syslog-ng documentation

Your main source of knowledge

The syslog-ng product family has an extensive documentation, covering everything from how to install a product to the most complex configuration and settings descriptions. If you cannot find an answer to your question, try the mailing list - our community is always eager to help.

syslog-ng Premium Edition

Contents

Index The syslog-ng Premium Edition 7 Administrator Guide

Symbols

$(context-length), Attributes
$(echo), Using template functions
$(indent-multi-line ${MESSAGE}), multi-line-mode(), multi-line-prefix(), multi-line-mode(), multi-line-prefix(), multi-line-mode(), multi-line-prefix()
$DATE, value-pairs()
$FACILITY, value-pairs(), value-pairs()
$FULLHOST_FROM, FULLHOST_FROM, FULLHOST_FROM
$HOST, value-pairs(), value-pairs()
$HOST_FROM, HOST_FROM, HOST_FROM
$MESSAGE, value-pairs(), value-pairs()
$MSGID, value-pairs()
$PID, value-pairs(), value-pairs()
$PRIORITY, value-pairs(), value-pairs()
$PROGRAM, value-pairs(), value-pairs(), pdbtool
$R_DATE, value-pairs()
$SEQNUM, value-pairs()
$SOURCEIP, value-pairs(), value-pairs()
$TAGS, value-pairs()
$UNIXTIME, Specifying data types in value-pairs
$_, Setting multiple message fields to specific values
${.cisco.facility}, The Cisco Parser
${.cisco.mnemonic}, The Cisco Parser
${.cisco.severity}, The Cisco Parser
${.SDATA.SDID.SDNAME}, SDATA, .SDATA.SDID.SDNAME
${AMPM}, AMPM, HOUR12, C_HOUR12, R_HOUR12, S_HOUR12
${C_DATE}, Date-related macros
${DATE}, Date-related macros, FULLDATE, C_FULLDATE, R_FULLDATE, S_FULLDATE
${DAY}, Formatting messages, filenames, directories, and tablenames
${FULLHOST_FROM}, FULLHOST_FROM, SOURCEIP
${HOST_FROM}, HOST_FROM
${HOST}, Global objects, The syslog-ng PE quick-start guide, file() destination options, Formatting messages, filenames, directories, and tablenames, Using template functions, echo
${HOUR12}, AMPM
${HOUR}, Date-related macros
${ISODATE}, Date-related macros, ISODATE, C_ISODATE, R_ISODATE, S_ISODATE, TZOFFSET, C_TZOFFSET, R_TZOFFSET, S_TZOFFSET
${LEVEL}, LEVEL_NUM, PRIORITY or LEVEL
${MESSAGE}, multi-line-mode(), multi-line-prefix(), multi-line-mode(), multi-line-prefix(), multi-line-mode(), multi-line-prefix(), Combining filters with boolean operators, MESSAGE, substr, pdbtool
${MSGHDR}, Templates and macros, MESSAGE
${MSGONLY}, MESSAGE
${MSG}, Message representation in syslog-ng PE
${PID}, Comparing macro values in filters
${PROGRAM}, file: Storing messages in plain-text files, pdbtool, pdbtool, pdbtool
${RCPTID}, use-rcptid() (DEPRECATED) , RCPTID
${R_DATE}, Date-related macros
${SDATA}, SDATA, .SDATA.SDID.SDNAME
${SEQNUM}, SEQNUM, SEQNUM, SEQNUM
${SYSLOGNG_OPTIONS}, Installing syslog-ng using the .run installer, Installing syslog-ng, Installing syslog-ng
${S_DATE}, Date-related macros, Date-related macros
${TAGS}, Tagging messages, TAGS, Description
${TZOFFSET}, TZOFFSET, C_TZOFFSET, R_TZOFFSET, S_TZOFFSET
${UNIQID}, UNIQID
${WEEKDAY}, overwrite-if-older()
--active-connections, loggen
--caps, syslog-ng
--ctrl-chars or -c, sanitize
--debug, Troubleshooting syslog-ng
--debug-csv, pdbtool
--debug-pattern, pdbtool
--dgram, loggen
--enable-linux-caps, syslog-ng
--enable-spoof-source, How relaying log messages works
--fd-limit, file() destination options
--field, geoip2
--foreground, syslog-ng
--group, syslog-ng
--idle-connections, loggen
--inet, loggen
--interval, loggen, loggen
--invalid-chars <characterlist> or -i <characterlist>, sanitize
--length, hash, hash
--no-caps, syslog-ng, syslog-ng
--no-ctrl-chars or -C, sanitize
--no-framing, loggen
--number, loggen, loggen
--pidfile, Installing syslog-ng using the .run installer, Installing syslog-ng, Installing syslog-ng
--read-file, loggen, loggen
--replacement <replacement-character> or -r <replacement-character>, sanitize
--sdata, loggen
--skip-tokens, loggen
--stderr, syslog-ng-ctl, syslog-ng-ctl, syslog-ng-ctl
--syslog-proto, loggen, loggen
--user, syslog-ng
--verbose, Troubleshooting syslog-ng
--worker-threads, Multithreading concepts of syslog-ng PE, Multithreading concepts of syslog-ng PE, Multithreading concepts of syslog-ng PE, Multithreading concepts of syslog-ng PE, Multithreading concepts of syslog-ng PE, Multithreading concepts of syslog-ng PE, Multithreading concepts of syslog-ng PE
-p, Installing syslog-ng using the .run installer, Installing syslog-ng, Installing syslog-ng
.classifier.<message-class>, tags(), Using parser results in filters and templates
.classifier.class, Using parser results in filters and templates
.classifier.context_id, Using parser results in filters and templates, Correlating log messages using pattern databases, Attributes, Attributes
.classifier.rule_id, Using parser results in filters and templates, Using parser results in filters and templates
.classifier.system, tags(), Using parser results in filters and templates
.classifier_class, Using parser results in filters and templates
.osquery., osquery: Collect and parse osquery result logs
.SDATA.meta, Tagging messages
.snmp., snmptrap: Read Net-SNMP traps
.solaris.msgid, sun-streams: Collecting messages on Sun Solaris, system: Collecting the system-specific log messages of a platform, system: Collecting the system-specific log messages of a platform, system: Collecting the system-specific log messages of a platform
.USER, Setting multiple message fields to specific values, Setting multiple message fields to specific values
/, sanitize
0, tcp-keepalive-intvl(), tcp-keepalive-probes(), tcp-keepalive-time(), tcp-keepalive-intvl(), tcp-keepalive-probes(), tcp-keepalive-time()
00:50:fc:e3:cd:37, @MACADDR@
4096, syslog-ng
59, The XML parser
<action>, Triggering actions for identified messages, Example, Example
<create-context>, Triggering actions for identified messages, Example
<message>, Triggering actions for identified messages, Example, Example
<object-type> (<object-id>);, Defining configuration objects inline
<object-type> {<object-definition>};, Defining configuration objects inline
<pattern>postfix\@ESTRING:.postfix.component:[@</pattern>, Children
<user@example.com>, @EMAIL@
@cim, system: Collecting the system-specific log messages of a platform
@define allow-config-dups 1, The configuration syntax in detail, Including configuration files, syslog-ng.conf
@DOUBLE@, @FLOAT@
@EMAIL:email:[<]>@, @EMAIL@
@FLOAT@, @DOUBLE@
@module, Loading modules, Loading modules, Loading modules, Loading modules
@PCRE:name:regexp@, @PCRE@
@SET:: @, @SET@
@version, Loading modules, Including configuration files
[user@example.com], @EMAIL@

C

ca-dir(), crl-dir()
catchall, Log path flags, Log path flags, Log path flags
ca_dir(), ca-dir(), ca-dir()
ca_file(), ca-file()
cc(), cc()
CEF, format-cef-extension
CentOS
installing syslog-ng, Installing syslog-ng
cert-file(), key-file(), key-file()
certificates, Secure logging using TLS
certified packages, Certified packages
cert_file(), cert-file(), cert-file()
chain-hostnames(), Notes about counting the licensed hosts, Configuring syslog-ng relays, chain-hostnames(), chain-hostnames(), chain-hostnames(), FULLHOST, HOST
channel, Using channels in configuration objects
channels, Using channels in configuration objects
CHARSETALIASDIR, Installing syslog-ng using the .run installer, Installing syslog-ng using the .run installer
chroots, Best practices and examples
CIM, system: Collecting the system-specific log messages of a platform
cisco, The Cisco Parser
Cisco Parser, The Cisco Parser
Cisco sequence number, SEQNUM
Cisco timestamp, SEQNUM
cisco-parser(), The Cisco Parser, prefix()
class-path, hdfs: Storing messages on the Hadoop Distributed File System (HDFS)
class-path(), client-lib-dir(), client-lib-dir(), client-lib-dir(), client-lib-dir()
classifying messages
concepts of, Classifying log messages
configuration, Using pattern databases
creating databases, The syslog-ng pattern database format
filtering, Using parser results in filters and templates
pattern matching concepts, How pattern matching works
clear-on-read(), clear-on-read(), clear-on-read()
clear_on_read(), clear-on-read()
client mode, Client mode
client-host, How relaying log messages works, How relaying log messages works, How relaying log messages works
client-hostname-from-the-message, chain-hostnames()
client-hostname-resolved-on-the-relay, chain-hostnames()
client-hostname-resolved-on-the-server, chain-hostnames()
client-lib-dir(), client-lib-dir(), client-lib-dir(), client-lib-dir(), client-lib-dir()
cluster(), Client modes, Elasticsearch destination options, client-mode(), Client modes, elasticsearch2: Sending messages directly to Elasticsearch version 2.0 or higher, Elasticsearch2 destination options, client-mode()
cluster_url(), server()
columns(), sql: Storing messages in an SQL database, values()
Common Information Model (CIM), system: Collecting the system-specific log messages of a platform
Common Name, Encrypting log messages with TLS, Encrypting log messages with TLS, Mutual authentication using TLS
comparing values, Comparing macro values in filters
concurrent-requests, How syslog-ng PE interacts with Elasticsearch, flush-limit(), How syslog-ng PE interacts with Elasticsearch, flush-limit()
concurrent-requests(), concurrent-requests(), concurrent-requests(), concurrent-requests(), concurrent-requests()
condition, Conditional actions
condition(), Conditional rewrites, Conditional rewrites
condition='$(context-length) >= 5', Attributes
conditional rewrites, Conditional rewrites, Conditional rewrites
confgen, Managing complex syslog-ng configurations
configuration file
default configuration, The syslog-ng PE quick-start guide, The syslog-ng PE quick-start guide
detecting changes, Logging configuration changes
including other files, Including configuration files
configuration files
dynamic elements, Managing complex syslog-ng configurations
configuration snippets, Reusing configuration blocks
block arguments, Passing arguments to configuration blocks
dynamical block arguments, Passing arguments to configuration blocks
context, Managing complex syslog-ng configurations, Managing complex syslog-ng configurations, Actions and message correlation, Children, Children, Children, aggregate(), aggregate()
context of messages, Correlating log messages using pattern databases
context-id, Correlating log messages using pattern databases, Attributes, Attributes, Attributes, Attributes
context-lookup, grep
context-scope, Correlating log messages using pattern databases, Actions and message correlation, Actions and message correlation, Attributes, Attributes, Attributes, Attributes, Children, Attributes, Attributes, Attributes, Attributes
context-timeout, Correlating log messages using pattern databases, Correlating log messages using pattern databases, Correlating log messages using pattern databases, Correlating log messages using pattern databases, Actions and message correlation, Actions and message correlation, Attributes, Attributes, Correlating messages using the grouping-by() parser, Correlating messages using the grouping-by() parser, Correlating messages using the grouping-by() parser
CONTEXT_ID, Hard vs. soft macros
Coordinated Universal Time, A note on timezones and timestamps
core files, Troubleshooting syslog-ng
correlate messages, Correlating messages using the grouping-by() parser
correlating log messages, Numerical operations, Correlating log messages
correlating messages, Correlating log messages using pattern databases, Correlating messages using the grouping-by() parser
create-dirs(), file: Storing messages in plain-text files, dir-perm(), dir-perm()
creating SDATA fields, Creating custom SDATA fields
credit card numbers
anonymizing, Anonymizing credit card numbers
masking, Anonymizing credit card numbers
credit-card-hash(), Anonymizing credit card numbers
credit-card-mask(), Anonymizing credit card numbers
crit, level() or priority()
crl-dir(), crl-dir()
crl_dir(), crl-dir()
CSV parsers, Options of CSV parsers
csv-parser(), Global objects, Junctions and channels, Parsing messages with comma-separated and similar values, Parsing messages with comma-separated and similar values, Options of CSV parsers, Options of CSV parsers
CSV-values, Parsing messages with comma-separated and similar values
custom python parser, The Python Parser
custom-domain(), custom-domain()
custom_domain(), custom-domain()

