syslog-ng documentation

Your main source of knowledge

The syslog-ng product family has an extensive documentation, covering everything from how to install a product to the most complex configuration and settings descriptions. If you cannot find an answer to your question, try the mailing list - our community is always eager to help.

syslog-ng Premium Edition


4.3.1. Procedure – Configuring syslog-ng on relay hosts


To configure syslog-ng on a relay host, complete the following steps:


  1. Install the syslog-ng application on the host. For details installing syslog-ng on specific operating systems, see Chapter 3, Installing syslog-ng.

  2. Configure the network sources that collect the log messages sent by the clients.

  3. Create a network destination that points to the syslog-ng server. Make sure that you use a destination that matches the source you configured in the previous step. For details, see Section 2.13, Things to consider when forwarding messages between syslog-ng PE hosts.

  4. Create a log statement connecting the network sources to the syslog-ng server.

  5. Configure the local sources that collect the log messages of the relay host.

  6. Create a log statement connecting the local sources to the syslog-ng server.

  7. Enable the keep-hostname() and disable the chain-hostnames() options. (For details on how these options work, see Section chain-hostnames().)


    It is recommended to use these options on your syslog-ng PE server as well.

  8. Set filters and options (for example TLS encryption) as necessary.


    By default, the syslog-ng server will treat the relayed messages as if they were created by the relay host, not the host that originally sent them to the relay. In order to use the original hostname on the syslog-ng server, use the keep-hostname(yes) option both on the syslog-ng relay and the syslog-ng server. This option can be set individually for every source if needed.

    If you are relaying log messages and want to resolve IP addresses to hostnames, configure the first relay to do the name resolution.

    Example 4.4. A simple configuration for relays

    The following is a simple configuration file that collects local and incoming log messages and forwards them to a logserver using the IETF-syslog protocol.

    @version: 7.0.8
    @include "scl.conf"
        options {
        source s_local { system(); internal(); };
        source s_network {
        destination d_syslog_tcp {
            syslog("" transport("tcp") port(2010));
        log { source(s_local); source(s_network);