Manage system logs (syslog-ng)

This topic describes how to use the System Logs page to control the syslog-ng daemon running on the appliance, and to view its output.

Logging options

This page enables you to configure the global behavior of the syslog-ng daemon. For example, you can configure how host names and DNS lookups are handled, and how default permissions are assigned to trace files and the directories where they are stored.

You can override these global configuration options on a per-destination basis using the Log Destinations configuration page.

Log source

A Log Source enables you to configure several ways that the syslog-ng daemon can receive log messages, including from a UNIX socket, Linux kernel, or from other systems on the network. The Log Sources page lists all known sources. You can add a new source by clicking the Add a new log source link. You can edit existing sources by clicking the link identifying the source.

In both cases, the Log Source Options page enables you to configure which data source types are used by the Log Source. For example, you can specify whether the Log Source receives messages from a Stream Socket, Datagram Socket, TCP Server, or from a Named Pipe, amongst other types.

When configuring the options for each source type, the default options are typically sufficient for most system configurations.

Log destinations

All services running on the appliance trace output to the syslog-ng daemon running on the appliance. You can view this trace output by clicking the Log Destinations page.

Trace files corresponding to the services running on the appliance are listed in a table on this page. To view a particular trace file, click the View link beside that entry in the table. The contents of the selected trace file are displayed on a new page. In cases where the trace file is large, you can select to view only a specified number of lines, and search through the file for lines that only show certain text.

Log filters

A Log Filter enables you to define a set of conditions that may match a particular log message based on its facility (source program type), priority (severity level), contents, sender's host name and IP address, and so on. The filter can then be combined with a source and destination in a log target to determine what log messages are written to the destination.

The Log Filters page lists all existing filters and can be used to create new filters and edit existing ones. You should only edit default filters under advice from Axway Support because any erroneous configurations can prevent critical log messages being written.

The syslog-ng daemon enables you to use boolean logic to create very complex filters to match messages. However, in most cases, you can use a simple set of rules based on the facility, priority, contents, host name, and source IP address of the message. You can write a syslog-ng boolean expression to create more powerful filters.

Log targets

Log Targets are used to bring together sources, destinations, and filters to determine exactly what messages are logged and to where. Each target comprises one or more sources, zero or more filters (to determine what messages are logged), and one or more destinations (to control where to log the messages to).

The Log Targets page lists all existing log targets. You can configure one of these targets by clicking its link. The target can then be configured easily by selecting the sources, filters, and destinations from the lists.

Related Links