Logging rules are called Routers in syslog-ng terminology. Rules consist of a source, optionally a filter and a destination. The Routers tab of the System logging component represents this philosophy well.

Figure 7.13. Configured routers

Just like sources, destinations and filters, more than one router can be present in the system. If you use several routers, it is recommended to apply a good naming strategy to easily identify the relevant log rules.

There are virtually endless possibilities for configuring a complex system logging architecture with syslog-ng. This chapter focused only on the basic concept and provided an architecture view including not only Zorp and the ZMS host nodes, but presenting as well that the syslog-ng architecture can also include practically Unix/Linux machines.

For further information and details, see The syslog-ng Administrator Guide.