Provided by: syslog-ng_2.0.9-1ubuntu1_i386 bug

NAME

       /etc/syslog-ng/syslog-ng.conf - syslog-ng configuration file

DESCRIPTION

       The configuration file for syslog-ng

       A  message  route in syslog-ng is made up from three parts: a source, a
       destination and filtering rules.

SOURCES

       You can declare source statements using the "source" keyword:

       source <sourcename> { sourcedriver params; sourcedriver params; ... };

       Sourcename is an identifier you’ll  use  to  refer  to  this  group  of
       messages.   Sourcedriver  is  a  method of getting a given message. The
       following drivers are available:

       * file <filename> - reads messages from the given file

       * unix-dgram <filename>  -  reads  messages  from  the  given  AF_UNIX,
       SOCK_DGRAM socket (BSDi style)

       *  unix-stream  <filename>  -  reads  messages  from the given AF_UNIX,
       SOCK_STREAM socket (Linux style)

       * udp <ip>,<port> - network source using the UDP protocol.  If  you  do
       not want to bind to a specific interface use 0.0.0.0.

       * tcp <ip>,<port> - network source using the TCP protocol.

       * sun-streams <filename> - local source used on Solaris systems

DESTINATIONS

       Destinations can be created using the destination keyword:

       destination <destname> { destdriver params; destdriver params; ... ; };

       * file <filename> - writes messages to the given file

       * unix-dgram  <filename>  -  writes  messages  to  the  given  AF_UNIX,
       SOCK_DGRAM socket (BSDi style)

       *  unix-stream  <filename>  -  writes  messages  to  the given AF_UNIX,
       SOCK_STREAM socket (Linux style)

       * udp <ip>,<port> - network destination using the UDP protocol

       * tcp <ip>,<port> - network destination using the TCP protocol

       * usertty <username> - sends log to the given user’s terminal

FILTERS

       You can create filters using the filter keyword:

       filter <filtername> { expression; };

       Where expression is a simple boolean expression.  You  can  use  "and",
       "or" and "not" to connect builtin functions. Functions can be one of:

       * facility(list of comma seperated facility names)

       * level(list of comma seperated priority nammes OR a range separated by
       "..")

       * program(regexp to match program name)

       * host(regexp to match hostname)

       * match(regexp to match message)

LOG STATEMENTS

       You can connect sources and destinations using the log statement:

       log { source S1; source S2; ... filter F1; filter F2;  ...  destination
       D1; destination D2; ... };

       Where  Sx  refers  to  one  of  the declared log sources, Fx one of the
       filters and Dx one of the destinations.

       Filters are ANDed together.

OPTIONS

       You can specify several global options  to  syslog-ng  in  the  options
       statement:

       options { opt1; opt2; ... };

       Where an option can be any of the following:

       chain_hostnames(yes|no)
              Enable or disable the chained hostname format.

       long_hostnames(yes|no)
              This is a deprecated alias for chain_hostnames().

       keep_hostname(yes|no)
              Specifies whether to trust hostname as it is included in the log
              message. If keep_hostname is yes and there is a hostname in  the
              message  it  is  not  touched,  otherwise it is always rewritten
              based on the information where the message was received from.

       use_dns(yes|no)
              Enable or disable DNS usage.  syslog-ng blocks on  DNS  queries,
              so  enabling  DNS  may  lead  to a Denial of Service attack.  To
              prevent  DoS,  protect  your  syslog-ng  network  endpoint  with
              firewall  rules,  and make sure that all hosts, which may get to
              syslog-ng is resolvable.

       use_fqdn(yes|no)
              Add Fully Qualified Domain Name instead of short hostname.

       check_hostname(yes|no)
              Enable  or  disable  whether   the   hostname   contains   valid
              characters.

       bad_hostname(regex)
              A  regexp  which  matches hostnames which should not be taken as
              such.

       dns_cache(yes|no)
              Enable or disable DNS cache usage.

       dns_cache_expire(n)
              Number of seconds while a successful lookup is cached.

       dns_cache_expire_failed(n)
              Number of seconds while a failed lookup is cached.

       dns_cache_size(n)
              Number of hostnames in the DNS cache.

       create_dirs(yes|no)
              Enable or disable directory creation for destination files.

       dir_owner(uid)
              User id.

       dir_group(gid)
              Group id.

       dir_perm(perm)
              Permission value (octal mask).

       owner(uid)
              User id for created files.

       group(gid)
              Group id for created files.

       perm(perm)
              Permission value for created files.

       gc_busy_threshold(n)
              Sets the threshold value for the garbage collector, when syslog-
              ng  is  busy.   GC  phase  starts  when  the number of allocated
              objects reach this number.  Default: 3000.

       gc_idle_threshold(n)
              Sets the threshold value for the garbage collector, when syslog-
              ng  is  idle.   GC  phase  starts  when  the number of allocated
              objects reach this number.  Default: 100.

       log_fifo_size(n)
              The number of lines fitting to the output queue. An output queue
              is present for all destinations.

       log_msg_size(n)
              Maximum   length   of  message  in  bytes  (NOTE:  some  syslogd
              implementations have a fixed limit of 1024 characters).

       mark(n)
              The number  of  seconds  between  two  MARK  lines.   NOTE:  not
              implemented yet.

       stats(n)
              The number of seconds between two STATS messages.

       sync(n)
              The  number  of  lines  buffered  before written to file (can be
              overridden locally).

       time_reap(n)
              The time to wait before an idle destination file is closed.

       time_reopen(n)
              The time to wait before a died connection is reestablished.

       use_time_recvd(yes|no)
              This variable is used only for macro expansion where the meaning
              of  the  time specific macros depend on this setting, however as
              there  are  separate  macros  for  referring  to  the   received
              timestamp  (R_  macros)  and  the log message timestamp (S_), so
              using this value is not recommended.

FILES

       /etc/syslog-ng/syslog-ng.conf

COPYRIGHT

       syslog-ng and this file is Copyright  (c)  1999-2004  BalaBit  IT  Ltd,
       portions were contributed by Jose Pedro Oliveira.

SEE ALSO

       syslog-ng(8), syslogd(8)

                                                             syslog-ng.conf(5)