6.12. system: Collecting the system-specific log messages of a platform
Starting with version 4 F1, syslog-ng PE can automatically collect the system-specific log messages of the host on a number of platforms using the
system() driver. If the
system() driver is included in the syslog-ng PE configuration file, syslog-ng PE automatically adds the following sources to the syslog-ng PE configuration.
system() driver is also used in the default configuration file of syslog-ng PE. For details on the default configuration file, see Example 4.1, The default configuration file of syslog-ng PE. Starting with syslog-ng PE version , you can use the system-expand command-line utility (which is a shell script, located in the
modules/system-source/ directory) to display the configuration that the
system() source will use.
If syslog-ng PE does not recognize the platform it is installed on, it does not add any sources.
Starting with version 7.0, syslog-ng PE parses messages complying with the Splunk Common Information Model (CIM) and marked with
@cim as JSON messages (for example, the ulogd from the netfilter project can emit such messages). That way, you can forward such messages without losing any information to CIM-aware applications (for example, Splunk).
|AIX and Tru64||
file("/dev/klog" follow-freq(0) program-override("kernel") flags(no-parse));
For FreeBSD versions earlier than 9.1,
file("/dev/klog" follow-freq(0) program-override("kernel"));
file("/proc/kmsg" program-override("kernel") flags(kernel));
Note that on Linux, the
If the host is running under systemd, syslog-ng PE reads directly from the systemd journal file using the
If the kernel of the host is version 3.5 or newer, and
If syslog-ng PE is running in a jail or a Linux Container (LXC), it will not read from the
Table 6.3. Sources automatically added by syslog-ng Premium Edition