D

data anonymization, Anonymizing credit card numbers
data enrichment, Enriching log messages with external data
add-contextual-data() , Adding metadata from an external file, Options add-contextual-data()
data types, Specifying data types in value-pairs
database(), sql: Storing messages in an SQL database, Using the sql() driver with an Oracle database, database(), Options add-contextual-data(), database()
DATE, value-pairs(), Date-related macros, Hard vs. soft macros
date, Parsing dates and timestamps, Options of date-parser() parsers
date-parser(), Parsing dates and timestamps, Options of date-parser() parsers
datetime, Specifying data types in value-pairs
DAY, Date-related macros, Hard vs. soft macros
daylight saving changes, Timezones and daylight saving
db-parser(), Using pattern databases, Using pattern databases, Triggering actions for identified messages
debug, level() or priority(), Dropping messages
default-facility(), How sources work, file: Collecting messages from text files, wildcard-file: Collecting messages from multiple text files, default-facility()
default-level(), default-level()
default-priority(), How sources work, file: Collecting messages from text files, wildcard-file: Collecting messages from multiple text files
default-selector(), Adding metadata from an external file, Using filters as selector, default-selector(), default-selector(), prefix()
default_facility(), default-facility()
default_level(), default-level()
deinit(), Version 7.0.4 - 7.0.5, Methods of the python() parser
deinit(self), Methods of the python() parser
deleting syslog-ng PE, Uninstalling syslog-ng PE
delimiters(), delimiters()
delimiters(<delimiter_characters>), delimiters()
destination, The configuration syntax in detail, Reusing configuration blocks, Managing complex syslog-ng configurations, syslog-ng.conf
destination drivers, Global objects, Sending and storing log messages — destinations and destination drivers
database driver, sql: Storing messages in an SQL database, sql() destination options
elasticsearch , elasticsearch: Sending messages directly to Elasticsearch version 1.x, Elasticsearch destination options
elasticsearch2 , elasticsearch2: Sending messages directly to Elasticsearch version 2.0 or higher, Elasticsearch2 destination options
file() driver, file: Storing messages in plain-text files, file() destination options
hdfs , hdfs: Storing messages on the Hadoop Distributed File System (HDFS), HDFS destination options
http , http: Posting messages over HTTP, HTTP destination options
http() driver, http: Posting messages over HTTP
java() driver, elasticsearch: Sending messages directly to Elasticsearch version 1.x, Elasticsearch destination options, elasticsearch2: Sending messages directly to Elasticsearch version 2.0 or higher, Elasticsearch2 destination options, hdfs: Storing messages on the Hadoop Distributed File System (HDFS), HDFS destination options, kafka: Publishing messages to Apache Kafka, Kafka destination options
kafka , kafka: Publishing messages to Apache Kafka, Kafka destination options
list of, Sending and storing log messages — destinations and destination drivers, syslog-ng.conf
mongodb() driver, mongodb: Storing messages in a MongoDB database, mongodb() destination options
network() driver, network() destination options
pipe() driver, pipe: Sending messages to named pipes, pipe() destination options
program() driver, program: Sending messages to external applications, program() destination options
smtp() driver, smtp: Generating SMTP messages (e-mail) from logs, smtp() destination options
Splunk, Splunk: Sending log messages to Splunk
sql() driver, sql: Storing messages in an SQL database, sql() destination options
syslog() driver, syslog: Sending messages to a remote logserver using the IETF-syslog protocol, syslog() destination options
tcp() driver, tcp, tcp6, udp, udp6: Sending messages to a remote log server using the legacy BSD-syslog protocol (tcp(), udp() drivers)
tcp6() driver, tcp, tcp6, udp, udp6: Sending messages to a remote log server using the legacy BSD-syslog protocol (tcp(), udp() drivers)
udp() driver, tcp, tcp6, udp, udp6: Sending messages to a remote log server using the legacy BSD-syslog protocol (tcp(), udp() drivers)
udp6() driver, tcp, tcp6, udp, udp6: Sending messages to a remote log server using the legacy BSD-syslog protocol (tcp(), udp() drivers)
unix-dgram() driver, unix-stream, unix-dgram: Sending messages to UNIX domain sockets, unix-stream() and unix-dgram() destination options
unix-stream() driver, unix-stream, unix-dgram: Sending messages to UNIX domain sockets, unix-stream() and unix-dgram() destination options
usertty() driver, usertty: Sending messages to a user terminal — usertty() destination
destinations, Logging with syslog-ng, Global objects, Sending and storing log messages — destinations and destination drivers, syslog-ng.conf
defining, Sending and storing log messages — destinations and destination drivers
FreeTDS configuration, Installing syslog-ng
Microsoft SQL Server configuration, Installing syslog-ng
MSSQL configuration, Installing syslog-ng
sql() configuration, sql: Storing messages in an SQL database, Using the sql() driver with an Oracle database, Using the sql() driver with a Microsoft SQL database, null()
DH parameter file, dhparam-file()
dhparam, dhparam-file()
dhparam-file(), dhparam-file()
dhparam_file(), dhparam-file()
Diffie-Hellman parameter file, dhparam-file()
dir(), Version 7.0.4 - 7.0.5, disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer()
dir-group(), dir-group()
dir-owner(), dir-owner()
dir-perm(), dir-perm(), dir-perm()
dirname, FILE_NAME, basename
dirname(), Version 7.0.2 - 7.0.3
disable SSL, cipher-suite(), cipher-suite(), ssl-options(), ssl-options()
disable TLS, ssl-options()
disabling SSL, ssl-options()
disabling TLS, ssl-options()
discarded, Metrics and counters of syslog-ng PE
discarding messages, Dropping messages
disk buffer, disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), Using disk-based and memory buffering
disk queue (see disk buffer)
disk buffer, Managing incoming and outgoing messages with flow-control
disk-based buffering, disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), Using disk-based and memory buffering
disk-buf-size(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), Flow-control and multiple destinations, Using disk-based and memory buffering, Size and truncation of queue files
disk-buffer(), Version 7.0.4 - 7.0.5, disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), Using disk-based and memory buffering
disk_buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer()
dns-cache(), FULLHOST, HOST
dns-cache-hosts(), Using name resolution in syslog-ng
dont-create-tables, flags()
dont-store-legacy-msghdr, flags(), flags(), flags(), flags(), flags(), flags(), flags(), flags(), flags()
door(), sun-streams: Collecting messages on Sun Solaris
dot-nv-pairs, value-pairs()
double, Specifying data types in value-pairs
download
pattern databases, Downloading sample pattern databases
drop-invalid, flags(), flags()
drop-message, on-error(), on-error(), on-error(), on-error(), on-error(), on-error(), on-error(), on-error(), on-error(), on-error(), on-error(), on-error(), on-error()
drop-property, on-error(), on-error(), on-error(), on-error(), on-error(), on-error(), format-cef-extension, on-error()
dropped, Metrics and counters of syslog-ng PE, Metrics and counters of syslog-ng PE, Log statistics from the internal() source
dropping messages, Dropping messages
dynamic configuration, Managing complex syslog-ng configurations
dynamical block arguments, Passing arguments to configuration blocks

E

ecdh-curve-list(), ecdh-curve-list()
elasticsearch, elasticsearch: Sending messages directly to Elasticsearch version 1.x, elasticsearch: Sending messages directly to Elasticsearch version 1.x, elasticsearch: Sending messages directly to Elasticsearch version 1.x, elasticsearch: Sending messages directly to Elasticsearch version 1.x, elasticsearch: Sending messages directly to Elasticsearch version 1.x, elasticsearch: Sending messages directly to Elasticsearch version 1.x, How syslog-ng PE interacts with Elasticsearch, Elasticsearch destination options, client-lib-dir()
performance, concurrent-requests(), flush-limit()
transferring geoip2 data, Transferring your logs to Elasticsearch using GeoIP2
elasticsearch(), Relay mode, elasticsearch2: Sending messages directly to Elasticsearch version 2.0 or higher
elasticsearch2, Sending and storing log messages — destinations and destination drivers, elasticsearch2: Sending messages directly to Elasticsearch version 2.0 or higher, elasticsearch2: Sending messages directly to Elasticsearch version 2.0 or higher, elasticsearch2: Sending messages directly to Elasticsearch version 2.0 or higher, elasticsearch2: Sending messages directly to Elasticsearch version 2.0 or higher, elasticsearch2: Sending messages directly to Elasticsearch version 2.0 or higher, elasticsearch2: Sending messages directly to Elasticsearch version 2.0 or higher, elasticsearch2: Sending messages directly to Elasticsearch version 2.0 or higher, elasticsearch2: Sending messages directly to Elasticsearch version 2.0 or higher, elasticsearch2: Sending messages directly to Elasticsearch version 2.0 or higher, How syslog-ng PE interacts with Elasticsearch, Elasticsearch2 destination options, syslog-ng.conf
performance, concurrent-requests(), flush-limit()
elasticsearch2(), Relay mode, elasticsearch: Sending messages directly to Elasticsearch version 1.x, Using disk-based and memory buffering, Enabling reliable disk-based buffering, Enabling normal disk-based buffering
email, @EMAIL@
embedded log statements, Embedded log statements
emerg, level() or priority()
empty-lines, flags(), flags(), flags(), flags(), flags(), flags(), flags(), flags(), flags()
encoding(), Message size and encoding, format-cef-extension
encrypting log messages, Secure logging using TLS, Encrypting log messages with TLS
enriching data
add-contextual-data() , Adding metadata from an external file, Options add-contextual-data()
enriching log messages, Enriching log messages with external data
environmental variables, Global and environmental variables
err, level() or priority()
error, PRIORITY or LEVEL
error solving, Troubleshooting syslog-ng
escape-backslash, dialect(), flags()
escape-double-char, dialect(), flags()
escape-none, dialect(), dialect(), flags()
escaping special characters, Regular expressions
exclude(), Structuring macros, metadata, and other value-pairs, value-pairs()
exclude_tags, exclude-tags
expect-hostname, flags(), flags(), flags(), flags(), flags(), flags(), flags(), flags(), flags()
explicit-commits, flags(), flags()
extended timestamp format, SEQNUM
extract-prefix(), extract-prefix()
extract-solaris-msgid(), sun-streams: Collecting messages on Sun Solaris, system: Collecting the system-specific log messages of a platform, system: Collecting the system-specific log messages of a platform, system: Collecting the system-specific log messages of a platform
extract-stray-words-into(), extract-stray-words-into(), extract-stray-words-into()
extract_prefix(), extract-prefix()

