Configuring Syslog-ng on Ubuntu
Friday, August 26, 2011 at 20:24 Syslog-ng is a replacement for the default syslog daemons you get with most Linux distributions. The advantage of syslog-ng is that the configuration is easier to understand, and it gives the sys-admin numerous advantages. Especially in complex environments.
Let's say we have a RADIUS environment which is able to send authentication and accounting information through syslog to external devices. And let's assume that a relevant part of this syslog information is needed by a department within a large cooperation.
Installing syslog-ng (on Ubuntu) is done by the following command:
# sudo apt-get install syslog-ng
Through the use of syslog-ng we can store, and/or forward syslog information based on the following (but not limited to):
- source IP address
- destination IP address
- syslog level
- content in the original syslog message by using regular expressions.
All this can be configured in the /etc/syslog-ng/syslog-ng.conf file.
syslog, syslog-ng in Linux, Tips'n Tricks