Logging to a Remote Host with Syslog-ng

Logging to a Remote Host with Syslog-ngIn previous syslog-ng articles we focused primarily on how to configure syslog-ng to log to a remote database server, such as PostgreSQL. However, perhaps not all wish to log to a database server for one reason or another. Fortunately, as an alternative method, syslog-ng also has the capability of logging to a remote host using TCP or UDP.


Logging to a Remote Host with Syslog-ng


For this, both the syslog-ng client (the host that will be sending logs) and the server (the host that will be receiving logs from the client) will require separate but corresponding configurations. First, on the client, a new destination will need to be created. Here is an example destination configured to send logs on various ports using both TCP and UDP, although in practice this might be overkill.

destination remote_log_server {
 tcp("" port(25214));
 udp("" port(25214));
 udp("remotehost.local" port(514));
 log { source(src); destination(remote_log_server); };

As you can see, you have the option of using either the IP address of the logging server, or its FQDN. Now, the log server must be configured with a new source:

source remote_log_host {
 tcp(ip( port(25214));
 udp(ip( port(25214));
udp(default-facility(syslog) default-priority(emerg));
tcp(default-facility(syslog) default-priority(emerg));
log { source(remote_log_host); destination(debugging_console); };

You obviously have some liberty here when it comes to the destination for this log. You could even filter logs into more complex break downs, as I’ve shown in previous articles. In the event that the remote log host is using an older version of syslog-ng or if it is using a binary that doesn’t support SQL logging, you could still send logs to a logging server that does support logging to a database and from there enter them into PostgreSQL or MySQL, if you so wish.

So, by now you should have a basic understanding of how syslog-ng works, how to filter and sort logs, how to keep all of your logs in a database for easy sorting and centralization, and how to log to a remote logging server using TCP and UDP. I hope that you have found these articles useful, and that they just might make your life a little easier. Lastly, I highly recommend browsing through the syslog-ng Administrator Guide for more information on syslog-ng.