'\" t
.\" Title: syslog-ng
.\" Author: [see the "Author" section]
.\" Generator: DocBook XSL Stylesheets vsnapshot
.\" Date: 01/30/2023
.\" Manual: The syslog-ng manual page
.\" Source: 3.38
.\" Language: English
.\"
.TH "SYSLOG\-NG" "8" "01/30/2023" "3\&.38" "The syslog-ng manual page"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.\" http://bugs.debian.org/507673
.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.ie \n(.g .ds Aq \(aq
.el .ds Aq '
.\" -----------------------------------------------------------------
.\" * set default formatting
.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
.\" -----------------------------------------------------------------
.\" * MAIN CONTENT STARTS HERE *
.\" -----------------------------------------------------------------
.SH "NAME"
syslog-ng \- syslog\-ng system logger application
.SH "SYNOPSIS"
.HP \w'\fBsyslog\-ng\fR\ 'u
\fBsyslog\-ng\fR [options]
.SH "DESCRIPTION"
.PP
This manual page is only an abstract, for the complete documentation of syslog\-ng, see
\m[blue]\fB\fBThe Administrator Guide\fR\fR\m[]\&\s-2\u[1]\d\s+2
or
\m[blue]\fBthe official syslog\-ng website\fR\m[]\&\s-2\u[2]\d\s+2\&.
.PP
The application is a flexible and highly scalable system logging application\&. Typically, syslog\-ng is used to manage log messages and implement centralized logging, where the aim is to collect the log messages of several devices on a single, central log server\&. The different devices \- called syslog\-ng clients \- all run syslog\-ng, and collect the log messages from the various applications, files, and other
\fIsources\fR\&. The clients send all important log messages to the remote syslog\-ng server, where the server sorts and stores them\&.
.SH "OPTIONS"
.PP
\fB\-\-caps\fR
.RS 4
Run process with the specified POSIX capability flags\&.
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
If the
\fI\-\-no\-caps\fR
option is not set, and the host supports CAP_SYSLOG, uses the following capabilities: "cap_net_bind_service, cap_net_broadcast, cap_net_raw, cap_dac_read_search, cap_dac_override, cap_chown, cap_fowner=p cap_syslog=ep"
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
If the
\fI\-\-no\-caps\fR
option is not set, and the host does not support CAP_SYSLOG, uses the following capabilities: "cap_net_bind_service, cap_net_broadcast, cap_net_raw,cap_dac_read_search, cap_dac_override, cap_chown, cap_fowner=p cap_sys_admin=ep"
.RE
.sp
For example:
.sp
.if n \{\
.RS 4
.\}
.nf
/usr/sbin/syslog\-ng \-Fv \-\-caps cap_sys_admin,cap_chown,cap_dac_override,cap_net_bind_service,cap_fowner=pi
.fi
.if n \{\
.RE
.\}
.sp
Note that the capabilities are not case sensitive, the following command is also good:
\fB /usr/sbin/syslog\-ng \-Fv \-\-caps CAP_SYS_ADMIN,CAP_CHOWN,CAP_DAC_OVERRIDE,CAP_NET_BIND_SERVICE,CAP_FOWNER=pi\fR
.sp
For details on the capability flags, see the following man pages:
cap_from_text(3)
and
capabilities(7)
.RE
.PP
\fB\-\-cfgfile \fR or \fB\-f \fR
.RS 4
Use the specified configuration file\&.
.RE
.PP
\fB\-\-chroot \fR or \fB\-C \fR
.RS 4
Change root to the specified directory\&. The configuration file is read after chrooting so, the configuration file must be available within the chroot\&. That way it is also possible to reload the syslog\-ng configuration after chrooting\&. However, note that the
\fI\-\-user\fR
and
\fI\-\-group\fR
options are resolved before chrooting\&.
.RE
.PP
\fB\-\-control \fR or \fB\-c \fR
.RS 4
Set the location of the syslog\-ng control socket\&. Default value:
/var/lib/syslog\-ng/syslog\-ng\&.ctl
.RE
.PP
\fB\-\-debug\fR or \fB\-d\fR
.RS 4
Start syslog\-ng in debug mode\&.
.RE
.PP
\fB\-\-enable\-core\fR
.RS 4
Enable syslog\-ng to write core files in case of a crash to help support and debugging\&.
.RE
.PP
\fB\-\-fd\-limit \fR
.RS 4
Set the minimal number of required file descriptors (fd\-s)\&. This sets how many files syslog\-ng can keep open simultaneously\&. Default value:
\fI4096\fR\&. Note that this does not override the global ulimit setting of the host\&.
.RE
.PP
\fB\-\-foreground\fR or \fB\-F\fR
.RS 4
Do not daemonize, run in the foreground\&. When running in the foreground, starts from the current directory (\fB$CWD\fR) so it can create core files (normally, starts from
$PREFIX/var)\&.
.RE
.PP
\fB\-\-group \fR or \fB\-g \fR
.RS 4
Switch to the specified group after initializing the configuration file\&.
.RE
.PP
\fB\-\-help\fR or \fB\-h\fR
.RS 4
Display a brief help message\&.
.RE
.PP
\fB\-\-module\-registry\fR
.RS 4
Display the list and description of the available modules\&. Available only in and later\&.
.RE
.PP
\fB\-\-no\-caps\fR
.RS 4
Run syslog\-ng as root, without capability\-support\&. This is the default behavior\&. On Linux, it is possible to run syslog\-ng as non\-root with capability\-support if syslog\-ng was compiled with the
\fI\-\-enable\-linux\-caps\fR
option enabled\&. (Execute
\fBsyslog\-ng \-\-version\fR
to display the list of enabled build parameters\&.)
.sp
To run with specific capabilities, use the
\fI\-\-caps\fR
option\&.
.RE
.PP
\fB\-\-persist\-file \fR or \fB\-R \fR
.RS 4
Set the path and name of the
syslog\-ng\&.persist
file where the persistent options and data are stored\&.
.RE
.PP
\fB\-\-pidfile \fR or \fB\-p \fR
.RS 4
Set path to the PID file where the pid of the main process is stored\&.
.RE
.PP
\fB\-\-preprocess\-into