The syslog-ng application runs as a daemon process and collects information from various log sources. Depending on the options and filters configured, syslog-ng saves the received log entries to the specified destinations. The configuration of syslog-ng mainly consists of configuring its components correctly.

The components of syslog-ng are the following:

The syslog-ng configuration is stored in a text-based configuration file that is typically the /etc/syslog-ng/syslog-ng.conf file. ZMC hides the exact structure of this configuration file and takes care of the correct syntax, allowing the administrator to concentrate on the actual configuration tasks. However, as syslog-ng is present in more and more Linux/Unix distributions, it is beneficial to know the syntax and the content of this configuration file too. In addition, syslog-ng allows for centralized logging from machines not necessarily under the control of ZMS. In this case configuring syslog-ng means manually editing the corresponding configuration file.

The syslog-ng.conf file has a C-like syntax with curly braces ({}) separating integral code parts and with semicolons (;) for closing expressions. Comments begin with hashmark (#).