F

facilities, The PRI message part, The PRI message part, facility(), General recommendations
FACILITY, Hard vs. soft macros
facility, General recommendations
facility(), facility()
FACILITY_NUM, Hard vs. soft macros
fail-over, High availability support
failover
in mongodb, mongodb: Storing messages in a MongoDB database
failure script, Troubleshooting syslog-ng
fallback, Log path flags, Log path flags, Log path flags, flags()
fallback-to-string, on-error(), on-error(), on-error(), on-error(), on-error(), on-error(), on-error()
fd limit, file() destination options
feature releases, Versions and releases of syslog-ng PE
file, file: Collecting messages from text files, file: Storing messages in plain-text files, flags(), Using pattern databases, Multithreading concepts of syslog-ng PE, Multithreading concepts of syslog-ng PE
file descriptors, file() destination options
file(), Relay mode, The configuration syntax in detail, file: Collecting messages from text files, Notes on reading kernel messages, file() source options, flags(), wildcard-file: Collecting messages from multiple text files, flags(), flags(), osquery: Collect and parse osquery result logs, pipe: Collecting messages from named pipes, flags(), flags(), flags(), flags(), flags(), file: Storing messages in plain-text files, file() destination options, mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), Using disk-based and memory buffering, Enabling reliable disk-based buffering, Enabling normal disk-based buffering, mark-mode(), mark-mode(), mark-mode(), mark-mode(), flags(), syslog-ng.conf
file-pattern(), wildcard-file: Collecting messages from multiple text files, wildcard-file: Collecting messages from multiple text files
filename(), snmptrap() source options
filter, The configuration syntax in detail, Reusing configuration blocks, Managing complex syslog-ng configurations, syslog-ng.conf
filter functions
list of, Filter functions, syslog-ng.conf
filter(), Conditional rewrites
filtering
.classifier_class, Using parser results in filters and templates
on message class, Using parser results in filters and templates
filtering rewrites, Conditional rewrites, Conditional rewrites
filters, Logging with syslog-ng, Global objects, Filters, Optimizing regular expressions, Handling large message load, syslog-ng.conf
AND, OR, NOT, Combining filters with boolean operators
blacklisting, inlist()
boolean operators, Combining filters with boolean operators
comparing values, Comparing macro values in filters, Comparing macro values in filters
control characters, Using wildcards, special characters, and regular expressions in filters
defining, Using filters
facilities, , facility()
facility and priority (level) ranges, level() or priority()
in-list(), inlist()
priorities, level() or priority()
reference, Filter functions
tags, Tagging messages
whitelisting, inlist()
wildcards, Using wildcards, special characters, and regular expressions in filters
final, Logging with syslog-ng, Log path flags, Log path flags, Log path flags, Dropping messages
flag(syslog-protocol), Things to consider when forwarding messages between syslog-ng PE hosts
flags, Log paths, Log path flags
empty-lines, flags(), flags(), flags(), flags(), flags(), flags(), flags(), flags(), flags()
in junctions, Junctions and channels
flags(), The configuration syntax in detail, Log paths, Embedded log statements, Replacing message parts, flags(), syslog-ng.conf
flags(no-multi-line), flags(), multi-line-mode(), multi-line-prefix(), flags(), multi-line-mode(), multi-line-prefix(), flags(), flags(), multi-line-mode(), multi-line-prefix(), flags(), flags(), flags(), flags(), Macros of syslog-ng PE, MESSAGE, flags()
flags(no-parse), Message representation in syslog-ng PE, flags(), flags(), flags(), flags(), flags(), flags(), flags(), flags(), Macros of syslog-ng PE, MESSAGE, Parsers and segmenting structured messages, flags()
flags(syslog-protocol), Parsing syslog messages
flow-control, Log paths, Embedded log statements, Managing incoming and outgoing messages with flow-control, Managing incoming and outgoing messages with flow-control, Managing incoming and outgoing messages with flow-control, Configuring flow-control
example, Configuring flow-control
hard, Managing incoming and outgoing messages with flow-control
multiple destinations, Flow-control and multiple destinations
soft, Managing incoming and outgoing messages with flow-control
flush-limit, How syslog-ng PE interacts with Elasticsearch, How syslog-ng PE interacts with Elasticsearch, flush-limit(), flush-limit(), How syslog-ng PE interacts with Elasticsearch, How syslog-ng PE interacts with Elasticsearch, flush-limit(), flush-limit()
flush-limit(), concurrent-requests(), concurrent-requests()
flush-lines(), log-iw-size(), log-iw-size(), log-iw-size(), log-iw-size(), log-iw-size(), log-iw-size(), log-iw-size(), flush-lines(), flush-timeout() (DEPRECATED), flush-lines(), flush-timeout() (DEPRECATED), flush-lines(), flush-timeout() (DEPRECATED), flush-lines(), flush-timeout() (DEPRECATED), flags(), flush-lines(), flush-timeout() (DEPRECATED), flush-lines(), flush-timeout() (DEPRECATED), flush-lines(), flush-timeout() (DEPRECATED), flush-lines(), flush-timeout(), sync() or sync-freq() (DEPRECATED), Multithreading concepts of syslog-ng PE, Handling large message load
flush-timeout(), flags(), Multithreading concepts of syslog-ng PE
flush_lines, Possible causes of losing log messages
follow-freq(), The configuration syntax in detail, Notes on reading kernel messages, Notes on reading kernel messages, follow-freq(), wildcard-file: Collecting messages from multiple text files, follow-freq(), monitor-method(), follow-freq(), follow-freq(), syslog-ng.conf
follow-freq(1), system: Collecting the system-specific log messages of a platform
force-directory_polling(), Limitations of using syslog-ng PE with NFS
foreground, syslog-ng
format(), format()
format(linux-kmsg), system: Collecting the system-specific log messages of a platform
format-cef-extension, format-cef-extension, format-cef-extension
format-cef-extension(), format-cef-extension
format-json, Specifying data types in value-pairs, value-pairs(), osquery: Collect and parse osquery result logs, format-json, Parsing key=value pairs, The JSON parser, The XML parser, The XML parser
format-json(), Structuring macros, metadata, and other value-pairs, template()
format-welf(), Structuring macros, metadata, and other value-pairs, format-welf, format-welf
formatting messages, Formatting messages, filenames, directories, and tablenames
formatting multi-line messages, multi-line-mode(), multi-line-prefix(), multi-line-mode(), multi-line-prefix(), multi-line-mode(), multi-line-prefix()
frac-digits(), frac-digits(), frac-digits(), frac-digits(), frac-digits(), frac-digits(), frac-digits(), frac-digits(), frac-digits(), frac-digits(), frac-digits(), frac-digits(), frac-digits(), frac-digits(), ts-format(), ISODATE, C_ISODATE, R_ISODATE, S_ISODATE, frac-digits()
freq(), freq()
from(), smtp: Generating SMTP messages (e-mail) from logs, from()
fsync(), fsync()
FULLDATE, Date-related macros, Hard vs. soft macros
FULLHOST, Hard vs. soft macros, Setting multiple message fields to specific values, Setting multiple message fields to specific values
FULLHOST_FROM, Hard vs. soft macros

G

generating alerts, Triggering actions for identified messages
geoip2, Looking up GeoIP2 data from IP addresses, Transferring your logs to Elasticsearch using GeoIP2, Options of geoip2 parsers, Options of geoip2 parsers
elasticsearch, Transferring your logs to Elasticsearch using GeoIP2
glob patterns, file-pattern(), glob
global objects, Global objects
global options, Configuring global syslog-ng options
reference, Global options
global variables, Global and environmental variables
global.msg_allocated_bytes.value, Metrics and counters of syslog-ng PE
graphite-output, graphite-output
greedy, Parsing messages with comma-separated and similar values, flags(), flags(), flags(), flags()
greedy(), @ANYSTRING@
grep, grep, Referencing earlier messages of the context, Referencing earlier messages of the context
group(), group(), group()
grouping log messages, Correlating log messages
grouping-by, Correlating log messages, Options of grouping-by parsers
grouping-by(), Correlating log messages using pattern databases, Correlating messages using the grouping-by() parser, Referencing earlier messages of the context, inject-mode()
aggregate(), aggregate()
having(), having()
inject-mode(), inject-mode()
key(), key()
scope(), scope()
timeout(), timeout()
trigger(), trigger()
where(), where()
groupset(), Setting multiple message fields to specific values, Setting multiple message fields to specific values, Setting multiple message fields to specific values
groupunset(), Unsetting message fields
grsecurity, Security-enhanced Linux: grsecurity, SELinux

H

hard macros, Message representation in syslog-ng PE, Hard vs. soft macros
having(), Correlating messages using the grouping-by() parser, having(), having()
hdfs, hdfs: Storing messages on the Hadoop Distributed File System (HDFS), hdfs: Storing messages on the Hadoop Distributed File System (HDFS), hdfs: Storing messages on the Hadoop Distributed File System (HDFS), hdfs: Storing messages on the Hadoop Distributed File System (HDFS), hdfs: Storing messages on the Hadoop Distributed File System (HDFS), hdfs: Storing messages on the Hadoop Distributed File System (HDFS), hdfs: Storing messages on the Hadoop Distributed File System (HDFS), hdfs: Storing messages on the Hadoop Distributed File System (HDFS), hdfs: Storing messages on the Hadoop Distributed File System (HDFS), hdfs: Storing messages on the Hadoop Distributed File System (HDFS), hdfs: Storing messages on the Hadoop Distributed File System (HDFS), hdfs: Storing messages on the Hadoop Distributed File System (HDFS), HDFS destination options, client-lib-dir()
hdfs(), Version 7.0.2 - 7.0.3, Supported platforms, Relay mode, kerberos-keytab-file(), kerberos-principal(), Using disk-based and memory buffering, Enabling reliable disk-based buffering, Enabling normal disk-based buffering
hdfs-append-enabled, hdfs-append-enabled(), hdfs-append-enabled()
hdfs-append-enabled(), Version 7.0.4 - 7.0.5, hdfs: Storing messages on the Hadoop Distributed File System (HDFS)
hdfs, hdfs-append-enabled()
hdfs-file(), Version 7.0.4 - 7.0.5, HDFS destination options, hdfs-file()
hdfs-max-filename-length, hdfs-max-filename-length()
hdfs-option-kerberos-keytab-file(), kerberos-principal()
hdfs-option-kerberos-principal(), kerberos-keytab-file()
hdfs-uri(), HDFS destination options
header(), smtp: Generating SMTP messages (e-mail) from logs, header(), header()
HOST, keep-hostname(), keep-hostname(), keep-hostname(), keep-hostname(), keep-hostname(), keep-hostname(), netmask(), netmask6(), keep-hostname(), keep-hostname(), keep-hostname(), Hard vs. soft macros, Setting multiple message fields to specific values, Setting multiple message fields to specific values, Setting multiple message fields to specific values
host, Using the sql() driver with an Oracle database, Metrics and counters of syslog-ng PE
host(), smtp: Generating SMTP messages (e-mail) from logs, Junctions and channels, Using wildcards, special characters, and regular expressions in filters, Optimizing regular expressions, Parsing syslog messages
host-override(), Version 6 LTS - 7.0
HOST_FROM, Hard vs. soft macros
HOUR, time-zone(), time-zone(), time-zone(), time-zone(), time-zone(), time-zone(), time-zone(), time-zone(), time-zone(), time-zone(), time-zone(), time-zone(), Date-related macros, Hard vs. soft macros, time-zone()
HOUR12, Date-related macros
http, http: Posting messages over HTTP, http: Posting messages over HTTP, http: Posting messages over HTTP, HTTP destination options
http(), Relay mode, http: Posting messages over HTTP, Splunk: Sending log messages to Splunk

I

in-list, inlist()
in-list filter, inlist()
indenting multi-line messages, multi-line-mode(), multi-line-prefix(), multi-line-mode(), multi-line-prefix(), multi-line-mode(), multi-line-prefix()
index(), Elasticsearch destination options, Elasticsearch2 destination options
indexes, indexes()
indexes(), indexes()
info, level() or priority()
inherit-environment(), Version 6 LTS - 7.0
inherit-mode, What's new in the syslog-ng pattern database format V5, Children
inherit-mode(), aggregate()
inherit-properties, Triggering actions for identified messages, Actions and message correlation, Actions and message correlation, Actions and message correlation, What's new in the syslog-ng pattern database format V5, Example, Example
init, Methods of the python() parser
init (self, options), Methods of the python() parser
init(), Methods of the python() parser
inject-mode(), Triggering actions for identified messages, inject-mode(), inject-mode()
inotify, monitor-method()
installation path, Installing syslog-ng
installing syslog-ng, Installing syslog-ng, Installing syslog-ng using the .run installer
from DEB package, Installing syslog-ng
from RPM package, Installing syslog-ng
in silent mode, Installing syslog-ng PE without user-interaction
on CentOS, Installing syslog-ng
on clients and relays, Installing syslog-ng using the .run installer
on log servers, Installing syslog-ng using the .run installer
on Red Hat Enterprise Server, Installing syslog-ng
on SUSE Linux Enterprise Server, Installing syslog-ng
prerequisites, Prerequisites to installing syslog-ng PE
int, Specifying data types in value-pairs
int32, Specifying data types in value-pairs
int64, Specifying data types in value-pairs
internal, internal: Collecting internal messages, Triggering actions for identified messages, inject-mode()
internal(), Logging configuration changes, internal: Collecting internal messages, internal() source options, elasticsearch: Sending messages directly to Elasticsearch version 1.x, on-error(), on-error(), on-error(), elasticsearch2: Sending messages directly to Elasticsearch version 2.0 or higher, on-error(), on-error(), on-error(), hdfs: Storing messages on the Hadoop Distributed File System (HDFS), on-error(), on-error(), on-error(), kafka: Publishing messages to Apache Kafka, on-error(), on-error(), on-error(), on-error(), on-error(), on-error(), on-error(), on-error(), on-error(), stats-freq(), on-error(), on-error(), on-error(), Triggering actions for identified messages, Triggering actions for identified messages, Children, inject-mode(), inject-mode(), Monitoring statistics and metrics of syslog-ng, Log statistics from the internal() source
ip-protocol(), ip-protocol(), ip-protocol(), ip-protocol(), ip-protocol()
IPv6
filtering, netmask6()
ISODATE, Date-related macros, Hard vs. soft macros

