Syslog-ng Installation
Loggly provides the infrastructure to aggregate and normalize log events so they are available to explore interactively, build visualizations, or create threshold-based alerting. In general, any method to send logs from a system or application to an external source can be adapted to send logs to Loggly. The following instructions provide one scenario for sending logs to Loggly.
syslog-ng can be used to collect local syslog messages & monitor log files on your servers and then forward them to Loggly.
syslog-ng OSE is an open source alternative to the standard syslog daemon that's commonly found on UNIX and UNIX-like (*nix) systems. It uses the basic syslog protocol, but extends it with content-based filtering, flexible configuration options and adds important features, such as using TCP (as well as TLS), which is much more reliable than UDP. syslog-ng OSE is developed by Balabit. Great documentation for advanced configuration is available on their web site, but we'll share a standard config here.
Installation
Using a Package Manager
Depending on your Linux distribution you can use yum or APT (do this with root or sudo privileges):
# apt-get install syslog-ng
You will most likely need to enable Extra Packages for Enterprise Linux (EPEL)
# yum install syslog-ng
Configure either using our Configure-syslog script or manually.
Compiling From Source
Download syslog-ng source code & eventlog source code. Install both eventlog & syslog-ng. Eventlog is a generic event logging library developed by Balabit. Once you've unzipped both packages (evenlog_x.x.xx.tar.gz & syslog-ng-x.xx.tar.gz), do this in each of those directories:
$ ./configure $ make $ sudo make install
Configure either using our Configure-syslog script or manually.
On Amazon EC2
The Amazon EC2 Linux distribution includes rsyslog by default. First you must remove rsyslog. Use rpm instead of yum so you keep the dependencies you need to access the machine. Enable the epel repo because it’s not enabled by default. Also grab the syslog-ng-libdbi dependency because it’s not pulled by yum automatically.
sudo rpm -e --nodeps rsyslog sudo yum install --enablerepo=epel syslog-ng sudo yum install --enablerepo=epel syslog-ng-libdbi sudo /etc/init.d/syslog-ng start
Configure either using our Configure-syslog script or manually.
Check your syslog-ng version
You'll need to know which version of syslog-ng you've got installed. We recommend running on the latest, but at least version 3.2 for best results.
$ syslog-ng -V
The scripts are not supported under any SolarWinds support program or service. The scripts are provided AS IS without warranty of any kind. SolarWinds further disclaims all warranties including, without limitation, any implied warranties of merchantability or of fitness for a particular purpose. The risk arising out of the use or performance of the scripts and documentation stays with you. In no event shall SolarWinds or anyone else involved in the creation, production, or delivery of the scripts be liable for any damages whatsoever (including, without limitation, damages for loss of business profits, business interruption, loss of business information, or other pecuniary loss) arising out of the use of or inability to use the scripts or documentation.