Sunday, January 27, 2013

syslog-ng on Ubuntu

Installation


apt-get install syslog-ng


The configuration file is at


/etc/syslog-ng/syslog-ng.conf


Some basic syntax

To define the log to be printed out on all terminals. This normally available in the default configuration file.


destination <identifier> { pipe("/dev/xconsole"); };



To define a file where log should be directed to.


destination <identifier> { file("<file name in full path>"); };



To format the log, you can use template in your destination.


destination <identifier> { file("<file name in full path>" template("$ISODATE:$MESSAGE")); };



If you would like to fully format the logline, you can use $MSGONLY. However, please remember to put a newline character at the end of the template.

Filters can be set based on facility, priority, program name, keyword matching and etc. You can refer to this : http://www.balabit.com/sites/default/files/documents/syslog-ng-ose-3.3-guides/syslog-ng-ose-v3.3-guide-admin-en.html/index.html-single.html#filters


filter <identifier> { facility(<facility>); };



You can also put logical operator in the filter.


filter <identifer> { program("test") and level(err); };



After you have set the destination and filter, you can start to configure the logging redirection.

Example I used in my system.


How do I test it? you can simply use logger command.


If you do not specify the priority in the logger command, it will assumed as notice level.



Another finding from my experiment. In the configuration file, there's an option to allow system to create the destination file. See in the options {}; section. It will create only for the first time usage. If you "accidentally" removed the created log file, it will not recreate it until the syslog-ng service is restarted again.

Have fun!