I've recently set up sysutils/loki to (hopefully) simplify log management. I currently have it working, but in a "first step" kind of way (specifically, syslogd on the local machine sends to it over UDP, and nothing but the local machine sends to it at all). I hope to replace syslogd with sysutils/syslog-ng so that I can use encrypted TCP to send from it to Loki (note: I know about the alternate security/stunnel idea, but I'd prefer changing to syslog-ng), and then to open Loki up as the central logger for my whole network. While investigating this, I've run into a question about syslogd that I want to make sure I understand the answer for before proceeding.
The documentation I've found on this stuff so far largely assumes Linux. I don't know much about the specifics of logging on Linux and how they differ from FreeBSD, but based on the facts that...
(1) I currently have syslogd/Loki working on FreeBSD simply by configuring Loki's UDP port as a destination in syslog.conf, and...
(2) Sample configuration I've seen for Linux has an additional step, which is to configure the source of the messages that go to Loki to be a file in /var/log...
... I'm guessing that FreeBSD's syslogd receives local messages from the kernel (or some other low-level thing), and if you replace syslogd with syslog-ng, syslog-ng simply receives those local messages from the kernel/whatever instead; in either case, the receiving process then writes stuff to whatever destinations you configure (files or a socket or whatever). As opposed to Linux, where (based on the config I've seen) I'm guessing that there's not that extra level of configurable redirection in between "kernel" and "files"; messages go to /var/log or whatever, and if you want them to also go elsewhere, you have to pull them from the files.
So, assuming that's correct (at least the FreeBSD part of it), then if I just replace syslogd with syslog-ng, I shouldn't have to worry about configuring the source of the local messages, as I apparently would have to in the Linux case. Is this right?
Thanks in advance.
The documentation I've found on this stuff so far largely assumes Linux. I don't know much about the specifics of logging on Linux and how they differ from FreeBSD, but based on the facts that...
(1) I currently have syslogd/Loki working on FreeBSD simply by configuring Loki's UDP port as a destination in syslog.conf, and...
(2) Sample configuration I've seen for Linux has an additional step, which is to configure the source of the messages that go to Loki to be a file in /var/log...
... I'm guessing that FreeBSD's syslogd receives local messages from the kernel (or some other low-level thing), and if you replace syslogd with syslog-ng, syslog-ng simply receives those local messages from the kernel/whatever instead; in either case, the receiving process then writes stuff to whatever destinations you configure (files or a socket or whatever). As opposed to Linux, where (based on the config I've seen) I'm guessing that there's not that extra level of configurable redirection in between "kernel" and "files"; messages go to /var/log or whatever, and if you want them to also go elsewhere, you have to pull them from the files.
So, assuming that's correct (at least the FreeBSD part of it), then if I just replace syslogd with syslog-ng, I shouldn't have to worry about configuring the source of the local messages, as I apparently would have to in the Linux case. Is this right?
Thanks in advance.
