Skip to content
syslog-ng is an enhanced log daemon, supporting a wide range of input and output methods: syslog, unstructured text, queueing, SQL & NoSQL.
C Python Makefile Java CMake Shell Other
Branch: master
Clone or download

Latest commit

lbudai Merge pull request #2899 from bazsi/destip-destport-proto-macros
Add support for DESTIP/DESTPORT/PROTO macros
Latest commit 206a58b Apr 6, 2020

Files

Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
.github packaging: a little cleanup after geoip removal Mar 30, 2020
.lgtm/cpp-queries lgtm: add custom query for gmtime calls that are not protected by a lock Feb 25, 2019
Mk autotools: relaxing python dependency requirement Dec 20, 2018
cmake cmake: add_module: use module_generate_grammar_y_from_ym() Feb 14, 2020
contrib contrib: add example startup configuration for macOS Mar 16, 2020
dbld dbld: fix ubuntu-eoan build Apr 3, 2020
dev-utils/plugin_skeleton_creator dev-utils/plugin-creator: cmake: use add_module() Feb 14, 2020
doc doc: Typo in manual pages corrected Mar 24, 2020
lib Merge pull request #2899 from bazsi/destip-destport-proto-macros Apr 6, 2020
libtest templates: add $PROTO macro Mar 26, 2020
m4 m4: add m4_esyscmd_s() function if it's not available Oct 16, 2019
modules Merge pull request #2899 from bazsi/destip-destport-proto-macros Apr 6, 2020
news Merge pull request #3208 from furiel/geoip2-deb-dead-code Apr 2, 2020
packaging packaging/debian: support user-specified Python version [upstreamonly] Apr 3, 2020
persist-tool persist-tool: fix multiple definition of globals Feb 4, 2020
scl Merge pull request #3206 from furiel/fix-telegram-truncate Apr 1, 2020
scripts scripts/version.sh: unset CDPATH Jun 24, 2019
syslog-ng-ctl syslog-ng-ctl: add skeleton for export-config-graph Nov 17, 2019
syslog-ng syslog-ng/main: show Config-Version to the last semantic change Feb 21, 2020
tests Merge pull request #2899 from bazsi/destip-destport-proto-macros Apr 6, 2020
.astylerc astyle: add spaces around commas Nov 13, 2019
.ctags ctags: only exclude build related stuff Mar 6, 2020
.gitignore gitignore: ignore build directory Jun 21, 2019
.gitmodules afmongodb: remove mongo-c-driver submodule and its support Aug 22, 2018
.lgtm.yml lgtm: help check_java_support m4 script to find the proper java version Feb 1, 2020
.mailmap mailmap: Add attila.szakacs@oneidentity.com Jan 27, 2020
.travis.yml Merge pull request #3209 from furiel/secure-logging-test Apr 6, 2020
AUTHORS AUTHORS: convert from iso-8859-2 to utf-8 Jun 24, 2019
CMakeLists.txt Merge pull request #3106 from lbudai/cmake-add-module Feb 21, 2020
CONTRIBUTING.md contributing.md: update Mar 17, 2020
COPYING copying: add note about tests/copyright/policy Jan 21, 2020
GPL.txt relicense syslog-ng to a combination of GPL/LGPL Jul 14, 2010
LGPL.txt Major copyright & license fixups Nov 12, 2012
Makefile.am build: remove -fcommon to reveal multiple definition issues Feb 4, 2020
NEWS.md news: format NEWS.md file Mar 3, 2020
README.md version: 3.26 Mar 2, 2020
VERSION version: 3.26 Mar 2, 2020
autogen.sh afmongodb: remove mongo-c-driver submodule and its support Aug 22, 2018
configure.ac transport-udp-socket: add module that also returns the target address… Mar 26, 2020
dist.conf.in syslog-ng: print versioning infos, set package name Jul 19, 2017
requirements.txt travis: install pre-commit-hooks only when needed Nov 6, 2019
sub-configure.sh build scripts: added copyright declaration, renamed system-expand.sh Apr 1, 2016
syslog-ng-config.h.in tlscontext: add workaround for a TLS 1.3 bug to prevent data loss Jan 17, 2020
syslog-ng-native-connector.pc.cmake cmake: add syslog-ng-native-connector.pc.cmake file May 21, 2016
syslog-ng-native-connector.pc.in Makefile: add pkg-config file for syslog-ng-native-connector.a Dec 8, 2015
syslog-ng.pc.cmake syslog-ng-dev: evtlog should be linked Mar 22, 2018
syslog-ng.pc.in syslog-ng-dev: evtlog should be linked Mar 22, 2018
syslog-ng.supp Makefile: add valgrind suppressions Dec 10, 2015

README.md

Gitter Build Status

syslog-ng

syslog-ng is an enhanced log daemon, supporting a wide range of input and output methods: syslog, unstructured text, message queues, databases (SQL and NoSQL alike), and more.

