'\" t
.\" Title: syslog-ng
.\" Author: [see the "Author" section]
.\" Generator: DocBook XSL Stylesheets vsnapshot
.\" Date: 03/10/2024
.\" Manual: The syslog-ng manual page
.\" Source: 4.3
.\" Language: English
.\"
.TH "SYSLOG\-NG" "8" "03/10/2024" "4\&.3" "The syslog-ng manual page"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.\" http://bugs.debian.org/507673
.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.ie \n(.g .ds Aq \(aq
.el .ds Aq '
.\" -----------------------------------------------------------------
.\" * set default formatting
.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
.\" -----------------------------------------------------------------
.\" * MAIN CONTENT STARTS HERE *
.\" -----------------------------------------------------------------
.SH "NAME"
syslog-ng \- syslog\-ng system logger application
.SH "SYNOPSIS"
.HP \w'\fBsyslog\-ng\fR\ 'u
\fBsyslog\-ng\fR [options]
.SH "DESCRIPTION"
.PP
This manual page is only an abstract, for the complete documentation of syslog\-ng, see
\m[blue]\fB\fBThe Administrator Guide\fR\fR\m[]\&\s-2\u[1]\d\s+2
or
\m[blue]\fBthe official syslog\-ng website\fR\m[]\&\s-2\u[2]\d\s+2\&.
.PP
The application is a flexible and highly scalable system logging application\&. Typically, syslog\-ng is used to manage log messages and implement centralized logging, where the aim is to collect the log messages of several devices on a single, central log server\&. The different devices \- called syslog\-ng clients \- all run syslog\-ng, and collect the log messages from the various applications, files, and other
\fIsources\fR\&. The clients send all important log messages to the remote syslog\-ng server, where the server sorts and stores them\&.
.SH "OPTIONS"
.PP
\fB\-\-caps\fR
.RS 4
Run process with the specified POSIX capability flags\&.
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
If the
\fI\-\-no\-caps\fR
option is not set, and the host supports CAP_SYSLOG, uses the following capabilities: "cap_net_bind_service, cap_net_broadcast, cap_net_raw, cap_dac_read_search, cap_dac_override, cap_chown, cap_fowner=p cap_syslog=ep"
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
If the
\fI\-\-no\-caps\fR
option is not set, and the host does not support CAP_SYSLOG, uses the following capabilities: "cap_net_bind_service, cap_net_broadcast, cap_net_raw,cap_dac_read_search, cap_dac_override, cap_chown, cap_fowner=p cap_sys_admin=ep"
.RE
.sp
For example:
.sp
.if n \{\
.RS 4
.\}
.nf
/usr/sbin/syslog\-ng \-Fv \-\-caps cap_sys_admin,cap_chown,cap_dac_override,cap_net_bind_service,cap_fowner=pi
.fi
.if n \{\
.RE
.\}
.sp
Note that the capabilities are not case sensitive, the following command is also good:
\fB /usr/sbin/syslog\-ng \-Fv \-\-caps CAP_SYS_ADMIN,CAP_CHOWN,CAP_DAC_OVERRIDE,CAP_NET_BIND_SERVICE,CAP_FOWNER=pi\fR
.sp
For details on the capability flags, see the following man pages:
cap_from_text(3)
and
capabilities(7)
.RE
.PP
\fB\-\-cfgfile \fR or \fB\-f \fR
.RS 4
Use the specified configuration file\&.
.RE
.PP
\fB\-\-chroot \fR or \fB\-C \fR
.RS 4
Change root to the specified directory\&. The configuration file is read after chrooting so, the configuration file must be available within the chroot\&. That way it is also possible to reload the syslog\-ng configuration after chrooting\&. However, note that the
\fI\-\-user\fR
and
\fI\-\-group\fR
options are resolved before chrooting\&.
.RE
.PP
\fB\-\-control \fR or \fB\-c \fR
.RS 4
Set the location of the syslog\-ng control socket\&. Default value:
/var/lib/syslog\-ng/syslog\-ng\&.ctl
.RE
.PP
\fB\-\-debug\fR or \fB\-d\fR
.RS 4
Start syslog\-ng in debug mode\&.
.RE
.PP
\fB\-\-enable\-core\fR
.RS 4
Enable syslog\-ng to write core files in case of a crash to help support and debugging\&.
.RE
.PP
\fB\-\-fd\-limit \fR
.RS 4
Set the minimal number of required file descriptors (fd\-s)\&. This sets how many files syslog\-ng can keep open simultaneously\&. Default value:
\fI4096\fR\&. Note that this does not override the global ulimit setting of the host\&.
.RE
.PP
\fB\-\-foreground\fR or \fB\-F\fR
.RS 4
Do not daemonize, run in the foreground\&. When running in the foreground, starts from the current directory (\fB$CWD\fR) so it can create core files (normally, starts from
$PREFIX/var)\&.
.RE
.PP
\fB\-\-group \fR or \fB\-g \fR
.RS 4
Switch to the specified group after initializing the configuration file\&.
.RE
.PP
\fB\-\-help\fR or \fB\-h\fR
.RS 4
Display a brief help message\&.
