Syslog-ng
As useful and ubiquitous as syslog is, it’s beginning to show its age. Modern Unix and Unix-like systems are considerably more complex than they were when syslog was invented, and they have outgrown both syslog’s limited facilities and its primitive network-forwarding functionality.
Syslog-ng (“syslog new generation”) is an attempt to increase syslog’s flexibility by adding better message filtering, better forwarding, and eventually (though not quite yet), message integrity and encryption. In addition, Syslog-ng supports remote logging over both the TCP and UDP protocols. Syslog-ng is the brainchild of and is primarily developed and maintained by Balazs (“Bazsi”) Scheidler.
Lest you think Syslog-ng is untested or untrusted,
it’s already been incorporated into Debian GNU/Linux
2.2 “Potato” as a binary package
(in the “admin” section). Syslog-ng
is in fact both stable and popular. Furthermore, even though its
advanced security features are still works in progress, Syslog-ng can
be used in conjunction with TCP
“tunneling” tools such as
stunnel and ssh to
authenticate or encrypt log messages sent to remote hosts.
Compiling and Installing Syslog-ng from Source Code
The non-Debian users among you may not wish to wait for your distribution of choice to follow suit with its own binary package of Syslog-ng. Let’s start, then, with a brief description of how to compile and install Syslog-ng from source.
First, you need to obtain the latest Syslog-ng source code. As of this writing, ...
Get Building Secure Servers with Linux now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