K

kafka, kafka: Publishing messages to Apache Kafka, kafka: Publishing messages to Apache Kafka, kafka: Publishing messages to Apache Kafka, kafka: Publishing messages to Apache Kafka, kafka: Publishing messages to Apache Kafka, kafka: Publishing messages to Apache Kafka, How syslog-ng PE interacts with Apache Kafka, Kafka destination options, client-lib-dir(), properties-file()
kafka(), Relay mode, Using disk-based and memory buffering, Enabling reliable disk-based buffering, Enabling normal disk-based buffering
kafka-bootstrap-servers, properties-file()
kafka-bootstrap-servers(), Kafka destination options
keep-alive, keep-alive(), keep-alive(), keep-alive(), keep-alive(), keep-alive()
keep-alive(), program: Sending messages to external applications
keep-hostname(), Configuring syslog-ng relays, How relaying log messages works, How relaying log messages works, use-dns(), use-fqdn(), use-dns(), use-fqdn(), keep-hostname(), use-fqdn(), chain-hostnames(), dns-cache(), normalize-hostnames(), use-dns(), use-fqdn(), FULLHOST, FULLHOST, FULLHOST, HOST, HOST, HOST
keep-timestamp(), Timezones and daylight saving, keep-timestamp(), keep-timestamp(), keep-timestamp(), keep-timestamp(), keep-timestamp(), keep-timestamp(), keep-timestamp(), keep-timestamp(), keep-timestamp(), Date-related macros
keep-timestamp(no), system: Collecting the system-specific log messages of a platform
keep_alive(), keep-alive()
keep_hostname(), keep-hostname()
kerberos
hdfs, kerberos-keytab-file(), kerberos-principal()
kern, file: Collecting messages from text files, wildcard-file: Collecting messages from multiple text files, FACILITY
kernel, flags(), flags(), flags(), flags(), flags(), flags(), flags(), flags(), flags()
key(), Structuring macros, metadata, and other value-pairs, value-pairs(), value-pairs(), value-pairs(), mongodb: Storing messages in a MongoDB database, Correlating messages using the grouping-by() parser, Correlating messages using the grouping-by() parser, key()
key-file(), cert-file(), cert-file()
key-value pairs, Parsing key=value pairs
key=value pairs, Parsing key=value pairs
key_file(), key-file(), key-file()
klogd, Notes on reading kernel messages, Notes on reading kernel messages
kmsg, Notes on reading kernel messages, system: Collecting the system-specific log messages of a platform
ksymoops, Notes on reading kernel messages
kv-parser, Options of key=value parsers
kv-parser(), Parsing key=value pairs

L

last-message, Children, Children, aggregate()
LEGACY_MSGHDR, Hard vs. soft macros
LEVEL, Hard vs. soft macros
level(), level() or priority()
LEVEL_NUM, Hard vs. soft macros
license, Server mode, Licensing, Licensing benefits
license.txt, Installing syslog-ng using the .run installer
literal, Specifying data types in value-pairs
local time, The HEADER message part, The HEADER message part
localip(), network: Collecting messages using the RFC3164 protocol (network() driver)
log, The configuration syntax in detail, Reusing configuration blocks, Managing complex syslog-ng configurations, syslog-ng.conf
log messages, representation, Message representation in syslog-ng PE
log messages, structure, The structure of a log message
BSD-syslog protocol, BSD-syslog or legacy-syslog messages
IETF-syslog protocol, IETF-syslog messages
legacy-syslog protocol, BSD-syslog or legacy-syslog messages
RFC 3164, BSD-syslog or legacy-syslog messages
RFC 5424, IETF-syslog messages
log paths, Logging with syslog-ng, Log paths, syslog-ng.conf
defining, Log paths
flags, Log paths, Log path flags
flow-control, Managing incoming and outgoing messages with flow-control, Configuring flow-control, Configuring flow-control
log pipes
embedded log statements, Embedded log statements
log statements, Global objects
embedded, Embedded log statements
log paths, Logging with syslog-ng, syslog-ng.conf
log statistics, Monitoring statistics and metrics of syslog-ng, The monitoring() source
on unix-socket, Monitoring statistics and metrics of syslog-ng
log-disk-fifo-size(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer()
log-fetch-limit(), log-fetch-limit(), log-iw-size(), log-fetch-limit(), log-iw-size(), log-fetch-limit(), log-fetch-limit(), log-fetch-limit(), log-fetch-limit(), log-fetch-limit(), log-fetch-limit(), log-fetch-limit(), Managing incoming and outgoing messages with flow-control, Configuring flow-control, Configuring flow-control, Configuring flow-control, Configuring flow-control, Configuring flow-control, Multithreading concepts of syslog-ng PE
log-fifo-size(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), Managing incoming and outgoing messages with flow-control, Managing incoming and outgoing messages with flow-control, Configuring flow-control, Configuring flow-control, Configuring flow-control, Configuring flow-control, Using disk-based and memory buffering, Using disk-based and memory buffering, Enabling memory buffering
log-iw-size(), Version 6 LTS - 7.0, log-iw-size(), log-iw-size(), log-iw-size(), log-iw-size(), log-iw-size(), log-iw-size(), log-iw-size(), log-iw-size(), log-iw-size(), log-iw-size(), flush-lines(), flush-lines(), flush-lines(), flush-lines(), flush-lines(), flush-lines(), flush-lines(), Managing incoming and outgoing messages with flow-control, Configuring flow-control, Configuring flow-control, Configuring flow-control, Configuring flow-control, Using disk-based and memory buffering, Multithreading concepts of syslog-ng PE
log-msg-size(), Version 7.0.2 - 7.0.3, BSD-syslog or legacy-syslog messages, Message size and encoding, Notes about the configuration syntax, log-msg-size(), log-msg-size(), log-msg-size(), log-msg-size(), log-msg-size(), log-msg-size(), log-msg-size(), systemd-journal: Collecting messages from the systemd-journal system log storage, log-msg-size(), Using the sql() driver with an Oracle database, Using the sql() driver with a Microsoft SQL database
log-msg-size(2Mb), Notes about the configuration syntax
logchksign, Logging configuration changes
logging procedure, Logging with syslog-ng
logrotate, file: Storing messages in plain-text files
Long Term Supported releases, Versions and releases of syslog-ng PE
losing messages, Possible causes of losing log messages
LTS releases, Versions and releases of syslog-ng PE

M

macros, Global objects, Formatting messages, filenames, directories, and tablenames
date-related, Date-related macros
default value, Templates and macros
hard, Message representation in syslog-ng PE
hard and soft macros, Hard vs. soft macros
in filenames, Templates and macros
patterndb tags, TAGS
read-only, Message representation in syslog-ng PE
reference, Macros of syslog-ng PE
rewritable, Message representation in syslog-ng PE
SDATA, SDATA, .SDATA.SDID.SDNAME
soft, Message representation in syslog-ng PE
Mandatory Access Control, Security-enhanced Linux: grsecurity, SELinux
MapR, hdfs: Storing messages on the Hadoop Distributed File System (HDFS)
MapR File System, hdfs: Storing messages on the Hadoop Distributed File System (HDFS)
MapR-FS, hdfs: Storing messages on the Hadoop Distributed File System (HDFS)
MARK, mark-freq(), mark-freq(), mark-freq(), mark-freq(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-freq(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-freq(), mark-freq(), mark-freq(), mark-freq(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-freq(), mark-freq(), mark-freq(), mark-freq(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-freq(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-freq(), mark-freq(), mark-freq(), mark-freq(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-freq(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode()
mark(), mark-freq(), mark-freq(), mark-freq(), mark-freq(), mark-freq(), mark-freq(), mark() (DEPRECATED), mark-freq()
mark-freq, Actions and message correlation
mark-freq(), mark-freq(), mark-freq(), mark-freq(), mark-freq(), mark-freq(), mark-freq(), mark-freq(), mark-freq(), mark-freq(), mark-freq(), mark-freq(), mark-freq(), mark-freq(), mark-freq(), mark-freq(), mark-freq(), mark-freq(), mark-freq(), mark-freq(), mark-freq(), mark-freq(), mark-freq(), mark() (DEPRECATED), mark-freq()
mark-mode(), mark-freq(), mark-freq(), mark-mode(), mark-mode(), mark-freq(), mark-mode(), mark-mode(), mark-freq(), mark-freq(), mark-mode(), mark-mode(), mark-freq(), mark-freq(), mark-mode(), mark-mode(), mark-freq(), mark-mode(), mark-mode(), mark-freq(), mark-freq(), mark-mode(), mark-mode(), mark-freq(), mark-mode(), mark-mode()
mark_mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode()
match, Combining filters with boolean operators
match(), Combining filters with boolean operators, Using wildcards, special characters, and regular expressions in filters, match(), message(), Optimizing regular expressions, Optimizing regular expressions
matched, Metrics and counters of syslog-ng PE
max-connections(), log-iw-size(), log-iw-size(), log-iw-size(), log-iw-size(), log-iw-size(), log-iw-size(), unix-stream, unix-dgram: Collecting messages from UNIX domain sockets, log-iw-size(), Managing incoming and outgoing messages with flow-control, Managing incoming and outgoing messages with flow-control, Configuring flow-control, Configuring flow-control, Configuring flow-control, Configuring flow-control, Configuring flow-control, Multithreading concepts of syslog-ng PE
max-field-size(), systemd-journal: Collecting messages from the systemd-journal system log storage, max-field-size()
max-files(), wildcard-file: Collecting messages from multiple text files, max-files()
maximal message size, log-msg-size()
max_connections(), max-connections()
max_field_size(), max-field-size()
mem-buf-length(), Normal and reliable queue files
mem-buf-size(), Flow-control and multiple destinations, Using disk-based and memory buffering
memory_usage, Metrics and counters of syslog-ng PE
message
facilities, The PRI message part, The PRI message part
ID, SEQNUM
statistics, Monitoring statistics and metrics of syslog-ng
MESSAGE, Hard vs. soft macros
message classification, Using pattern databases, Using parser results in filters and templates, The syslog-ng pattern database format
message context, Correlating log messages using pattern databases
message correlation, Numerical operations, Correlating log messages using pattern databases, Correlating log messages
message counters, Monitoring statistics and metrics of syslog-ng, The monitoring() source
message encoding, Message size and encoding
message facilities, facility()
message filtering
using parsers, Using parser results in filters and templates
message loss, Possible causes of losing log messages
message parsing, Parsers and segmenting structured messages, Parsing syslog messages, Using pattern databases, Using parser results in filters and templates
message statistics, Monitoring statistics and metrics of syslog-ng, Monitoring statistics and metrics of syslog-ng, The monitoring() source
message templates, Formatting messages, filenames, directories, and tablenames
message triggers, Triggering actions for identified messages
message(), match()
message-template(), message-template()
message_template(), message-template()
Microsoft SQL
sql() configuration, Using the sql() driver with a Microsoft SQL database
Microsoft SQL Server configuration, Installing syslog-ng
MIN, Date-related macros, Hard vs. soft macros
modes of operation, Modes of operation
client mode, Client mode
relay mode, Relay mode
server mode, Server mode
modifying SDATA, Creating custom SDATA fields
modules, Modules in syslog-ng PE, Loading modules
mongodb, mongodb: Storing messages in a MongoDB database (see type-casting)
failover, mongodb: Storing messages in a MongoDB database
replicasets, mongodb: Storing messages in a MongoDB database
mongodb(), Relay mode, Structuring macros, metadata, and other value-pairs, Specifying data types in value-pairs, value-pairs(), mongodb: Storing messages in a MongoDB database, mongodb: Storing messages in a MongoDB database, mongodb: Storing messages in a MongoDB database, mongodb() destination options, username() (DEPRECATED), Using disk-based and memory buffering, Enabling reliable disk-based buffering, Enabling normal disk-based buffering
monitoring, osquery: Collect and parse osquery result logs
monitoring syslog-ng PE, The monitoring() source
monitoring(), Version 7.0 - 7.0.2, stats-freq(), Monitoring statistics and metrics of syslog-ng, The monitoring() source, The monitoring() source, monitoring() source options, monitoring() source options, The monitoring-welf() source
monitoring-welf(), Version 7.0 - 7.0.2, The monitoring() source, The monitoring-welf() source
MONTH, Date-related macros, Hard vs. soft macros
MONTH_ABBREV, Date-related macros, Hard vs. soft macros
MONTH_NAME, Date-related macros, Hard vs. soft macros
MONTH_WEEK, Date-related macros, Hard vs. soft macros
MSEC, Date-related macros
MSG, BSD-syslog or legacy-syslog messages, IETF-syslog messages, match(), message(), Hard vs. soft macros
MSGHDR, match()
MSGID, Hard vs. soft macros
msgid, Solaris, sun-streams: Collecting messages on Sun Solaris, system: Collecting the system-specific log messages of a platform, system: Collecting the system-specific log messages of a platform, system: Collecting the system-specific log messages of a platform
MSGONLY, Hard vs. soft macros
mssql, Using the sql() driver with a Microsoft SQL database, type()
MSSQL
sql() configuration, Using the sql() driver with a Microsoft SQL database, Using the sql() driver with a Microsoft SQL database
multi-line messages, multi-line-garbage(), multi-line-mode(), multi-line-mode(), multi-line-prefix(), multi-line-prefix(), multi-line-prefix(), multi-line-suffix(), multi-line-garbage(), multi-line-mode(), multi-line-mode(), multi-line-prefix(), multi-line-prefix(), multi-line-prefix(), multi-line-suffix(), multi-line-garbage(), multi-line-mode(), multi-line-mode(), multi-line-prefix(), multi-line-prefix(), multi-line-prefix(), multi-line-suffix()
multi-line-garbage(), multi-line-garbage(), multi-line-garbage(), multi-line-mode(), multi-line-prefix(), multi-line-garbage(), multi-line-garbage(), multi-line-mode(), multi-line-prefix(), multi-line-garbage(), multi-line-garbage(), multi-line-mode(), multi-line-prefix()
multi-line-mode(), Version 6 LTS - 7.0, multi-line-garbage(), multi-line-mode(), multi-line-suffix(), multi-line-garbage(), multi-line-mode(), multi-line-suffix(), multi-line-garbage(), multi-line-mode(), multi-line-suffix()
multi-line-mode(indented), multi-line-mode(), multi-line-mode(), multi-line-mode(), system: Collecting the system-specific log messages of a platform
multi-line-mode(prefix-garbage), multi-line-mode(), multi-line-mode(), multi-line-mode(), multi-line-mode(), multi-line-mode(), multi-line-mode()
multi-line-mode(prefix-suffix), multi-line-mode(), multi-line-mode(), multi-line-mode(), The XML parser
multi-line-prefix(), multi-line-garbage(), multi-line-garbage(), multi-line-mode(), multi-line-mode(), multi-line-prefix(), multi-line-prefix(), multi-line-suffix(), multi-line-garbage(), multi-line-garbage(), multi-line-mode(), multi-line-mode(), multi-line-prefix(), multi-line-prefix(), multi-line-suffix(), multi-line-garbage(), multi-line-garbage(), multi-line-mode(), multi-line-mode(), multi-line-prefix(), multi-line-prefix(), multi-line-suffix(), The XML parser
multi-line-suffix(), multi-line-mode(), multi-line-suffix(), multi-line-mode(), multi-line-suffix(), multi-line-mode(), multi-line-suffix(), The XML parser
multiline
indented-multiline, system: Collecting the system-specific log messages of a platform
multiline messages (see multi-line messages)
multithreading in syslog-ng PE, Multithreading and scaling in syslog-ng PE
mutual authentication, Secure logging using TLS, Mutual authentication using TLS
myhost, Setting multiple message fields to specific values, Setting multiple message fields to specific values
MYSQL_UNIX_PORT, MySQL-specific interaction methods, host()

