syslog-ng documentation

Your main source of knowledge

The syslog-ng product family has an extensive documentation, covering everything from how to install a product to the most complex configuration and settings descriptions. If you cannot find an answer to your question, try the mailing list - our community is always eager to help.

syslog-ng Premium Edition


3.4. Procedure – Installing syslog-ng PE on RPM-based platforms (Red Hat, SUSE, AIX)


To install syslog-ng PE on operating systems that use the Red Hat Package Manager (RPM), complete the following steps. Installing syslog-ng PE automatically replaces the original syslog service. The following supported operating systems use RPM:

  • Red Hat Enterprise Linux

  • Red Hat Enterprise Server

  • SUSE Linux Enterprise Server


If you already had syslog-ng Open Source Edition (OSE) installed on the host, and are upgrading to syslog-ng Premium Edition, make sure that the ${SYSLOGNG_OPTIONS} environmental variable does not contain a -p <path-to-pid-file> option. If it does, remove this option from the environmental variable, because it can prevent syslog-ng PE from stopping properly. Typically, the environmental variable is set in the files /etc/default/syslog-ng or /etc/sysconfig/syslog-ng, depending on the operating system you use.


If you are planning to use Python in syslog-ng PE (for example Python parser or Python template function) on RHEL 6 platform, then you have to manually install Python 2.7. If the Python version on the machine is not 2.7, you will receive a similar error message during startup:

Reading shared object for a candidate module; path='/opt/syslog-ng/lib/syslog-ng', fname='', module='mod-python'
Error opening plugin module; module='mod-python', error=' cannot open shared object file: No such file or directory'


  1. Login to your MyBalabit account and download the syslog-ng RPM package for your system.

    • If the host already uses syslog-ng PE for logging, execute the following command as root. Otherwise, skip this step.

      rpm -U syslog-ng-premium-edition-<version>-<OS>-<arch>.rpm

      The syslog-ng Premium Edition application and all its dependencies will be installed, and the configuration of the existing syslog-ng PE installation will be used.


      If you are upgrading from syslog-ng version 2.1, note that the location of the configuration file has been moved to /opt/syslog-ng/etc/syslog-ng.conf

    • Execute the following command as root:

      rpm -i syslog-ng-premium-edition-<version>-<OS>-<arch>.rpm

      The syslog-ng PE application and all its dependencies will be installed.

  2. Warning

    When performing an upgrade, the package manager might automatically execute the post-uninstall script of the upgraded package, stopping syslog-ng PE and starting syslogd. If this happens, stop syslogd and start syslog-ng PE by issuing the following commands:

    /etc/init.d/syslogd stop
    /etc/init.d/syslog-ng start

    This behavior has been detected on CentOS 4 systems, but may occur on other rpm-based platforms as well.

  3. Edit the syslog-ng PE configuration file as needed. If you want to run syslog-ng PE in server mode, copy the license file to the /opt/syslog-ng/etc/ directory.

    For information on configuring syslog-ng PE, see the Chapter 4, The syslog-ng PE quick-start guide.

  4. Optional step for SELinux-enabled systems: Complete Procedure 3.5, Using syslog-ng PE on SELinux.