Last week, I posted about running nightly syslog-ng container images on arm64. However, you can also install syslog-ng directly on the host (in my case, a Raspberry Pi 3), running the latest Raspberry OS.
Before you begin
Right now, syslog-ng nightly arm64 packages are only available for Debian Bookworm. A 64-bit Raspberry Pi board with the latest Raspberry OS installed is probably the easiest way to test these packages. However, any arm64 machine running Debian Bookworm should do the job.
Installing syslog-ng
Before installing syslog-ng, you should add the GPG key:
wget -qO - https://ose-repo.syslog-ng.com/apt/syslog-ng-ose-pub.asc | sudo apt-key add -
After that, you can add the repository:
echo "deb [arch=arm64] https://ose-repo.syslog-ng.com/apt/ nightly debian-bookworm-arm64" | sudo tee -a /etc/apt/sources.list.d/syslog-ng-ose.list
The syslog-ng package is modular. The core syslog-ng package has minimal dependencies and is called syslog-ng-core. The syslog-ng package itself is an umbrella package installing all syslog-ng modules together with their dependencies. Depending on what you have already installed, it can be a huge download. You can list syslog-ng modules using the “apt-cache search syslog-ng” command. I tend to install the syslog-ng-mod-http package, as it pulls in the core package and dependencies, provides support for Elasticsearch and compatible services, and for many cloud-based destinations as well, like Slack. The following command installs syslog-ng with http destination support:
apt-get install syslog-ng-mod-http
Testing
The default configuration stores most log messages to /var/log/messages. You can test it using the logger command and if you are fast enough, this message should be the last one in the file:
logger bla tail -1 /var/log/messages Mar 18 08:24:18 raspberrypi root[12504]: bla
What is next?
In this blog, we used the default syslog-ng configuration for log collection. However, the possibilities are endless. In some of my previous blogs, I have already shown how to use syslog-ng for collecting temperature and humidity data, or how to collect log messages centrally on a Raspberry Pi. While syslog-ng is best known for its extreme performance, most syslog-ng users collect less than a hundred messages a second. Depending on the hardware and software configurations, syslog-ng can collect over 60,000 messages a second on a Raspberry Pi… :-)
-
If you have questions or comments related to syslog-ng, do not hesitate to contact us. You can reach us by email or even chat with us. For a list of possibilities, check our GitHub page under the “Community” section at https://github.com/syslog-ng/syslog-ng. On Twitter, I am available as @PCzanik, on Mastodon as @Pczanik@fosstodon.org.