6.15. system: Collecting the system-specific log messages of a platform
Starting with version 3.2, syslog-ng OSE can automatically collect the system-specific log messages of the host on a number of platforms using the
system() driver. If the
system() driver is included in the syslog-ng OSE configuration file, syslog-ng OSE automatically adds the following sources to the syslog-ng OSE configuration.
system() driver is also used in the default configuration file of syslog-ng OSE. For details on the default configuration file, see Example 4.1, The default configuration file of syslog-ng OSE. Starting with syslog-ng OSE version 3.6, you can use the system-expand command-line utility (which is a shell script, located in the
modules/system-source/ directory) to display the configuration that the
system() source will use.
If syslog-ng OSE does not recognize the platform it is installed on, it does not add any sources.
Starting with version 3.6, syslog-ng OSE parses messages complying with the Splunk Common Information Model (CIM) and marked with
@cim as JSON messages (for example, the ulogd from the netfilter project can emit such messages). That way, you can forward such messages without losing any information to CIM-aware applications (for example, Splunk).
|AIX and Tru64||
file("/dev/klog" follow-freq(0) program-override("kernel") flags(no-parse));
For FreeBSD versions earlier than 9.1,
file("/dev/klog" follow-freq(0) program-override("kernel"));
file("/proc/kmsg" program-override("kernel") flags(kernel));
Note that on Linux, the
If the host is running under systemd, syslog-ng OSE reads directly from the systemd journal file using the
If the kernel of the host is version 3.5 or newer, and
If syslog-ng OSE is running in a jail or a Linux Container (LXC), it will not read from the
Table 6.3. Sources automatically added by syslog-ng Open Source Edition