There are several system components that do not output log entries in a unified format or method. Some of them output to files, while others use a pipe, or use a unix-stream. Some can even be configured to use a certain output method. The syslog-ng application can accept log entries from these output methods too.
The syslog-ng application supports the following source types:
internal()
The log messages of syslog-ng itself.
file()
This source is for log entries from a special file, like
/proc/kmsg
.Note A file source cannot be an ordinary text file, for example, one generated by httpd. However, it is possible to feed syslog-ng with messages from such a file indirectly. For this, a custom script is required, for example, a script that uses tail -f to transfer messages from the desired logfile to the logger utility.
pipe()
This source is for messages from a pipe.
unix_stream()
This source is for log entries from a connection–oriented socket.
unix_dgram()
This source is for log entries from connectionless sockets.
tcp()
Log entries from remote machines that use TCP for log entry submission.
Note One of the advantages of syslog-ng over traditional syslog is that it can handle TCP connections.
By default, syslog-ng uses TCP port
514
.udp()
Log entries for remote machines that use udp for log entry submission.
By default, syslog-ng uses UDP port
514
.
Of all the possible sources unix_stream()
and unix_dgram()
are probably the most important when dealing with local components' log entries because the most important system components, like the kernel and many of the daemon processes use one of them for recording log events.
Published on June 04, 2020
© 2007-2019 BalaSys
Send your comments to support@balasys.hu