N

name, Managing complex syslog-ng configurations, Managing complex syslog-ng configurations, Children
name resolution, General recommendations, Using name resolution in syslog-ng
local, Using name resolution in syslog-ng
NET-SNMP, snmptrap: Read Net-SNMP traps
Net-SNMP, snmptrap() source options
netmask(), host()
netmask6(), netmask6(), netmask6()
network, network: Collecting messages using the RFC3164 protocol (network() driver), network: Sending messages to a remote log server using the RFC3164 protocol (network() driver)
network(), Things to consider when forwarding messages between syslog-ng PE hosts, network: Collecting messages using the RFC3164 protocol (network() driver), network() source options, ip-protocol(), ip-protocol(), tcp, tcp6, udp, udp6: Collecting messages from remote hosts using the BSD syslog protocol, tcp, tcp6, udp, udp6: Collecting messages from remote hosts using the BSD syslog protocol, tcp(), tcp6(), udp() and udp6() source options — OBSOLETE, tcp(), tcp6(), udp() and udp6() source options — OBSOLETE, tcp(), tcp6(), udp() and udp6() source options — OBSOLETE, mark-mode(), mark-mode(), mark-mode(), network: Sending messages to a remote log server using the RFC3164 protocol (network() driver), network() destination options, ip-protocol(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), ip-protocol(), mark-mode(), mark-mode(), mark-mode(), tcp, tcp6, udp, udp6: Sending messages to a remote log server using the legacy BSD-syslog protocol (tcp(), udp() drivers), tcp, tcp6, udp, udp6: Sending messages to a remote log server using the legacy BSD-syslog protocol (tcp(), udp() drivers), tcp(), tcp6(), udp(), and udp6() destination options, tcp(), tcp6(), udp(), and udp6() destination options, tcp(), tcp6(), udp(), and udp6() destination options, mark-mode(), mark-mode(), mark-mode(), Managing incoming and outgoing messages with flow-control, Using disk-based and memory buffering, Enabling reliable disk-based buffering, Enabling normal disk-based buffering, mark-mode(), mark-mode(), mark-mode(), ts-format(), Secure logging using TLS, Encrypting log messages with TLS, Encrypting log messages with TLS, Encrypting log messages with TLS, Mutual authentication using TLS, Mutual authentication using TLS, Mutual authentication using TLS, TLS options, Glossary
network(transport(tcp) flag(syslog-protocol)), Things to consider when forwarding messages between syslog-ng PE hosts
network(transport(tcp)), Things to consider when forwarding messages between syslog-ng PE hosts, Things to consider when forwarding messages between syslog-ng PE hosts
network(transport(tls) flag(syslog-protocol)), Things to consider when forwarding messages between syslog-ng PE hosts
network(transport(tls)), Things to consider when forwarding messages between syslog-ng PE hosts
network(transport(udp) flag(syslog-protocol)), Things to consider when forwarding messages between syslog-ng PE hosts
network(transport(udp)), Things to consider when forwarding messages between syslog-ng PE hosts, Things to consider when forwarding messages between syslog-ng PE hosts
no-hostname, flags(), flags(), flags(), flags(), flags(), flags(), flags(), flags(), flags(), flags(), flags(), flags(), flags(), flags(), flags(), flags(), flags(), flags()
no-multi-line, flags(), flags(), flags(), flags(), flags(), flags(), flags(), flags(), flags(), flags(), flags(), flags(), flags(), flags(), flags()
no-parse, Notes about counting the licensed hosts, flags(), flags(), flags(), flags(), flags(), flags(), flags(), flags(), flags()
nobody, Setting multiple message fields to specific values
none, Children, Children, aggregate()
normalize-hostnames(), Version 6 LTS - 7.0, normalize-hostnames(), normalize-hostnames(), FULLHOST, HOST
normalize_hostnames(), normalize-hostnames(), normalize-hostnames()
notice, level() or priority()
not_matched, Metrics and counters of syslog-ng PE
Novell Ready, Certified packages
NULL, MsSQL-specific interaction methods
null(), MsSQL-specific interaction methods, null(), null()
number of open files, file() destination options
nv-pairs, value-pairs()

O

on-error, format-cef-extension
on-error(), on-error(), on-error(), on-error(), on-error(), on-error(), on-error(), on-error()
optimizing regular expressions, Optimizing regular expressions
optimizing syslog-ng performance, Handling large message load
regular expressions, Optimizing regular expressions
options, Global objects, jvm-options(), jvm-options(), jvm-options(), jvm-options()
reference, Global options
options(), Methods of the python() parser
Oracle
sql() configuration, Using the sql() driver with an Oracle database, Using the sql() driver with an Oracle database
ORACLE_BASE, Using the sql() driver with an Oracle database
ORACLE_HOME, Using the sql() driver with an Oracle database
ORACLE_SID, Using the sql() driver with an Oracle database
osquery, osquery: Collect and parse osquery result logs, osquery: Collect and parse osquery result logs, osquery() source options
osquery(), osquery: Collect and parse osquery result logs, osquery: Collect and parse osquery result logs, osquery() source options
other, Availability of statistics
output buffer, Managing incoming and outgoing messages with flow-control, Configuring flow-control
output queue, Managing incoming and outgoing messages with flow-control, Using disk-based and memory buffering
overflow queue (see output buffer)
output buffer, Managing incoming and outgoing messages with flow-control
overriding facility, How sources work
overriding-original-program-name, Triggering actions for identified messages, Example, Example
overwrite-if-older(), overwrite-if-older()
overwrite_if_older(), overwrite-if-older()
owner(), owner(), owner()

