Syslogd

Contents

  1. Syslogd
    1. Installation
    2. Configuration
      1. Syslog-Ng
      2. Syslogd
    3. Usage
      1. FreeBSD Implementation

Installation

In most distributions, the best implementation of a syslog daemon is syslog-ng(8).

The BSDs offer a syslogd(8) package.

For Docker or Podman containers, use the balabit/syslog-ng image. This is the correct upstream project.

Configuration

Syslog-Ng

A basic configuration for syslog-ng(8) is: 

source src_my_containers {
  tcp("0.0.0.0" port(601));
}

destination dest_my_promtail {
  syslog("my-promtail-hostname" transport("tcp") port(601));
}

log {
  source(src_my_containers);
  destination(dest_my_promtail);
}

This would be written to /etc/syslog-ng/syslog-ng.conf.

Syslogd

The BSD syslogd(8) needs disparate configuration on both the client and server.

First, the service should be started on the client with: 

syslogd_enable="YES"
syslogd_flags="-s"

This blocks accepting messages on this client.

Second, the service should be started on the server with: 

syslogd_enable="YES"
syslogd_flags="-a client.example.com"

This allows accepting messages from client.example.com.

The services should be configured in /etc/syslog.conf. Note that the patterns and directives can be separated by spaces or tabs.

For the server, try: 

+client.example.com
*.*    /var/log/client.log

For the client, try: 

*.*    @server.example.com

Finally the services can be (re)started. 

service syslogd restart

Usage

FreeBSD Implementation

FreeBSD's syslogd(8) has distinct options. See their documentation here.

Option

Description

-C

Create log files if they don't exist

-s

Disable logging messages from remote hosts

-ss

Disable all network sockets, effectively disabling remote logging

CategoryRicottone