syslog-ng - syslog-ng system logger application
This manual page is only an abstract, for the complete documentation of
syslog-ng, see The Administrator Guide
 or the official
The application is a flexible and highly scalable system logging application.
Typically, syslog-ng is used to manage log messages and implement centralized
logging, where the aim is to collect the log messages of several devices on a
single, central log server. The different devices - called syslog-ng clients -
all run syslog-ng, and collect the log messages from the various applications,
files, and other sources
. The clients send all important log messages
to the remote syslog-ng server, where the server sorts and stores them.
Run process with the specified POSIX
•If the --no-caps option is not
set, and the host supports CAP_SYSLOG, uses the following capabilities:
"cap_net_bind_service, cap_net_broadcast, cap_net_raw,
cap_dac_read_search, cap_dac_override, cap_chown, cap_fowner=p
•If the --no-caps option is not
set, and the host does not support CAP_SYSLOG, uses the following
capabilities: "cap_net_bind_service, cap_net_broadcast,
cap_net_raw,cap_dac_read_search, cap_dac_override, cap_chown, cap_fowner=p
/usr/sbin/syslog-ng -Fv --caps cap_sys_admin,cap_chown,cap_dac_override,cap_net_bind_service,cap_fowner=pi
Note that the capabilities are not case sensitive, the following command is also
good: /usr/sbin/syslog-ng -Fv --caps
For details on the capability flags, see the following man pages:
cap_from_text(3) and capabilities(7)
or -f <file>
Use the specified configuration file.
or -C <dir>
Change root to the specified directory. The
configuration file is read after chrooting so, the configuration file must be
available within the chroot. That way it is also possible to reload the
syslog-ng configuration after chrooting. However, note that the --user
and --group options are resolved before chrooting.
or -c <file>
Set the location of the syslog-ng control
socket. Default value: /var/run/syslog-ng.ctl
Start syslog-ng in debug mode.
A comma-separated list of the modules that are
loaded automatically. Modules not loaded automatically can be loaded by
including the @module <modulename> statement in the syslog-ng OSE
configuration file. The following modules are loaded by default: affile,
afprog, afsocket, afuser, basicfuncs, csvparser, dbparser, syslogformat,
afsql. Available only in syslog-ng Open Source Edition 3.3 and
Enable syslog-ng to write core files in case
of a crash to help support and debugging.
Set the minimal number of required file
descriptors (fd-s). This sets how many files syslog-ng can keep open
simultaneously. Default value: 4096. Note that this does not override
the global ulimit setting of the host.
Do not daemonize, run in the foreground. When
running in the foreground, starts from the current directory ( $CWD) so
it can create core files (normally, starts from $PREFIX/var).
or -g <group>
Switch to the specified group after
initializing the configuration file.
Display a brief help message.
Display the list and description of the
available modules. Note that not all of these modules are loaded
automatically, only the ones specified in the --default-modules option.
Available only in and later.
Run syslog-ng as root, without
capability-support. This is the default behavior. On Linux, it is possible to
run syslog-ng as non-root with capability-support if syslog-ng was compiled
with the --enable-linux-caps
option enabled. (Execute syslog-ng
to display the list of enabled build parameters.)
To run with specific capabilities, use the --caps
or -R <persist-file>
Set the path and name of the syslog-ng.persist
file where the persistent options and data are stored.
or -p <pidfile>
Set path to the PID file where the pid of the
main process is stored.
After processing the configuration file and
resolving included files and variables, write the resulting configuration into
the specified output file. Available only in and later.
Sets how to run syslog-ng: in the
foreground (mainly used for debugging), in the background as a
daemon, or in safe-background mode. By default, syslog-ng runs in
safe-background mode. This mode creates a supervisor process called
supervising syslog-ng , that restarts syslog-ng if it crashes.
Log internal messages of syslog-ng to stderr.
Mainly used for debugging purposes in conjunction with the --foreground
option. If not specified, syslog-ng will log such messages to its internal
Verify that the configuration file is
syntactically correct and exit.
or -u <user>
Switch to the specified user after
initializing the configuration file (and optionally chrooting). Note that it
is not possible to reload the syslog-ng configuration if the specified user
has no privilege to create the /dev/log file.
Enable verbose logging used to troubleshoot
Display version number and compilation
information, and also the list and short description of the available modules.
For detailed description of the available modules, see the
--module-registry option. Note that not all of these modules are loaded
automatically, only the ones specified in the --default-modules
Sets the number of worker threads can use,
including the main thread. Note that certain operations in can use threads
that are not limited by this option. This setting has effect only when is
running in multithreaded mode. Available only in and later. See The 3.11
Administrator Guide for details.
For the detailed documentation of see The 3.11 Administrator
If you experience any problems or need help with syslog-ng, visit the
syslog-ng mailing list
For news and notifications about of syslog-ng, visit the syslog-ng
This manual page was written by the Balabit Documentation Team
- The Administrator Guide
- the official syslog-ng website
- The 3.11 Administrator Guide
- syslog-ng mailing list
- syslog-ng blogs