P

pad-size(), pad-size(), pad-size(), pad-size(), pad-size(), pad-size(), pad-size(), pad-size(), pad-size()
padding(), padding
pair(), Structuring macros, metadata, and other value-pairs, value-pairs()
pair-separator(), extract-stray-words-into(), pair-separator()
Parameters, Typographical conventions
parameters
disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer()
log-disk-fifo-size(), Using disk-based and memory buffering
log-fetch-limit() , Managing incoming and outgoing messages with flow-control, Configuring flow-control
log-fifo-size() , Managing incoming and outgoing messages with flow-control, Configuring flow-control
log-iw-size() , Managing incoming and outgoing messages with flow-control, Configuring flow-control
max-connections() , Managing incoming and outgoing messages with flow-control, Configuring flow-control
parse(), Methods of the python() parser
parse(self, log_message), Methods of the python() parser
parser, The configuration syntax in detail, Reusing configuration blocks, Managing complex syslog-ng configurations, syslog-ng.conf
parsers, Logging with syslog-ng, Global objects, Parsers and segmenting structured messages, Methods of the python() parser, Using pattern databases, Using parser results in filters and templates, syslog-ng.conf
cisco, The Cisco Parser
correlating, Correlating messages using the grouping-by() parser
csv-parser, Parsing messages with comma-separated and similar values
date, Parsing dates and timestamps, Options of date-parser() parsers
geoip2, Looking up GeoIP2 data from IP addresses, Options of geoip2 parsers
grouping-by(), Correlating messages using the grouping-by() parser
json-parser, The JSON parser
kv-parser, Parsing key=value pairs
python, The Python Parser
syslog, Parsing syslog messages
xml-parser, The XML parser
parsing messages, Parsers and segmenting structured messages, Using pattern databases, Using parser results in filters and templates, Using pattern parsers
concepts of, Parsers and segmenting structured messages, Correlating log messages
filtering parsed messages, Using parser results in filters and templates
pass-unix-credentials(), pass-unix-credentials()
path(), path() (DEPRECATED), servers() (DEPRECATED)
path.home, Client modes, client-mode(), client-mode(), Client modes, client-mode()
pattern database, Using pattern databases, Using parser results in filters and templates, The syslog-ng pattern database format, The syslog-ng pattern database format
concepts of, Classifying log messages
creating parsers, Using pattern parsers
pattern matching precedence, How pattern matching works
structure of, The structure of the pattern database
using the results, Using parser results in filters and templates
pattern database schema, The syslog-ng pattern database format
pattern databases
correlating messages, Correlating log messages using pattern databases
pattern matching
procedure of, How pattern matching works
patterndb
download, Downloading sample pattern databases
peer_verify(), peer-verify(), peer-verify()
performance
optimizing multithreading, Optimizing multithreaded performance
using multithreading, Multithreading and scaling in syslog-ng PE
perm(), perm()
persist-name(), persist-name(), persist-name()
persist_only, use-dns(), use-dns(), use-dns(), Using name resolution in syslog-ng
pid, null()
PID, Hard vs. soft macros
pid file, Installing syslog-ng using the .run installer, Installing syslog-ng, Installing syslog-ng
pipe, pipe: Collecting messages from named pipes, pipe() source options, pipe: Sending messages to named pipes, Multithreading concepts of syslog-ng PE, Multithreading concepts of syslog-ng PE
pipe(), Relay mode, flags(), flags(), flags(), pipe: Collecting messages from named pipes, pipe: Collecting messages from named pipes, pipe() source options, flags(), optional(), flags(), optional(), flags(), optional(), flags(), flags(), optional(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), pipe: Sending messages to named pipes, pipe() destination options, mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), flags()
plugins (see modules)
poll(), follow-freq(), follow-freq(), follow-freq(), follow-freq(), time-sleep() (DEPRECATED)
polling files, monitor-method()
port(), tcp(), tcp6(), udp() and udp6() source options — OBSOLETE, Client modes, client-mode(), Client modes, elasticsearch2: Sending messages directly to Elasticsearch version 2.0 or higher, client-mode(), smtp: Generating SMTP messages (e-mail) from logs, tcp(), tcp6(), udp(), and udp6() destination options
PostgreSQL
sql() configuration, sql: Storing messages in an SQL database
prefix, The Cisco Parser
prefix(), prefix(), prefix(), prefix(), prefix(), prefix(), Parsing key=value pairs, extract-stray-words-into(), prefix(), The JSON parser, prefix(), prefix(), prefix(), prefix(), prefix(), prefix()
prefix(.SDATA.), prefix()
prerequisites, Prerequisites to installing syslog-ng PE
preventing message loss
flow-control, Managing incoming and outgoing messages with flow-control, Configuring flow-control
PRI, BSD-syslog or legacy-syslog messages, IETF-syslog messages, Hard vs. soft macros
PRIORITY, Hard vs. soft macros
processed, stats-max-dynamics(), Metrics and counters of syslog-ng PE, Log statistics from the internal() source
processing multi-line messages, multi-line-garbage(), multi-line-mode(), multi-line-prefix(), multi-line-suffix(), multi-line-garbage(), multi-line-mode(), multi-line-prefix(), multi-line-suffix(), multi-line-garbage(), multi-line-mode(), multi-line-prefix(), multi-line-suffix()
program, program: Receiving messages from external applications, program() source options, program: Sending messages to external applications, mark-mode(), Metrics and counters of syslog-ng PE
PROGRAM, Hard vs. soft macros
program(), program: Receiving messages from external applications, inherit-environment(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), program: Sending messages to external applications, program() destination options, inherit-environment(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), Splunk: Sending log messages to Splunk, mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), Using disk-based and memory buffering, Enabling reliable disk-based buffering, Enabling normal disk-based buffering, Using wildcards, special characters, and regular expressions in filters, mark-mode(), mark-mode(), mark-mode(), mark-mode(), Optimizing regular expressions, External actions
program-override(), Version 6 LTS - 7.0, log-prefix() (DEPRECATED), log-prefix() (DEPRECATED), log-prefix() (DEPRECATED), log-prefix() (DEPRECATED), log-prefix() (DEPRECATED), log-prefix() (DEPRECATED)
program_override(), program-override(), program-override(), program-override(), program-override(), program-override(), program-override(), program-override(), program-override(), program-override()
properties-file, How syslog-ng PE interacts with Apache Kafka
proto-template, ts-format()
pseudonymization, hash, Replacing message parts
python, Methods of the python() parser
python parser, The Python Parser
p_apache_parser, Using channels in configuration objects

R

RCPTID, Hard vs. soft macros
read-old-records(), Version 7.0.4 - 7.0.5, read-old-records(), read-old-records()
read-only macros, Message representation in syslog-ng PE
reading messages
from external applications, program: Receiving messages from external applications
recursive, recursive()
recv-time-zone(), Timezones and daylight saving, A note on timezones and timestamps
Red Hat Enterprise Server
installing syslog-ng, Installing syslog-ng
RedHat Ready, Certified packages
regular expressions, Filters, Regular expressions, Optimizing regular expressions, Handling large message load
case-insensitive, Regular expressions
escaping, Regular expressions
pcre, pcre
posix, Using wildcards, special characters, and regular expressions in filters
rekey(), value-pairs(), value-pairs(), value-pairs(), value-pairs()
relay destinations, Relay mode
relay mode, Relay mode
destinations, Relay mode
relay-hostname-resolved-on-the-server, chain-hostnames()
releases, Versions and releases of syslog-ng PE
reliable(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), disk-buffer(), Using disk-based and memory buffering, Using disk-based and memory buffering, Using disk-based and memory buffering
removing syslog-ng PE, Uninstalling syslog-ng PE
replacing message text, Modifying messages using rewrite rules
reply-to(), reply-to()
resource(), Client modes, Elasticsearch destination options, client-mode(), Client modes, Elasticsearch2 destination options, client-mode()
retries, retries(), retries(), retries(), retries(), retries(), retries(), retries(), retries()
retries(), How syslog-ng PE interacts with Elasticsearch, flush-limit(), How syslog-ng PE interacts with Elasticsearch, flush-limit(), hdfs: Storing messages on the Hadoop Distributed File System (HDFS), sync-send(), Error handling
reusing snippets, Reusing configuration blocks
rewritable macros, Message representation in syslog-ng PE
rewrite, The configuration syntax in detail, Reusing configuration blocks, Managing complex syslog-ng configurations, syslog-ng.conf
rewrite if, Conditional rewrites, Conditional rewrites
rewrite rules, Logging with syslog-ng, Global objects, Modifying messages using rewrite rules, syslog-ng.conf
rewriting
IP addresses, hash, Replacing message parts
rewriting messages, Modifying messages using rewrite rules
concepts of, Modifying messages using rewrite rules
conditional rewrites, Conditional rewrites, Conditional rewrites
rfc3164, value-pairs()
rfc5424, value-pairs()
riemann(), Using disk-based and memory buffering, Enabling reliable disk-based buffering, Enabling normal disk-based buffering
rolling releases, Versions and releases of syslog-ng PE
root, Reusing configuration blocks, Reusing configuration blocks, Managing complex syslog-ng configurations
rotating log files, file: Storing messages in plain-text files
R_UNIXTIME, A note on timezones and timestamps

