Service manual

Chapter 5: Administration 71

Syslog-ng

Syslog-ng daemon reads log system console messages and log files on remote syslog servers as

specified by its configuration file. In addition, syslog-ng may filter messages based on its content

and perform an action, for example send an email or pager message. The /etc/syslog-ng/syslog-

ng.conf file is used to perform specific configurations.

To configure syslog-ng:

1. Define Global Options

options { opt1(params); opt2(params); ... };

Table 5.2: Global Options Parameters (Syslog-ng Configuration)

Option Description

time_reopen(n) The time to wait before a dead connection is re-established.

time_reap(n) The time to wait before an idle destination file is closed.

sync_freq(n) The number of lines buffered before written to file. (The file is synced when

this number of messages has been written to it.)

mark_freq(n) The number of seconds between two MARKS lines.

log_fifo_size(n) The number of lines fitting to the output queue.

chain_hostname

(yes/no) or long_hostname

(yes/no)

Enable/disable the chained hostname format.

use_time_recvd

(yes/no)

Use the time a message is received instead of the one specified in

the message.

use_dns (yes/no) Enable or disable DNS usage. syslog-ng blocks on DNS queries, so enabling

DNS may lead to a Denial of Service attack.

gc_idle_threshold(n) Sets the threshold value for the garbage collector, when syslog-ng is idle. GC

phase starts when the number of allocated objects reach this number.

Default: 100.

gc_busy_threshold(n) Sets the threshold value for the garbage collector. When syslog-ng is busy,

GC phase starts.

create_dirs(yes/no) Enable the creation of new directories.

owner(name) Set the owner of the created file to the one specified. Default: root.

group(name) Set the group of the created file to the one specified. Default: root.

perm(mask) Set the permission mask of the created file to the one specified.

Default: 0600.