4.3.1. Procedure – Configuring syslog-ng on relay hosts The syslog-ng Premium Edition 7 Administrator Guide
To configure syslog-ng on a relay host, complete the following steps:
Install the syslog-ng application on the host. For details installing syslog-ng on specific operating systems, see Chapter 3, Installing syslog-ng.
Configure the network sources that collect the log messages sent by the clients.
Create a network destination that points to the syslog-ng server. Make sure that you use a destination that matches the source you configured in the previous step. For details, see Section 2.13, Things to consider when forwarding messages between syslog-ng PE hosts.
Create a log statement connecting the network sources to the syslog-ng server.
Configure the local sources that collect the log messages of the relay host.
Create a log statement connecting the local sources to the syslog-ng server.
keep-hostname()and disable the
chain-hostnames()options. (For details on how these options work, see Section chain-hostnames().)
It is recommended to use these options on your syslog-ng PE server as well.
Set filters and options (for example TLS encryption) as necessary.
By default, the syslog-ng server will treat the relayed messages as if they were created by the relay host, not the host that originally sent them to the relay. In order to use the original hostname on the syslog-ng server, use the
keep-hostname(yes)option both on the syslog-ng relay and the syslog-ng server. This option can be set individually for every source if needed.
If you are relaying log messages and want to resolve IP addresses to hostnames, configure the first relay to do the name resolution.