S

safe-background, syslog-ng
safe-mode(), mongodb: Storing messages in a MongoDB database, safe-mode() (DEPRECATED)
safe_mode(), safe-mode() (DEPRECATED)
sanitize-utf8, flags(), flags(), flags(), flags(), flags(), flags(), flags(), flags(), flags()
scaling to multiple CPUs, Multithreading and scaling in syslog-ng PE
scl
system() , system: Collecting the system-specific log messages of a platform
scope(), Structuring macros, metadata, and other value-pairs, value-pairs(), value-pairs(), value-pairs(), value-pairs(), Correlating messages using the grouping-by() parser, Correlating messages using the grouping-by() parser, scope()
SDATA, Hard vs. soft macros
SEC, Date-related macros, Hard vs. soft macros
secondary messages, Triggering actions for identified messages
sedding messages, Modifying messages using rewrite rules
segmenting messages, Parsing messages with comma-separated and similar values, Options of CSV parsers, Parsing key=value pairs, The JSON parser, The XML parser, The Cisco Parser, The Python Parser
selected-macros, value-pairs()
selector(), Options add-contextual-data(), selector(), selector()
SELinux, Security-enhanced Linux: grsecurity, SELinux, Installing syslog-ng
send-time-zone(), Timezones and daylight saving
sender, Metrics and counters of syslog-ng PE
sender(), from()
SEQNUM, Hard vs. soft macros
sequence ID, SEQNUM
sequence number, SEQNUM
Cisco, SEQNUM
server license, Licensing, Licensing benefits
server mode, Server mode, elasticsearch: Sending messages directly to Elasticsearch version 1.x, elasticsearch2: Sending messages directly to Elasticsearch version 2.0 or higher, hdfs: Storing messages on the Hadoop Distributed File System (HDFS), kafka: Publishing messages to Apache Kafka, mongodb: Storing messages in a MongoDB database, mongodb() destination options, smtp: Generating SMTP messages (e-mail) from logs, sql: Storing messages in an SQL database
server(), Client modes, client-mode(), Client modes, elasticsearch2: Sending messages directly to Elasticsearch version 2.0 or higher, client-mode(), server(), mongodb: Storing messages in a MongoDB database
server-hostname, chain-hostnames()
servers(), mongodb: Storing messages in a MongoDB database, mongodb: Storing messages in a MongoDB database, mongodb: Storing messages in a MongoDB database, mongodb: Storing messages in a MongoDB database, path() (DEPRECATED), servers() (DEPRECATED)
session_statements(), session-statements()
set(), Setting message fields to specific values
set-message-macro(), set-message-macro()
setting facility, How sources work
setting message fields, Setting message fields to specific values, Creating custom SDATA fields
setting multiple fields, Setting multiple message fields to specific values
silently-drop-message, on-error(), on-error(), on-error(), on-error(), on-error(), on-error(), on-error()
silently-drop-property, on-error(), on-error(), on-error(), on-error(), on-error(), on-error(), on-error()
silently-fallback-to-string, on-error(), on-error(), on-error(), on-error(), on-error(), on-error(), on-error()
skipping messages, Dropping messages
smtp, smtp: Generating SMTP messages (e-mail) from logs
smtp(), Relay mode, smtp: Generating SMTP messages (e-mail) from logs, smtp: Generating SMTP messages (e-mail) from logs, smtp: Generating SMTP messages (e-mail) from logs, smtp: Generating SMTP messages (e-mail) from logs, smtp() destination options, Using disk-based and memory buffering, Enabling reliable disk-based buffering, Enabling normal disk-based buffering
snmptrap, snmptrap: Read Net-SNMP traps
snmptrap(), snmptrap: Read Net-SNMP traps, snmptrap: Read Net-SNMP traps, snmptrap: Read Net-SNMP traps, snmptrap() source options, set-message-macro()
snmptrapd, snmptrap: Read Net-SNMP traps
so-rcvbuf(), so-rcvbuf(), transport(), syslog: Collecting messages using the IETF syslog protocol (syslog() driver), so-rcvbuf(), transport(), system: Collecting the system-specific log messages of a platform, so-rcvbuf(), Possible causes of losing log messages, Handling large message load
SOCK_DGRAM, How sources work, How sources work, How sources work, How sources work, How sources work, unix-stream, unix-dgram: Collecting messages from UNIX domain sockets, unix-stream, unix-dgram: Collecting messages from UNIX domain sockets, Sending and storing log messages — destinations and destination drivers, unix-stream, unix-dgram: Sending messages to UNIX domain sockets, unix-stream() and unix-dgram() destination options, syslog-ng.conf, syslog-ng.conf
SOCK_STREAM, How sources work, How sources work, How sources work, unix-stream, unix-dgram: Collecting messages from UNIX domain sockets, unix-stream, unix-dgram: Collecting messages from UNIX domain sockets, Sending and storing log messages — destinations and destination drivers, unix-stream, unix-dgram: Sending messages to UNIX domain sockets, unix-stream() and unix-dgram() destination options, syslog-ng.conf, syslog-ng.conf
soft macros, Message representation in syslog-ng PE, Hard vs. soft macros
Solaris msgid, sun-streams: Collecting messages on Sun Solaris, system: Collecting the system-specific log messages of a platform, system: Collecting the system-specific log messages of a platform, system: Collecting the system-specific log messages of a platform
source, The configuration syntax in detail, Reusing configuration blocks, Managing complex syslog-ng configurations, syslog-ng.conf
SOURCE, Hard vs. soft macros
source drivers, Global objects, How sources work
file() driver, file: Collecting messages from text files, file() source options, wildcard-file: Collecting messages from multiple text files
internal() driver, internal: Collecting internal messages, internal() source options
list of, How sources work, syslog-ng.conf
monitoring() driver, The monitoring() source
monitoring-welf() driver, The monitoring() source
network() driver, network() source options
osquery() driver, osquery: Collect and parse osquery result logs, osquery() source options
pipe() driver, pipe: Collecting messages from named pipes, pipe() source options
program() driver, program: Receiving messages from external applications
reference, Collecting log messages — sources and source drivers
snmptrap() driver, snmptrap: Read Net-SNMP traps, snmptrap() source options
sun-streams() driver, sun-streams: Collecting messages on Sun Solaris, sun-streams() source options
syslog() driver, syslog: Collecting messages using the IETF syslog protocol (syslog() driver), syslog() source options
system() driver, system: Collecting the system-specific log messages of a platform
systemd-journal() driver, systemd-journal: Collecting messages from the systemd-journal system log storage
systemd-syslog() driver, systemd-syslog: Collecting systemd messages using a socket
tcp() driver, tcp, tcp6, udp, udp6: Collecting messages from remote hosts using the BSD syslog protocol
tcp6() driver, tcp, tcp6, udp, udp6: Collecting messages from remote hosts using the BSD syslog protocol
udp() driver, tcp, tcp6, udp, udp6: Collecting messages from remote hosts using the BSD syslog protocol
udp6() driver, tcp, tcp6, udp, udp6: Collecting messages from remote hosts using the BSD syslog protocol
unix-dgram() driver, unix-stream() and unix-dgram() source options
unix-stream() driver, unix-stream() and unix-dgram() source options
wildcard-file() driver, wildcard-file: Collecting messages from multiple text files, wildcard-file() source options
windowsevent() driver, windowsevent: Collecting Windows event logs
source(), Using embedded log statements
SOURCEIP, Hard vs. soft macros
sources, Logging with syslog-ng, Global objects, How sources work
defining, How sources work
on different platforms, How sources work
SO_BROADCAST, so-broadcast(), so-broadcast(), so-broadcast(), so-broadcast(), so-broadcast()
splitting messages, Parsing messages with comma-separated and similar values, Options of CSV parsers, Parsing key=value pairs, The JSON parser, The XML parser
spoof-source(), How relaying log messages works
sql, sql: Storing messages in an SQL database, Multithreading concepts of syslog-ng PE
sql destinations, sql: Storing messages in an SQL database
SQL NULL values, null()
sql(), Supported platforms, Relay mode, Installing syslog-ng, Prerequisites to installing syslog-ng PE, Sending and storing log messages — destinations and destination drivers, sql: Storing messages in an SQL database, sql: Storing messages in an SQL database, sql: Storing messages in an SQL database, sql: Storing messages in an SQL database, Using the sql() driver with an Oracle database, sql() destination options, flags(), flags(), Using disk-based and memory buffering, Enabling reliable disk-based buffering, Enabling normal disk-based buffering, syslog-ng.conf
ssl-options, ssl-options()
sslv2, ssl-version()
sslv3, ssl-version()
ssl_options(), ssl-options()
stable releases, Versions and releases of syslog-ng PE
stamp, stats-max-dynamics(), Metrics and counters of syslog-ng PE
STAMP, ts-format(), Date-related macros, Hard vs. soft macros
statistics, Monitoring statistics and metrics of syslog-ng, Monitoring statistics and metrics of syslog-ng, The monitoring() source
stats-freq(), stats-max-dynamics(), Log statistics from the internal() source
stats-level(), Monitoring statistics and metrics of syslog-ng, Metrics and counters of syslog-ng PE, Availability of statistics, Log statistics from the internal() source, The monitoring() source, The monitoring() source, query(), syslog-ng-ctl
stats-max-dynamics(), stats-max-dynamics(), stats-max-dynamics(), stats-max-dynamics()
stdin, program: Sending messages to external applications, program() destination options
store-matches, Replacing message parts
strace, Collecting debugging information with strace, truss, or tusc
STREAMS, How sources work, How sources work, How sources work, sun-streams: Collecting messages on Sun Solaris, syslog-ng.conf
string, Specifying data types in value-pairs
string comparison, Comparing macro values in filters
strip-whitespace, flags(), flags()
strip-whitespaces, strip-whitespaces
strip-whitespaces(), The XML parser
STRUCTURED-DATA, IETF-syslog messages, SDATA, .SDATA.SDID.SDNAME
subject(), smtp: Generating SMTP messages (e-mail) from logs, subject()
subject_alt_name, Encrypting log messages with TLS, Encrypting log messages with TLS, Mutual authentication using TLS
sun-streams, sun-streams: Collecting messages on Sun Solaris
sun-streams(), sun-streams: Collecting messages on Sun Solaris, sun-streams: Collecting messages on Sun Solaris, sun-streams() source options
supervising syslog-ng, syslog-ng
supported architectures, Supported platforms
supported operating systems, Supported platforms
suppress(), Metrics and counters of syslog-ng PE
suppressed, Metrics and counters of syslog-ng PE
SUSE Linux Enterprise Server
installing syslog-ng, Installing syslog-ng
sync-send, sync-send()
syslog, flags(), flags(), flags(), flags(), flags(), flags(), flags(), syslog: Collecting messages using the IETF syslog protocol (syslog() driver), flags(), flags(), flags(), flags(), flags(), flags(), flags(), syslog: Sending messages to a remote logserver using the IETF-syslog protocol, syslog: Sending messages to a remote logserver using the IETF-syslog protocol, flags(), flags(), Parsers and segmenting structured messages, flags(), Multithreading concepts of syslog-ng PE
syslog(), Things to consider when forwarding messages between syslog-ng PE hosts, The syslog-ng PE quick-start guide, network: Collecting messages using the RFC3164 protocol (network() driver), ip-protocol(), syslog: Collecting messages using the IETF syslog protocol (syslog() driver), syslog: Collecting messages using the IETF syslog protocol (syslog() driver), syslog() source options, ip-protocol(), mark-mode(), mark-mode(), mark-mode(), ip-protocol(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), syslog: Sending messages to a remote logserver using the IETF-syslog protocol, syslog() destination options, ip-protocol(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), Using disk-based and memory buffering, Enabling reliable disk-based buffering, Enabling normal disk-based buffering, mark-mode(), mark-mode(), mark-mode(), ts-format(), Secure logging using TLS, Encrypting log messages with TLS, Encrypting log messages with TLS, Encrypting log messages with TLS, Encrypting log messages with TLS, Mutual authentication using TLS, Mutual authentication using TLS, Mutual authentication using TLS, TLS options, The XML parser, Glossary
syslog(transport(tcp)), Things to consider when forwarding messages between syslog-ng PE hosts
syslog(transport(tls)), Things to consider when forwarding messages between syslog-ng PE hosts
syslog(transport(udp)), Things to consider when forwarding messages between syslog-ng PE hosts
syslog-ng
troubleshooting, Troubleshooting syslog-ng
syslog-ng binaries
compact, Installing syslog-ng
location of, Installing syslog-ng
syslog-ng clients
configuring, The syslog-ng PE quick-start guide
syslog-ng PE certifications, Certified packages
syslog-ng relays
configuring, Configuring syslog-ng relays
syslog-ng servers
configuring, The syslog-ng PE quick-start guide
syslog-ng-relay, How relaying log messages works, How relaying log messages works, How relaying log messages works, How relaying log messages works, How relaying log messages works, How relaying log messages works
syslog-ng-server, How relaying log messages works, How relaying log messages works
syslog-ng.conf, The configuration syntax in detail
environmental variables, Global and environmental variables
fingerprint, Logging configuration changes
global variables, Global and environmental variables
includes, Including configuration files
syslog-parser, Parsing syslog messages, Options of syslog-parser parsers
syslog-proto, value-pairs()
syslog-protocol, flags(), flags(), flags(), flags(), flags(), flags(), flags(), flags(), flags(), network: Sending messages to a remote log server using the RFC3164 protocol (network() driver), flags(), flags(), flags(), flags(), flags(), flags()
syslogd, How sources work, How sources work, sun-streams: Collecting messages on Sun Solaris, unix-stream, unix-dgram: Collecting messages from UNIX domain sockets, template(), template(), template(), template(), template(), template(), template(), template()
system, system: Collecting the system-specific log messages of a platform
system(), sun-streams: Collecting messages on Sun Solaris, system: Collecting the system-specific log messages of a platform, system: Collecting the system-specific log messages of a platform, system: Collecting the system-specific log messages of a platform, system: Collecting the system-specific log messages of a platform, system: Collecting the system-specific log messages of a platform, system: Collecting the system-specific log messages of a platform
systemd, system: Collecting the system-specific log messages of a platform
systemd-journal, systemd-journal: Collecting messages from the systemd-journal system log storage
systemd-journal(), Version 7.0.4 - 7.0.5, system: Collecting the system-specific log messages of a platform, systemd-journal: Collecting messages from the systemd-journal system log storage, systemd-journal: Collecting messages from the systemd-journal system log storage, systemd-journal: Collecting messages from the systemd-journal system log storage, systemd-journal: Collecting messages from the systemd-journal system log storage, systemd-journal() source options
systemd-syslog, systemd-syslog: Collecting systemd messages using a socket
systemd-syslog(), systemd-syslog: Collecting systemd messages using a socket, systemd-syslog: Collecting systemd messages using a socket
s_apache, Using channels in configuration objects
S_UNIXTIME, A note on timezones and timestamps