Quickstart

The simplest configuration accepts system logs from /dev/log (from applications or forwarded by systemd) and writes everything to a single file:

@version: 3.26
@include "scl.conf"

log {
	source { system(); };
	destination { file("/var/log/syslog"); };
};

This one additionally processes logs from the network (TCP/514 by default):

@version: 3.26
@include "scl.conf"

log {
	source {
		system();
		network();
	};
	destination { file("/var/log/syslog"); };
};

This config is designed for structured/application logging, using local submission via JSON, and outputting in key=value format:

@version: 3.26
@include "scl.conf"

log {
	source { system(); };
	destination { file("/var/log/app.log" template("$(format-welf --subkeys .cim.)\n")); };
};

To submit a structured log using logger, you might run:

$ logger '@cim: {"name1":"value1", "name2":"value2"}'

In which case the resulting message will be:

name1=value1 name2=value2

For a brief introduction to configuring the syslog-ng application, see the quickstart guide.

Features

  • Receive and send RFC3164 and RFC5424 style syslog messages
  • Receive and send JSON formatted messages
  • Work with any kind of unstructured data
  • Classify and structure logs using built-in parsers (csv-parser(), db-parser(), kv-parser(), etc.)
  • Normalize, crunch, and process logs as they flow through the system
  • Hand over logs for further processing using files, message queues (like AMQP), or databases (like PostgreSQL or MongoDB)
  • Forward logs to big data tools (like Elasticsearch, Apache Kafka, or Apache Hadoop)

Performance

  • syslog-ng provides performance levels comparable to a large cluster when running on a single node
  • In the simplest use case, it scales up to 600-800k messages per second
  • But classification, parsing, and filtering still produce several tens of thousands of messages per second

Community

  • syslog-ng is developed by a community of volunteers, the best way to contact us is via our github project page project, our gitter channel or our mailing list.
  • syslog-ng is integrated into almost all Linux distributions and BSDs, it is also incorporated into a number of products, see our powered by syslog-ng page for more details.

Sponsors

Balabit is the original creator and largest current sponsor of the syslog-ng project. They offer support, professional services, and addons you may be interested in

Feedback

We are really interested to see who uses our software, so if you do use it and you like what you see, please tell us about it. A star on github or an email saying thanks means a lot already, but telling us about your use case, your experience, and things to improve would be much appreciated.

Just send an email to feedback (at) syslog-ng.org.

Feedback Powers Open Source.

Installation from source

Releases and precompiled tarballs are available on GitHub.

To compile from source, the usual drill applies (assuming you have the required dependencies):

$ ./configure && make && make install

If you don't have a configure script (because of cloning from git, for example), run ./autogen.sh to generate it.

Some of the functionality of syslog-ng is compiled only if the required development libraries are present. The configure script displays a summary of enabled features at the end of its run. For details, see the syslog-ng compiling instructions.

Installation from binaries

Binaries are available in various Linux distributions and contributors maintain packages of the latest and greatest syslog-ng version for various OSes.

Debian/Ubuntu

Simply invoke the following command as root:

# apt-get install syslog-ng

The latest versions of syslog-ng are available for a wide range of Debian and Ubuntu releases and architectures from an unofficial repository.

For instructions on how to install syslog-ng on Debian/Ubuntu distributions, see the blog post Installing the latest syslog-ng on Ubuntu and other DEB distributions.

Fedora

syslog-ng is available as a Fedora package that you can install using yum:

# yum install syslog-ng

You can download packages for the latest versions from here.

For instructions on how to install syslog-ng on RPM distributions, see the blog post Installing latest syslog-ng on RHEL and other RPM distributions.

If you wish to install the latest RPM package that comes from a recent commit in Git for testing purposes, read the blog post, RPM packages from syslog-ng Git HEAD.

Others

Binaries for other platforms are listed on the official third party page.

Installation from Docker image

Binaries are also available as a Docker image. To find out more, check out the blog post, Your central log server in Docker.

Documentation

The documentation of the latest released version of syslog-ng Open Source Edition is available here. For earlier versions, see the syslog-ng Documentation Page.

Contributing

If you would like to contribute to syslog-ng, to fix a bug or create a new module, the syslog-ng gitbook helps you take the first steps to working with the code base.

You can’t perform that action at this time.