syslog-ng documentation

Your main source of knowledge

The syslog-ng product family has an extensive documentation, covering everything from how to install a product to the most complex configuration and settings descriptions. If you cannot find an answer to your question, try the mailing list - our community is always eager to help.

syslog-ng Premium Edition


3.3.2. Procedure – Installing syslog-ng PE in server mode


Complete the following steps to install syslog-ng PE on log servers. For details on the different operation modes of syslog-ng PE, see Section 2.3, Modes of operation.



The native logrotation tools do not send a SIGHUP to syslog-ng after rotating the log files, causing syslog-ng to write into files already rotated. To solve this problem, the syslog-ng init script links the /var/run/ file to syslog-ng's pid. Also, on Linux, the script symlinks the initscript of the original syslog daemon to syslog-ng's initscript.

  1. Login to your MyBalabit account and download the syslog-ng PE installer package and your syslog-ng Premium Edition license file (license.txt). The license will be required to run syslog-ng PE in server mode (see Section 2.3.3, Server mode) and is needed when you are installing syslog-ng PE on your central log server.

  2. Enable the executable attribute for the installer using the chmod +x syslog-ng-<edition>-<version>-<OS>-<platform>.run, then start the installer as root using the ./syslog-ng-<edition>-<version>-<OS>-<platform>.run command. (Note that the exact name of the file depends on the operating system and platform.) Wait until the package is uncompressed and the welcome screen appears, then select Continue.

    Figure 3.8. The welcome screen

    The welcome screen
  3. Accepting the EULA: You can install syslog-ng PE only if you understand and accept the terms of the End-User License Agreement (EULA). The full text of the EULA can be displayed during installation by selecting the Show EULA option, and is also available in this guide for convenience at Appendix B, END USER LICENSE AGREEMENT FOR BALABIT PRODUCT (EULA). Select Accept to accept the EULA and continue the installation.

    If you do not accept the terms of the EULA for some reason, select Reject to cancel installing syslog-ng PE.

  4. Detecting platform and operating system: The installer attempts to automatically detect your oprating system and platform. If the displayed information is correct, select Yes. Otherwise select Exit to abort the installation, and verify that your platform is supported. For a list of supported platforms, see Section 1.6, Supported platforms. If your platform is supported but not detected correctly, contact your local distributor, reseller, or the BalaBit Support Team. For contact details, see Section 5, Contact and support information.

    Figure 3.9. Platform detection

    Platform detection
  5. Installation path: Enter the path to install syslog-ng PE to. This is useful if you intend to install syslog-ng PE without registering it as a service, or if it cannot be installed to the default location because of policy compliance reasons. If no path is given, syslog-ng PE is installed to the default folder.

    Figure 3.10. Installation path

    Installation path

    When installing syslog-ng PE to an alternative path on AIX, HP-UX, or Solaris platforms, set the CHARSETALIASDIR environmental variable to the lib subdirectory of the installation path. That way syslog-ng PE can find the charset.alias file.

  6. Registering as syslog service: Select Register to register syslog-ng PE as the syslog service. This will stop and disable the default syslog service of the system.

    Figure 3.11. Registering as syslog service

    Registering as syslog service
  7. Locating the license: Enter the path to your license file (license.txt) and select OK. Typically this is required only for your central log server.

    If you are upgrading an existing configuration that already has a license file, the installer automatically detects it.

    Figure 3.12. Platform detection

    Platform detection
  8. Upgrading: The syslog-ng PE installer can automatically detect if you have previously installed a version of syslog-ng PE on your system. To use the configuration file of this previous installation, select Yes. To ignore the old configuration file and create a new one, select No.

    Note that if you decide to use your existing configuration file, the installer automatically checks it for syntax error and displays a list of warnings and errors if it finds any problems.

    Figure 3.13. Upgrading syslog-ng

    Upgrading syslog-ng
  9. Generating a new configuration file: The installer displays some questions to generate a new configuration file.

    1. Remote sources: Select Yes to accept log messages from the network. TCP, UDP, and SYSLOG messages on every interface will be automatically accepted.

      Figure 3.14. Accepting remote messages

      Accepting remote messages
    2. Remote destinations: Enter the IP address or hostname of your log server or relay and select OK.

      Figure 3.15. Forwarding messages to the log server

      Forwarding messages to the log server

    Accepting remote messages and forwarding them to a log server means that syslog-ng PE will start in relay mode.

  10. After the installation is finished, add the /opt/syslog-ng/bin and /opt/syslog-ng/sbin directories to your search PATH environment variable. That way you can use syslog-ng PE and its related tools without having to specify the full pathname. Add the following line to your shell profile:

  11. Optional step for SELinux-enabled systems: Complete Procedure 3.5, Using syslog-ng PE on SELinux.