Overview – SOE Syslog-ng Dec 2013

What is SOE Syslog-ng? UnixSOE Enterprise Suite v8.3 Syslog_ng 3.3.7-0 is an Open Source program that may be consider as replacement of legacy syslog. Syslog_ng has more flexibility and advanced future for better log management. The syslog-ng application read incoming messages and forwards them to the selected destinations. The syslog-ng application can receive messages from files, remote hosts, and others sources. The TCP channel can be used to collect logs instead of the UDP. Flexible filtering options are available. Using Syslog_ng, we can collect the log messages of every server at a single location centralized storage reduces maintenance costs.

SOE-Syslog-ng Config file options Config file of SOE-syslog-ng can be tweaked to have Syslog-ng behave as a client, stand-alone or as a central server. Macros enable us to rotate the log file based on the day, week, month or year using R_DAY, R_WEEK, R_MONTH, R_YEAR respectively. These get expanded as a message is processed. Template objects can be used to create standard message formats or filenames. The following template (t_demo_filetemplate) adds the date of the message and the name of the host sending the message to the beginning of the message text. template t_demo_filetemplate { template("$ISODATE $HOST $MSG\n"); template_escape(no)); };   destination d_file {file("/var/log/messages" template(t_demo_filetemplate); };

Example of SOE Syslog-ng Logger command allows to process the particular message and directs the message to the respective destination log file on the client or the central server depending on the config file. Ex:- logger “This is Syslog-ng version 3.3.7” Debugging the syslog-ng binary. The syslog-ng binary can be run in debug mode using the command line options “-Fvde” /opt/soe/local/syslog_ng/sbin/syslog-ng -Fvde

What is new with Syslog-ng – 3.3.7 Bugfixes ======= * The bundled ivykis has been updated, fixing the following issues: * Fixed a Solaris-specific issue relating to TCP sources[#190] * Fixed a spinlock issue, triggered on at least FreeBSD[#193] * Workaround an issue with kqueue() on /dev/klog [#201] * The file source was corrected to properly handle character devices. This, and the ivykis update fixes a CPU pinning issue on FreeBSD. [#201] * The sun-streams module had a file descriptor leak, which has been corrected too. [#151] * The glob-based configuration file inclusion was fixed to behave similarly to including a whole directory, to include files alphabetically. [#191] * The @include mechanism was also updated to not fail silently, but report an error in certain cases (such as permission errors, or missing files in case of an explicit, non-glob include). [#209] * Fixed a crash when trying to display the available modules in debug mode. [#189] * Fixed the building of afsocket-notls, so that it is correctly built without TLS support. [#188] * Fix compilation without spoof-source. [#192] * Avoid a feedback loop when emitting debug (and trace) messages. [#208] * Various minor fixes around the build system. Features * The stats will now list the filename of unix domain sockets. [#195]

SOE Syslog-ng Supported OS Operating System Version Architecture Sun Solaris 10 x86-64 Architecture Solaris 11 HP-UX HP-UX11i V2 (11.23) HP PA-RISC/ HP Itanium HP-UX11i V3 (11.31) Linux RHEL Server 5.x RHEL Server 6.x RHEL Workstation 6.x Suse 10 Suse11 Cent OS 5.x(5.5 onwards) Cent OS 6.x Oracle Enterprise Linux 5.x Oracle Enterprise Linux 6.x Zlinux Zlinux 6.x

Product Support Helpline Questions & Feedback Product Support Helpline unixsoe@csc.com