.RE
.PP
\fB\-\-module\-registry\fR
.RS 4
Display the list and description of the available modules\&. Available only in and later\&.
.RE
.PP
\fB\-\-no\-caps\fR
.RS 4
Run syslog\-ng as root, without capability\-support\&. This is the default behavior\&. On Linux, it is possible to run syslog\-ng as non\-root with capability\-support if syslog\-ng was compiled with the
\fI\-\-enable\-linux\-caps\fR
option enabled\&. (Execute
\fBsyslog\-ng \-\-version\fR
to display the list of enabled build parameters\&.)
.sp
To run with specific capabilities, use the
\fI\-\-caps\fR
option\&.
.RE
.PP
\fB\-\-persist\-file \fR or \fB\-R \fR
.RS 4
Set the path and name of the
syslog\-ng\&.persist
file where the persistent options and data are stored\&.
.RE
.PP
\fB\-\-pidfile \fR or \fB\-p \fR
.RS 4
Set path to the PID file where the pid of the main process is stored\&.
.RE
.PP
\fB\-\-preprocess\-into \fR
.RS 4
After processing the configuration file and resolving included files and variables, write the resulting configuration into the specified output file\&. Available only in and later\&.
.RE
.PP
\fB\-\-process\-mode \fR
.RS 4
Sets how to run syslog\-ng: in the
\fIforeground\fR
(mainly used for debugging), in the
\fIbackground\fR
as a daemon, or in
\fIsafe\-background\fR
mode\&. By default, syslog\-ng runs in
\fIsafe\-background\fR
mode\&. This mode creates a supervisor process called
\fIsupervising syslog\-ng\fR
, that restarts syslog\-ng if it crashes\&.
.RE
.PP
\fB\-\-stderr\fR or \fB\-e\fR
.RS 4
Log internal messages of syslog\-ng to stderr\&. Mainly used for debugging purposes in conjunction with the
\fI\-\-foreground\fR
option\&. If not specified, syslog\-ng will log such messages to its internal source\&.
.RE
.PP
\fB\-\-syntax\-only\fR or \fB\-s\fR
.RS 4
Verify that the configuration file is syntactically correct and exit\&.
.RE
.PP
\fB\-\-user \fR or \fB\-u \fR
.RS 4
Switch to the specified user after initializing the configuration file (and optionally chrooting)\&. Note that it is not possible to reload the syslog\-ng configuration if the specified user has no privilege to create the
/dev/log
file\&.
.RE
.PP
\fB\-\-verbose\fR or \fB\-v\fR
.RS 4
Enable verbose logging used to troubleshoot syslog\-ng\&.
.RE
.PP
\fB\-\-version\fR or \fB\-V\fR
.RS 4
Display version number and compilation information, and also the list and short description of the available modules\&. For detailed description of the available modules, see the
\fB\-\-module\-registry\fR
option\&.
.RE
.PP
\fB\-\-worker\-threads\fR
.RS 4
Sets the number of worker threads can use, including the main thread\&. Note that certain operations in can use threads that are not limited by this option\&. This setting has effect only when is running in multithreaded mode\&. Available only in and later\&. See
\fBThe 4\&.3 Administrator Guide\fR
for details\&.
.RE
.SH "FILES"
.PP
/usr/
.PP
/etc/syslog\-ng/syslog\-ng\&.conf
.SH "SEE ALSO"
.PP
\fBsyslog\-ng\&.conf\fR(5)
.if n \{\
.sp
.\}
.RS 4
.it 1 an-trap
.nr an-no-space-flag 1
.nr an-break-flag 1
.br
.ps +1
\fBNote\fR
.ps -1
.br
.PP
For the detailed documentation of see
\m[blue]\fB\fBThe 4\&.3 Administrator Guide\fR\fR\m[]\&\s-2\u[3]\d\s+2
.PP
If you experience any problems or need help with syslog\-ng, visit the
\m[blue]\fB\fBsyslog\-ng mailing list\fR\fR\m[]\&\s-2\u[4]\d\s+2\&.
.PP
For news and notifications about of syslog\-ng, visit the
\m[blue]\fB\fBsyslog\-ng blogs\fR\fR\m[]\&\s-2\u[5]\d\s+2\&.
.sp .5v
.RE
.SH "AUTHOR"
.PP
This manual page was written by the Balabit Documentation Team \&.
.SH "COPYRIGHT"
.SH "NOTES"
.IP " 1." 4
\fBThe Administrator Guide\fR
.RS 4
\%https://www.balabit.com/support/documentation/
.RE
.IP " 2." 4
the official syslog-ng website
.RS 4
\%https://www.balabit.com/log-management
.RE
.IP " 3." 4
\fBThe 4.3 Administrator Guide\fR
.RS 4
\%https://www.balabit.com/documents/syslog-ng-ose-latest-guides/en/syslog-ng-ose-guide-admin/html/index.html
.RE
.IP " 4." 4
\fBsyslog-ng mailing list\fR
.RS 4
\%https://lists.balabit.hu/mailman/listinfo/syslog-ng
.RE
.IP " 5." 4
\fBsyslog-ng blogs\fR
.RS 4
\%https://syslog-ng.org/blogs/
.RE