Manualshelf

Distributed Systems Administration Utilities User's Guide, Linux, March 2009

ManualsBrandsHP ManualsSoftwareHP Linux Caliper Software Electronic LTU
41424344454647484950
Improved filtering functionality. In addition to syslog's facility/priority level filtering,
syslog-ng can perform regular expression filtering against the program name, hostname,
text of the message itself, the sender's IP address, and so on.
TCP transport - In addition to syslogds UDP transport, syslog-ng supports a TCP
transport which offers better delivery guarantees.
NOTE: syslog-ng's support for a TCP transport does not imply that it safeguards against
all message loss. For example, if the log consolidation server is down, the remote forwarding
clients will indeed experience packet loss once their buffers are exceeded (the client-side
buffer size is configurable with syslog-ng). TCP can offer better reliability in general,
however, and can offer increased security. For example, TCP-based log traffic can be
encrypted using ssh.
Log rotation based on output filenames - Log output filenames can be based on templates
names which support macro expansion. For example, if the output filename template contains
the month macro, a new filename will created each month.
Launching programs - A message can trigger a program to be launched, sending the message
to its standard input.
Log forwarding for arbitrary text-based logs - In conjunction with DSAU's clog_tail tool,
syslog-ng can be used to forward and consolidate arbitrary text-based application log
files such as Serviceguard’s package log files.
3.2.2 syslog Co-existence
This section is specific to Red Hat. The content in this section is not applicable to DSAU on SLES.
The Distributed Systems Administration Utilities configures syslog-ng to co-exist and work
alongside the standard syslogd. syslogd continues to handle all the local logging for the
system. syslog-ng is used when forwarding messages to a log consolidation system and is
used on the log consolidator to receive and filter messages. The following diagrams illustrate
the relationship between syslogd and syslog-ng. Figure 3-1 depicts the configuration on a
syslog-ng client system that is forwarding logs to a remote log consolidation server.
3.2 Log Consolidation Overview 47