Skip to content

Instantly share code, notes, and snippets.

What would you like to do?
Syslog-NG CONF file running 5.0 PE version in Prod
@version: 5.0
#Default configuration file for syslog-ng.
# For a description of syslog-ng configuration file directives, please read
# the syslog-ng Administrator's guide at:
@include "scl.conf"
options {
time_reopen (10);
log_fifo_size (1000); # amount of lines kept in memory
flush_lines (100); # caches this many lines before writing to destination -- may want to lower for non-PAs
chain_hostnames (off); # only useful if sending syslog->syslog
# These conflict. If keep-hostname is set to yes, the hostname in the file will be used regardless.
#use-dns (yes);
keep-hostname (yes);
use-fqdn (yes);
threaded(yes); # multi-threaded!
# splunk user owns all the directories and files
dir_owner( splunk );
owner( splunk );
dir_group( splunk );
group( splunk );
# perms for files and dirs
perm ( 0600 );
dir_perm( 0700 );
create_dirs ( yes ); # create directories as needed
normalize_hostnames ( yes ); # converts hostname to lowercase
# log-fifo-size is the combined output queue, see the tuning below
log-fifo-size (2000000);
# Source additional configuration files (.conf extension only)
@include "/opt/syslog-ng/etc/conf.d/*.conf"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.