Syslog-ng on CentOS 6

Server side Syslog-ng installation

vi /etc/sysconfig/iptables
-A INPUT -p tcp -m state --state NEW -m tcp --dport 514 -j ACCEPT
-A INPUT -p udp -m state --state NEW -m udp --dport 514 -j ACCEPT

yum install epel-release
yum install syslog-ng syslog-ng-libdbi -y

vi /etc/syslog-ng/syslog-ng.conf

@version:3.2

options {
long_hostnames(off);
log_msg_size(8192);
flush_lines(1);
log_fifo_size(20480);
time_reopen(10);
# use_dns(yes);
use_dns(no);
# dns_cache(yes);
# use_fqdn(yes);
use_fqdn(no);
keep_hostname(yes);
chain_hostnames(no);
perm(0644);
stats_freq(43200);
};
source s_internal { internal(); };
destination d_syslognglog { file("/var/log/syslog-ng.log"); };
log { source(s_internal); destination(d_syslognglog); };
source s_local {
unix-dgram("/dev/log");
file("/proc/kmsg" program_override("kernel:"));
};
filter f_messages { level(info..emerg); };
filter f_secure   { facility(authpriv); };
filter f_mail     { facility(mail); };
filter f_cron     { facility(cron); };
filter f_emerg    { level(emerg); };
filter f_spooler  { level(crit..emerg) and facility(uucp, news); };
filter f_local7   { facility(local7); };
destination d_messages { file("/var/log/messages"); };
destination d_secure   { file("/var/log/secure"); };
destination d_maillog  { file("/var/log/maillog"); };
destination d_cron     { file("/var/log/cron"); };
destination d_console  { usertty("root"); };
destination d_spooler  { file("/var/log/spooler"); };
destination d_bootlog  { file("/var/log/demsg"); };
log {source(s_local); filter(f_emerg);  destination(d_console); };
log {source(s_local); filter(f_secure); destination(d_secure); flags(final); };
log {source(s_local); filter(f_mail);   destination(d_maillog); flags(final); };
log {source(s_local); filter(f_cron);   destination(d_cron); flags(final); };
log {source(s_local); filter(f_spooler); destination(d_spooler); };
log {source(s_local); filter(f_local7); destination(d_bootlog); };
log {source(s_local); filter(f_messages); destination(d_messages); };
source s_remote {
tcp(ip(0.0.0.0) port(514));
udp(ip(0.0.0.0) port(514));
};
destination r_console {file("/var/log/syslog-ng/$YEAR$MONTH$DAY/$HOST/console" owner("root") group("root") perm(0640) dir_perm(0750) create_dirs(yes)); };
destination r_secure {file("/var/log/syslog-ng/$YEAR$MONTH$DAY/$HOST/secure" owner("root") group("root") perm(0640) dir_perm(0750) create_dirs(yes)); };
destination r_cron {file("/var/log/syslog-ng/$YEAR$MONTH$DAY/$HOST/cron" owner("root") group("root") perm(0640) dir_perm(0750) create_dirs(yes)); };
destination r_spooler {file("/var/log/syslog-ng/$YEAR$MONTH$DAY/$HOST/spooler" owner("root") group("root") perm(0640) dir_perm(0750) create_dirs(yes)); };
destination r_bootlog {file("/var/log/syslog-ng/$YEAR$MONTH$DAY/$HOST/bootlog" owner("root") group("root") perm(0640) dir_perm(0750) create_dirs(yes)); };
destination r_messages {file("/var/log/syslog-ng/$YEAR$MONTH$DAY/$HOST/messages" owner("root") group("root") perm(0640) dir_perm(0750) create_dirs(yes)); };
log { source(s_remote); filter(f_emerg); destination(r_console); };
log { source(s_remote); filter(f_secure); destination(r_secure); flags(final); };
log { source(s_remote); filter(f_cron); destination(r_cron); flags(final); };
log { source(s_remote); filter(f_spooler); destination(r_spooler); };
log { source(s_remote); filter(f_local7); destination(r_bootlog); };
log { source(s_remote); filter(f_messages); destination(r_messages); };

mkdir /var/log/syslog-ng
chkconfig rsyslog off
chkconfig --list rsyslog
chkconfig syslog-ng on
chkconfig --list syslog-ng
service rsyslog stop
service syslog-ng restart

Client configuration

yum install epel-release -y
#CentOS6
yum install syslog-ng syslog-ng-libdbi -y
or
#CentOS5
yum install syslog-ng-y

echo 'destination pnjsvmon01v {udp("192.168.1.60" port(514));};' >> /etc/syslog-ng/syslog-ng.conf
echo 'log { source(s_sys); destination(srvmon01v); };' >> /etc/syslog-ng/syslog-ng.conf

#CentOS
chkconfig rsyslog off
chkconfig --list rsyslog
chkconfig syslog-ng on
chkconfig --list syslog-ng
service rsyslog stop
service syslog-ng restart

or
#SLES11
/etc/init.d/syslog restart

Leave a comment

You must be logged in to post a comment.