Because it offers more flexibility, SUSE Linux Enterprise Server 10 uses the syslog-ng service instead of the older syslog services. The syslog-ng service offers some important improvements over the old service. One of the most important improvements is the ability to apply filtering on messages, thus allowing the administrator to specify how a message should be handled. Also, the configuration options for use in a networked environment are greatly improved.
Messages that are generated by services on your server are sent by syslog-ng to different destinations, based on an assigned facility/priority pair. This destination can be a log file, a TTY, a user who is currently logged in, or a central log server on the network. The facility determines where a message should be sent, and the priority defines the severity level of a message that is logged. One problem in the old syslog structure was that this solution was far too generic. Some facilities, such as daemon, for example, are used by many programs that aren't even related to each other. This sys-log-ng service resolves this problem. One of its major benefits is the ability to filter messages based on the contents of the messages. This ability is added to the old way of matching priorities and facilities. Another advantage of syslog-ng compared to the old syslog solution is that it makes remote logging more flexible and more secure at the same time.
The most important part of the system logging services is the daemon syslog-ng that is started by default in runlevels 2, 3, and 5. To determine what it should do, syslog-ng reads its configuration file, /etc/syslog-ng/syslog-ng-conf.You can find more details about this file in the next section. To determine how it is started, syslog-ng reads a configuration file from /etc/sysconfig with the name syslog. In this configuration file, some generic parameters are set that are used by syslog-ng when it starts; these parameters determine how the service is started. For example, if you want to enable your syslogd process to accept messages from other servers, you can add the option -r to the SYSLOGD_PARAMS line in this file.
Was this article helpful?