CentOS 7 – Tools to set up a logging server

How to set a static IP address on Windows Server 2019

Logging means collecting system and service output information. It can be simple information, a warning, or an error for telling the status of the concerned daemon. For a system administrator, the daily work load can be really heavy. Thus, they have always been adopting the best logging tools to monitor their infrastructure’s behavior. Also, the relevant information should be readable and quickly understandable.

Many system administrators mainly use either of two open source solutions: Syslog-ng and Rsyslog.


Rsyslog is a rocket-fast system for log processing. It offers high performance, great security, and a modular design. It has developed quickly and has evolved to be considered as a Swiss Army Knife in the logging field. It has a strong enterprise focus and also scales down to smaller systems. It supports MySQL, PostgreSQL, failover log destinations, syslog/tcp transport, fine-grained output format control, high-precision timestamps, queued operations, and the ability to filter parts of any message.

Rsyslog has the ability to listen to TCP/UDP connections, but with a downside due to its limitation to the log rate, where it can lose some of the log information during an overload. It can load a decent number of modules. It can also discriminate log filtering by program, source, message, PID, and so on.


Syslog-ng is an open source implementation of the syslog protocol for Linux and Unix-like systems. It features content-based filtering, rich filtering compatibilities, and flexible configuration. It also adds some important features to syslog, such as these:

  • Using TCP for transporting logging information
  • The ability to format log messages using the Unix-shell-like (bash) variable expansion
  • The ability to send log messages to local applications
  • The ability to save logging information directly to a database
  • Classifying incoming log messages and, at the same time, extracting structured information from unstructured syslog messages
  • Processing structured message formats transmitted over syslog
  • The ability to correlate multiple incoming messages to form a more complex, correlated event

Syslog-ng is the next generation successor of syslog. It is one of the best tools for managing logs; it treats the log entities as an object (source, destination, filter, and so on), and its syntax is easily understandable. It is a highly portable application and is available for many more platforms, which makes it very suitable for sites with diversity in platforms. It has the capacity to compare the contents of log messages to a database of predefined message patterns. Thus, Syslog-ng is able to identify the exact type of messages and sort them into message classes. Then, it can be used to classify the type of event described in the log messages.

Here, we are going to install and configure Syslog-ng in CentOS 7 to be our logging server.

Comments are closed.