Syslog-NG Installation
The Syslog-NG, or System Log Next-Generation, service is an updated version of the default Syslog service found on FreeBSD and other UNIX and Unix-like systems (a paid-for version exists for Microsoft operating systems). Enhancements include the ability to filtering content, various methods of storing information including separate files-per-device or MySQL databases and, perhaps a key feature, the addition of TCP for transportation of events (typically UDP is used on basic Syslog services).
The source code for Syslog-NG was used to create a commercial product maintained by | Balabit under the name Syslog-NG Premium Edition. This is a paid-for-support version of the free Syslog-NG code and revenue from it is used to fund development of the free edition.
Purpose
For a background on the default Syslog service installed on FreeBSD see the main Syslog article. The following is an explanation of the purpose of Syslog-NG specifically.
The purpose of installing and utilising Syslog-NG becomes apparent when you begin to monitor Syslog events from multiple servers (and other network-attached Syslog-capable devices) and require a centralised method in which to do so. Furthermore the ability to easily track, view and manage Syslog events are important. The enhancements made to Syslog-NG permit this functionality.
Examples
There are a number of reasons why upgrading to Syslog-NG is beneficial:
- a data-centre that houses numerous network devices all capable of sending Syslog event notifications;
- a medium-to-large organisation that has a wide-spread presence in different locations;
- fault detection of unmanned systems.
They all run along similar lines and many medium and larger organisations may benefit from utilising Syslog-NG somewhere on the corporate network.
