syslog-ng is an enhanced log daemon, supporting a wide range of input and output methods: syslog, unstructured text, queueing, SQL & NoSQL.
syslog-ng is an enhanced log daemon, supporting a wide range of input
and output methods: syslog, unstructured text, message queues,
databases (SQL and NoSQL alike), and more.
The simplest configuration accepts system logs from /dev/log (from
applications or forwarded by systemd) and writes everything to a single
file:
@version: 4.8
@include "scl.conf"
log {
source { system(); };
destination { file("/var/log/syslog"); };
};
This one additionally processes logs from the network (TCP/514 by default):
@version: 4.8
@include "scl.conf"
log {
source {
system();
network();
};
destination { file("/var/log/syslog"); };
};
This config is designed for structured/application logging, using local submission via JSON, and outputting in key=value format:
@version: 4.8
@include "scl.conf"
log {
source { system(); };
destination { file("/var/log/app.log" template("$(format-welf --subkeys .cim.)\n")); };
};
To submit a structured log using logger
, you might run:
$ logger '@cim: {"name1":"value1", "name2":"value2"}'
In which case the resulting message will be:
name1=value1 name2=value2
For a brief introduction to configuring the syslog-ng application, see the quickstart guide.
We are really interested to see who uses our software, so if you do use it and you like
what you see, please tell us about it. A star on github or an email
saying thanks means a lot already, but telling us about your use case,
your experience, and things to improve would be much appreciated.
Just send an email to feedback (at) syslog-ng.org.
Feedback Powers Open Source.
Releases and precompiled tarballs are available on GitHub.
To compile from source, the easiest is to use dbld
, a docker based,
self-hosted compile/build/release infrastructure within the source tree. See
dbld/README.md
for more information.
For the brave souls who want to compile syslog-ng from scratch, the usual
drill applies:
$ ./configure && make && make install
The extra effort in contrast with the dbld based build is the need to fetch
and install all build dependencies of syslog-ng (of which there are a few).
If you don’t have a configure script (because of cloning from git, for example),
run ./autogen.sh
to generate it.
Some of the functionality of syslog-ng is compiled only if the required
development libraries are present. The configure script displays a
summary of enabled features at the end of its run.
For details, see the syslog-ng compiling instructions.
Binaries are available in various Linux distributions and contributors
maintain packages of the latest and greatest syslog-ng version for
various OSes.
Simply invoke the following command as root:
# apt install syslog-ng
The latest versions of syslog-ng are available for a wide range of Debian
and Ubuntu releases from our APT repository.
The packages and the APT repository are provided “as is” without warranty of any kind, on a best-effort level.
syslog-ng packages are released for the following distribution versions (x86-64):
Distro version | sources.list component name |
---|---|
Ubuntu 24.04 | ubuntu-noble |
Ubuntu 23.10 | ubuntu-mantic |
Ubuntu 23.04 | ubuntu-lunar |
Ubuntu 22.04 | ubuntu-jammy |
Ubuntu 20.04 | ubuntu-focal |
Debian 12 | debian-bookworm |
Debian 11 | debian-bullseye |
Debian Unstable | debian-sid |
Debian Testing | debian-testing |
Download and install the release signing key:
wget -qO - https://ose-repo.syslog-ng.com/apt/syslog-ng-ose-pub.asc | sudo apt-key add -
Add the repository containing the latest build of syslog-ng to the APT sources. For example, stable releases on Ubuntu 22.04:
echo "deb https://ose-repo.syslog-ng.com/apt/ stable ubuntu-noble" | sudo tee -a /etc/apt/sources.list.d/syslog-ng-ose.list
Run apt update
Nightly packages are built and released from the git master
branch everyday.
Use nightly
instead of stable
in step 2 to use the nightly APT repository. E.g.:
echo "deb https://ose-repo.syslog-ng.com/apt/ nightly ubuntu-noble" | sudo tee -a /etc/apt/sources.list.d/syslog-ng-ose.list
Nightly builds can be used for testing purposes (obtaining new features and bugfixes) at the risk of breakage.
# pacman -S syslog-ng
syslog-ng is available as a Fedora package that you can install using
dnf:
You can download packages for the latest versions from here.
For instructions on how to install syslog-ng on RPM distributions, see the blog post Installing latest syslog-ng on RHEL and other RPM distributions.
If you wish to install the latest RPM package that comes from a recent commit in Git for testing purposes, read the blog post, RPM packages from syslog-ng Git HEAD.
# brew install syslog-ng
Binaries for other platforms are listed on the
official third party page.
Binaries are also available as a Docker image. To find out more, check out the blog post, Your central log server in Docker.
For the latest, markdown based version, see the syslog-ng documentation center.
The official documentation of the earlier versions (3.X) of syslog-ng Open Source Edition provided by One Identity is available
here.
If you would like to contribute to syslog-ng, to fix a bug or create a new module, the syslog-ng pages helps you take the first steps to working with the code base.