T

table, sql: Storing messages in an SQL database
table(), sql: Storing messages in an SQL database
TAG, Hard vs. soft macros
tagging messages, Tagging messages
tags, Tagging messages
as macro, TAGS
TAGS, Hard vs. soft macros
tags(), Message representation in syslog-ng PE, Tagging messages, tags(), tags(), Using parser results in filters and templates, Using parser results in filters and templates
tcp, flags(), flags(), tcp, tcp6, udp, udp6: Collecting messages from remote hosts using the BSD syslog protocol, syslog: Sending messages to a remote logserver using the IETF-syslog protocol, tcp, tcp6, udp, udp6: Sending messages to a remote log server using the legacy BSD-syslog protocol (tcp(), udp() drivers), Multithreading concepts of syslog-ng PE, Multithreading concepts of syslog-ng PE
tcp(), Things to consider when forwarding messages between syslog-ng PE hosts, tcp, tcp6, udp, udp6: Collecting messages from remote hosts using the BSD syslog protocol, tcp, tcp6, udp, udp6: Collecting messages from remote hosts using the BSD syslog protocol, tcp(), tcp6(), udp() and udp6() source options — OBSOLETE, tcp(), tcp6(), udp() and udp6() source options — OBSOLETE, tcp(), tcp6(), udp() and udp6() source options — OBSOLETE, tcp, tcp6, udp, udp6: Sending messages to a remote log server using the legacy BSD-syslog protocol (tcp(), udp() drivers), tcp, tcp6, udp, udp6: Sending messages to a remote log server using the legacy BSD-syslog protocol (tcp(), udp() drivers), tcp(), tcp6(), udp(), and udp6() destination options, tcp(), tcp6(), udp(), and udp6() destination options, tcp(), tcp6(), udp(), and udp6() destination options, Using disk-based and memory buffering, Enabling reliable disk-based buffering, Enabling normal disk-based buffering
tcp-keepalive-intvl(), tcp-keepalive-intvl(), tcp-keepalive-probes(), tcp-keepalive-time(), tcp-keepalive-intvl(), tcp-keepalive-probes(), tcp-keepalive-time()
tcp-keepalive-probes(), tcp-keepalive-intvl(), tcp-keepalive-probes(), tcp-keepalive-time(), tcp-keepalive-intvl(), tcp-keepalive-probes(), tcp-keepalive-time()
tcp-keepalive-time(), tcp-keepalive-intvl(), tcp-keepalive-probes(), tcp-keepalive-time(), tcp-keepalive-intvl(), tcp-keepalive-probes(), tcp-keepalive-time()
tcp-keepalive-time() + tcp-keepalive-intvl() * tcp-keepalive-probes(), tcp-keepalive-intvl(), tcp-keepalive-probes(), tcp-keepalive-time(), tcp-keepalive-intvl(), tcp-keepalive-probes(), tcp-keepalive-time()
tcp6, tcp, tcp6, udp, udp6: Collecting messages from remote hosts using the BSD syslog protocol, tcp, tcp6, udp, udp6: Sending messages to a remote log server using the legacy BSD-syslog protocol (tcp(), udp() drivers)
tcp6(), tcp, tcp6, udp, udp6: Collecting messages from remote hosts using the BSD syslog protocol, tcp, tcp6, udp, udp6: Collecting messages from remote hosts using the BSD syslog protocol, tcp(), tcp6(), udp() and udp6() source options — OBSOLETE, tcp(), tcp6(), udp() and udp6() source options — OBSOLETE, tcp(), tcp6(), udp() and udp6() source options — OBSOLETE, tcp, tcp6, udp, udp6: Sending messages to a remote log server using the legacy BSD-syslog protocol (tcp(), udp() drivers), tcp, tcp6, udp, udp6: Sending messages to a remote log server using the legacy BSD-syslog protocol (tcp(), udp() drivers), tcp(), tcp6(), udp(), and udp6() destination options, tcp(), tcp6(), udp(), and udp6() destination options, tcp(), tcp6(), udp(), and udp6() destination options, Using disk-based and memory buffering, Enabling reliable disk-based buffering, Enabling normal disk-based buffering
TCP_KEEPCNT, tcp-keepalive-intvl(), tcp-keepalive-probes(), tcp-keepalive-time(), tcp-keepalive-intvl(), tcp-keepalive-probes(), tcp-keepalive-time()
TCP_KEEPIDLE, tcp-keepalive-intvl(), tcp-keepalive-probes(), tcp-keepalive-time(), tcp-keepalive-intvl(), tcp-keepalive-probes(), tcp-keepalive-time()
TCP_KEEPINTVL, tcp-keepalive-intvl(), tcp-keepalive-probes(), tcp-keepalive-time(), tcp-keepalive-intvl(), tcp-keepalive-probes(), tcp-keepalive-time()
template, The configuration syntax in detail, syslog-ng.conf
template functions, Using template functions
embedding, if
template(), The JSON parser, The XML parser
template-escape(), Templates and macros, Templates and macros
templates, Global objects, Formatting messages, filenames, directories, and tablenames, Templates and macros
defining, Templates and macros
escaping, Templates and macros
example, Templates and macros
literal $, Templates and macros
template functions, Using template functions
threaded, flags(), flags(), flags(), Configuring multithreading
threaded(), Multithreading concepts of syslog-ng PE, Multithreading concepts of syslog-ng PE, Multithreading concepts of syslog-ng PE
threading, Multithreading and scaling in syslog-ng PE
throttle, Possible causes of losing log messages
Thu, WEEK_DAY_ABBREV, C_WEEK_DAY_ABBREV, R_WEEK_DAY_ABBREV, S_WEEK_DAY_ABBREV
time-reap(), file: Storing messages in plain-text files
time-reopen(), How syslog-ng PE interacts with Elasticsearch, How syslog-ng PE interacts with Elasticsearch, hdfs: Storing messages on the Hadoop Distributed File System (HDFS), Error handling, The way syslog-ng interacts with the database, The way syslog-ng interacts with the database, The way syslog-ng interacts with the database
time-zone(), Timezones and daylight saving, Timezones and daylight saving, Date-related macros
timeout(), Correlating messages using the grouping-by() parser, timeout()
timestamp, A note on timezones and timestamps, The HEADER message part, The HEADER message part, General recommendations
timestamp(), timestamp()
timestamp(recvd), Parsing dates and timestamps
timezone
in chroots, Best practices and examples
timezone(), timezone(), timezone()
timezones, Timezones and daylight saving, A note on timezones and timestamps
TLS, network() source options, syslog: Collecting messages using the IETF syslog protocol (syslog() driver), syslog() source options, Secure logging using TLS
configuring, Encrypting log messages with TLS, Mutual authentication using TLS
reference, TLS options
tls, flags(), flags(), syslog: Sending messages to a remote logserver using the IETF-syslog protocol
tls(), Encrypting log messages with TLS, Mutual authentication using TLS, Mutual authentication using TLS, TLS options
tlsv1, ssl-version()
tlsv1_0, ssl-version()
tlsv1_1, ssl-version()
tlsv1_2, ssl-version()
to(), smtp: Generating SMTP messages (e-mail) from logs, to()
Tomcat logs, multi-line-prefix(), multi-line-prefix(), multi-line-prefix()
topic(), Kafka destination options
transport layer security
TLS, Secure logging using TLS
transport(tls), TLS options
trigger, Attributes
trigger(), Correlating messages using the grouping-by() parser, trigger()
triggered messages, Triggering actions for identified messages
triggers, Triggering actions for identified messages
troubleshooting, Troubleshooting syslog-ng
core files, Troubleshooting syslog-ng
failure script, Troubleshooting syslog-ng
strace, Collecting debugging information with strace, truss, or tusc
syslog-ng, Troubleshooting syslog-ng, Troubleshooting syslog-ng
truss, Collecting debugging information with strace, truss, or tusc
tusc, Collecting debugging information with strace, truss, or tusc
truncating messages, Message size and encoding
truss, Collecting debugging information with strace, truss, or tusc
trusted-dn(), trusted-keys(), trusted-keys()
trusted-keys(), trusted-keys(), trusted-keys(), trusted-keys()
trusted_dn(), trusted-dn()
trusted_keys(), trusted-keys()
ts-format(), The HEADER message part, The HEADER message part, ts-format(), ts-format(), ts-format(), ts-format(), ts-format(), ts-format(), ts-format(), ts-format(), ts-format(), ts-format(), STAMP, R_STAMP, S_STAMP, ts-format()
tusc, Collecting debugging information with strace, truss, or tusc
type(), Elasticsearch destination options, Elasticsearch2 destination options, sql: Storing messages in an SQL database, Using wildcards, special characters, and regular expressions in filters, Using wildcards, special characters, and regular expressions in filters, Replacing message parts, Types and options of regular expressions, pcre
type-casting, Specifying data types in value-pairs, on-error(), on-error(), on-error(), on-error(), on-error(), on-error(), on-error()
type-hinting, Specifying data types in value-pairs
typecasting (see type-casting)
TZ, Date-related macros, Hard vs. soft macros
TZOFFSET, Date-related macros, Hard vs. soft macros

U

udp, ip() or localip(), ip() or localip(), tcp, tcp6, udp, udp6: Collecting messages from remote hosts using the BSD syslog protocol, syslog: Sending messages to a remote logserver using the IETF-syslog protocol, tcp, tcp6, udp, udp6: Sending messages to a remote log server using the legacy BSD-syslog protocol (tcp(), udp() drivers), Using disk-based and memory buffering, Enabling reliable disk-based buffering, Enabling normal disk-based buffering, Multithreading concepts of syslog-ng PE
udp(), Things to consider when forwarding messages between syslog-ng PE hosts, tcp, tcp6, udp, udp6: Collecting messages from remote hosts using the BSD syslog protocol, tcp, tcp6, udp, udp6: Collecting messages from remote hosts using the BSD syslog protocol, tcp(), tcp6(), udp() and udp6() source options — OBSOLETE, tcp(), tcp6(), udp() and udp6() source options — OBSOLETE, tcp(), tcp6(), udp() and udp6() source options — OBSOLETE, tcp, tcp6, udp, udp6: Sending messages to a remote log server using the legacy BSD-syslog protocol (tcp(), udp() drivers), tcp, tcp6, udp, udp6: Sending messages to a remote log server using the legacy BSD-syslog protocol (tcp(), udp() drivers), tcp(), tcp6(), udp(), and udp6() destination options, tcp(), tcp6(), udp(), and udp6() destination options, tcp(), tcp6(), udp(), and udp6() destination options
udp6, tcp, tcp6, udp, udp6: Collecting messages from remote hosts using the BSD syslog protocol, tcp, tcp6, udp, udp6: Sending messages to a remote log server using the legacy BSD-syslog protocol (tcp(), udp() drivers)
udp6(), tcp, tcp6, udp, udp6: Collecting messages from remote hosts using the BSD syslog protocol, tcp, tcp6, udp, udp6: Collecting messages from remote hosts using the BSD syslog protocol, tcp(), tcp6(), udp() and udp6() source options — OBSOLETE, tcp(), tcp6(), udp() and udp6() source options — OBSOLETE, tcp(), tcp6(), udp() and udp6() source options — OBSOLETE, tcp, tcp6, udp, udp6: Sending messages to a remote log server using the legacy BSD-syslog protocol (tcp(), udp() drivers), tcp, tcp6, udp, udp6: Sending messages to a remote log server using the legacy BSD-syslog protocol (tcp(), udp() drivers), tcp(), tcp6(), udp(), and udp6() destination options, tcp(), tcp6(), udp(), and udp6() destination options, tcp(), tcp6(), udp(), and udp6() destination options
ulimit, file() destination options, file() destination options
unicode, pcre
uninstalling syslog-ng PE, Uninstalling syslog-ng PE
UNIQID, UNIQID
unix-dgram, How sources work, optional(), optional(), optional(), unix-stream, unix-dgram: Collecting messages from UNIX domain sockets, optional(), unix-stream, unix-dgram: Sending messages to UNIX domain sockets, Possible causes of losing log messages
unix-dgram(), unix-stream, unix-dgram: Collecting messages from UNIX domain sockets, unix-stream() and unix-dgram() source options, keep-alive(), max-connections(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), unix-stream, unix-dgram: Sending messages to UNIX domain sockets, unix-stream() and unix-dgram() destination options, mark-mode(), mark-mode(), mark-mode(), mark-mode(), Using disk-based and memory buffering, Enabling reliable disk-based buffering, Enabling normal disk-based buffering, mark-mode(), mark-mode(), mark-mode(), mark-mode()
unix-stream, How sources work, optional(), optional(), optional(), unix-stream, unix-dgram: Collecting messages from UNIX domain sockets, optional(), unix-stream, unix-dgram: Sending messages to UNIX domain sockets, Possible causes of losing log messages
unix-stream(), The configuration syntax in detail, unix-stream, unix-dgram: Collecting messages from UNIX domain sockets, unix-stream() and unix-dgram() source options, mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), mark-mode(), unix-stream, unix-dgram: Sending messages to UNIX domain sockets, unix-stream() and unix-dgram() destination options, mark-mode(), mark-mode(), mark-mode(), mark-mode(), Using disk-based and memory buffering, Enabling reliable disk-based buffering, Enabling normal disk-based buffering, mark-mode(), mark-mode(), mark-mode(), mark-mode(), syslog-ng.conf
UNIXTIME, Date-related macros, Hard vs. soft macros
unknown, Using parser results in filters and templates
unsetting message fields, Unsetting message fields
uri(), database() (DEPRECATED), password() (DEPRECATED), path() (DEPRECATED), safe-mode() (DEPRECATED), servers() (DEPRECATED), username() (DEPRECATED)
use-dns(), How relaying log messages works, keep-hostname(), keep-hostname(), keep-hostname(), keep-hostname(), FULLHOST, FULLHOST_FROM, FULLHOST_FROM, HOST, HOST_FROM, HOST_FROM, Using name resolution in syslog-ng
use-fqdn(), Version 6 LTS - 7.0, FULLHOST, FULLHOST_FROM, HOST, HOST_FROM
use-rcptid, use-rcptid() (DEPRECATED) , RCPTID
use-uniqid(), custom-id(), custom-id(), use-rcptid() (DEPRECATED) , use-uniqid()
USEC, Date-related macros
user@example.com, @EMAIL@
usertty, usertty: Sending messages to a user terminal — usertty() destination
usertty(), usertty: Sending messages to a user terminal — usertty() destination, Handling large message load
use_dns(), keep-hostname()
use_uniqid(), use-uniqid()
UTC, A note on timezones and timestamps

X

XML parsers, The XML parser
xml(), The XML parser
xmllint, The XML parser
xml_parser, The XML parser
xx:xx:xx:..., @LLADDR@