Setup syslog-ng on RedHat

Any quick reference guide that can help me to setup a syslog-ng on Redhat / Centos ? I need to setup it up within a very short time...

Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Need a little more detail.  Do you need to do any more than a basic setup?
Syslog/syslog are installed by default d are configurable through /etc/syslog.conf or /etc/r syslog.conf
Syslog-ng if not mistaken is a syslog function one installed on a windows system.

Rsyslog is a more robust version of syslog, includes external tie-ins, functionality.

The transition, is yum erase syslog, yum install rsyslog.
syslog-ng does run on Linux, I'm not sure if it runs on Windows.

I believe that rsyslog is newer than syslog-ng, but they both perform the same function.  There is a newer program, journald, that is being used to replace both of rsyslog and syslog-ng.  I'm not sure what RedHat is using bye default now, I think it is rsyslog, but I think they are going to be using journald soon.  I know that journald is what RedHat is using in Fedora now (since Fedora 20).
Acronis True Image 2019 just released!

Create a reliable backup. Make sure you always have dependable copies of your data so you can restore your entire system or individual files.

AXISHKAuthor Commented:
I need to setup syslog-ng on the current RedHat, appreciate for any useful resource to set it up shortly, Tks
In short it is not available through a repository, you either need to find an RPM and install it, or get tge source, compile and install?
Doesn't the existing version do what you need?
AXISHKAuthor Commented:
Existing RedHat servers don't have subscription, probably need to download the package and install it manually.

Afterwards, I need to configure it.

Really need some quick reference to set it up within a short period of time.... Tks
You keep saying that you need to quickly configure, without any info in what it is you are looking for it to do.

What do you need it to be able to do?
AXISHKAuthor Commented:
1. install the syslog-ng on RedHat servers.
2. Configure it to send the Apache log and error log ( in a particular directories) to a centralized servers.

You first have to configure Apache to log to syslog versus to a file, I.e. local6
In /etc/syslog.conf or rsyslog.conf as applicable
You would have the following line
local6.*              @ip_of_centralsyslog_server

That is all that is needed.
On the central server you have to deal with getting local6. Events as well as make sure it is open to receive (iptables open 514 UDP if I am not mistaken) while the central syslog configure to bind to IP/port.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
AXISHKAuthor Commented:
last question ... Any good reference guide such that I can go through the setup step-by-step.... Tks
Usually the syslog.conf includes some examples/descriptions.
similar with rsyslog.conf

Using man or apropo syslog/rsyslog there are sections dealing with the conf files as well.
There is a official documentation from Balabit, I used it regularly for references:
I just checked and we are running RedHat 6.4 which seems to come with rsyslog by default and as Arnold has pointed out it can forward to remote syslog servers.

So do you really need syslog-ng installed, or do you just need to have the Apache logs forwarded to a central syslog server?
AXISHKAuthor Commented:
How to forward Apache log ot the central syslog ? Tks

ErrorLog syslog:facility
TransferLog syslog:facility
where facility is the level that you will then use in the syslog.conf to forward the requests.
You can have two entries in syslog.conf one writes the data to file, while another forwards the request....
AXISHKAuthor Commented:
Say for a apache server to send log to syslog ng
On syslog-ng server, under /etc/syslog-ng/syslog-ng.conf :
 - create a new configuration file, setup the filter and destination for the device.

On Apache, no need to install syslog-ng, no need to install syslog-ng, correct ?
Can you show me where configuration file and setting should I need to change in Apache,  

Thanks again.
This ongoing thread has derived from the original question. I suggest opening a new thread for the specific setup regarding syslog-ng and apache.
AXISHKAuthor Commented:
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.