syslog-ng(8)

SYSLOG-NG(8) The syslog-ng manual page SYSLOG-NG(8)

NAME
syslog-ng - syslog-ng system logger application

SYNOPSIS
syslog-ng [options]

DESCRIPTION
This manual page is only an abstract, for the complete documentation of
syslog-ng, see The Administrator Guide[1] or the official syslog-ng
website[2].

The application is a flexible and highly scalable system logging
application. Typically, syslog-ng is used to manage log messages and
implement centralized logging, where the aim is to collect the log
messages of several devices on a single, central log server. The
different devices - called syslog-ng clients - all run syslog-ng, and
collect the log messages from the various applications, files, and
other sources. The clients send all important log messages to the
remote syslog-ng server, where the server sorts and stores them.

OPTIONS
--caps
Run process with the specified POSIX capability flags.

o If the --no-caps option is not set, and the host supports
CAP_SYSLOG, uses the following capabilities:
"cap_net_bind_service, cap_net_broadcast, cap_net_raw,
cap_dac_read_search, cap_dac_override, cap_chown, cap_fowner=p
cap_syslog=ep"

o If the --no-caps option is not set, and the host does not
support CAP_SYSLOG, uses the following capabilities:
"cap_net_bind_service, cap_net_broadcast,
cap_net_raw,cap_dac_read_search, cap_dac_override, cap_chown,
cap_fowner=p cap_sys_admin=ep"

For example:

/usr/sbin/syslog-ng -Fv --caps cap_sys_admin,cap_chown,cap_dac_override,cap_net_bind_service,cap_fowner=pi

Note that the capabilities are not case sensitive, the following
command is also good:
/usr/sbin/syslog-ng -Fv --caps
CAP_SYS_ADMIN,CAP_CHOWN,CAP_DAC_OVERRIDE,CAP_NET_BIND_SERVICE,CAP_FOWNER=pi

For details on the capability flags, see the following man pages:
cap_from_text(3) and capabilities(7)

--cfgfile <file> or -f <file>
Use the specified configuration file.

--chroot <dir> or -C <dir>
Change root to the specified directory. The configuration file is
read after chrooting so, the configuration file must be available
within the chroot. That way it is also possible to reload the
syslog-ng configuration after chrooting. However, note that the
--user and --group options are resolved before chrooting.

--control <file> or -c <file>
Set the location of the syslog-ng control socket. Default value:
/var/run/syslog-ng.ctl

--debug or -d
Start syslog-ng in debug mode.

--enable-core
Enable syslog-ng to write core files in case of a crash to help
support and debugging.

--fd-limit <number>
Set the minimal number of required file descriptors (fd-s). This
sets how many files syslog-ng can keep open simultaneously. Default
value: 4096. Note that this does not override the global ulimit
setting of the host.

--foreground or -F
Do not daemonize, run in the foreground. When running in the
foreground, starts from the current directory ($CWD) so it can
create core files (normally, starts from $PREFIX/var).

--group <group> or -g <group>
Switch to the specified group after initializing the configuration
file.

--help or -h
Display a brief help message.

--module-registry
Display the list and description of the available modules.
Available only in and later.

--no-caps
Run syslog-ng as root, without capability-support. This is the
default behavior. On Linux, it is possible to run syslog-ng as
non-root with capability-support if syslog-ng was compiled with the
--enable-linux-caps option enabled. (Execute syslog-ng --version to
display the list of enabled build parameters.)

To run with specific capabilities, use the --caps option.

--persist-file <persist-file> or -R <persist-file>
Set the path and name of the syslog-ng.persist file where the
persistent options and data are stored.

--pidfile <pidfile> or -p <pidfile>
Set path to the PID file where the pid of the main process is
stored.

--preprocess-into <output-file>
After processing the configuration file and resolving included
files and variables, write the resulting configuration into the
specified output file. Available only in and later.

--process-mode <mode>
Sets how to run syslog-ng: in the foreground (mainly used for
debugging), in the background as a daemon, or in safe-background
mode. By default, syslog-ng runs in safe-background mode. This mode
creates a supervisor process called supervising syslog-ng , that
restarts syslog-ng if it crashes.

--stderr or -e
Log internal messages of syslog-ng to stderr. Mainly used for
debugging purposes in conjunction with the --foreground option. If
not specified, syslog-ng will log such messages to its internal
source.

--syntax-only or -s
Verify that the configuration file is syntactically correct and
exit.

--user <user> or -u <user>
Switch to the specified user after initializing the configuration
file (and optionally chrooting). Note that it is not possible to
reload the syslog-ng configuration if the specified user has no
privilege to create the /dev/log file.

--verbose or -v
Enable verbose logging used to troubleshoot syslog-ng.

--version or -V
Display version number and compilation information, and also the
list and short description of the available modules. For detailed
description of the available modules, see the --module-registry
option.

--worker-threads
Sets the number of worker threads can use, including the main
thread. Note that certain operations in can use threads that are
not limited by this option. This setting has effect only when is
running in multithreaded mode. Available only in and later. See The
3.27 Administrator Guide for details.

FILES
/usr/

/etc/syslog-ng/syslog-ng.conf