:35:15
Size: 2260
Editor: DominicRicottone
Comment:
Revision 5 as of 2023-04-08 13:38:13
Size: 2458
Editor: DominicRicottone
Comment:
Deletions are marked like this. Additions are marked like this.
Line 3: Line 3:
'''`syslog(8)`''' is a logging facility that also supports routing log messages over the network. '''`syslogd(8)`''' is a logging facility that also supports routing log messages over the network.
Line 13: Line 13:
In most distributions, the best implementation of a syslog daemon is `syslog-ng`.

[[BSD]] distributions offer a `syslogd` package.		 For most [[Linux]] distributions, the best implementation of a syslog daemon is `syslog-ng`. [[BSD]] distributions offer a `syslogd` package.
Line 110: Line 108:
----



== See also ==

[[https://man.archlinux.org/man/extra/syslog-ng/syslog-ng.8.en|syslog-ng(8)]]

[[https://man.freebsd.org/cgi/man.cgi?query=syslogd&sektion=8|syslogd(8)]]

Syslogd

syslogd(8) is a logging facility that also supports routing log messages over the network.

Contents

  1. Syslogd
    1. Installation
    2. Configuration
      1. Syslog-Ng
      2. Syslogd
    3. Usage
      1. FreeBSD Implementation
    4. See also

Installation

For most Linux distributions, the best implementation of a syslog daemon is syslog-ng. BSD distributions offer a syslogd package.

For Docker or Podman containers, use the balabit/syslog-ng image. This is the correct upstream project.

Configuration

Syslog-Ng

A basic configuration for syslog-ng(8) is: 

source src_my_containers {
  tcp("0.0.0.0" port(601));
}

destination dest_my_promtail {
  syslog("my-promtail-hostname" transport("tcp") port(601));
}

log {
  source(src_my_containers);
  destination(dest_my_promtail);
}

This would be written to /etc/syslog-ng/syslog-ng.conf.

Syslogd

The BSD syslogd(8) needs disparate configuration on both the client and server.

First, the service should be started on the client with: 

syslogd_enable="YES"
syslogd_flags="-s"

This blocks accepting messages on this client.

Second, the service should be started on the server with: 

syslogd_enable="YES"
syslogd_flags="-a client.example.com"

This allows accepting messages from client.example.com.

The services should be configured in /etc/syslog.conf. Note that the patterns and directives can be separated by spaces or tabs.

For the server, try: 

+client.example.com
*.*    /var/log/client.log

For the client, try: 

*.*    @server.example.com

Finally the services can be (re)started. 

service syslogd restart

Usage

FreeBSD Implementation

FreeBSD's syslogd(8) has distinct options. See their documentation here.

Option

Description

-C

Create log files if they don't exist

-s

Disable logging messages from remote hosts

-ss

Disable all network sockets, effectively disabling remote logging

See also

syslog-ng(8)

syslogd(8)

CategoryRicottone

Syslogd (last edited 2023-04-08 13:38:13 by DominicRicottone)