How To Install syslog-ng on CentOS 8

syslog-ng is Next-generation syslog server

Introduction

In this tutorial we learn how to install syslog-ng on CentOS 8.

What is syslog-ng

syslog-ng is an enhanced log daemon, supporting a wide range of input and output methods and NoSQL alike) and more. Key features * receive and send RFC3164 and RFC5424 style syslog messages * work with any kind of unstructured data * receive and send JSON formatted messages * classify and structure logs with builtin parsers (csv-parser(), db-parser(), …) * normalize, crunch and process logs as they flow through the system * hand on messages for further processing using message queues (like AMQP), files or databases (like PostgreSQL or MongoDB).

We can use yum or dnf to install syslog-ng on CentOS 8. In this tutorial we discuss both methods but you only need to choose one of method to install syslog-ng.

Install syslog-ng on CentOS 8 Using dnf

Update yum database with dnf using the following command.

sudo dnf makecache --refresh

The output should look something like this:

CentOS Linux 8 - AppStream                                       43 kB/s | 4.3 kB     00:00    
CentOS Linux 8 - BaseOS                                          65 kB/s | 3.9 kB     00:00    
CentOS Linux 8 - ContinuousRelease                               43 kB/s | 3.0 kB     00:00    
CentOS Linux 8 - Extras                                          23 kB/s | 1.5 kB     00:00    
CentOS Linux 8 - FastTrack                                       40 kB/s | 3.0 kB     00:00    
CentOS Linux 8 - HighAvailability                                36 kB/s | 3.9 kB     00:00    
CentOS Linux 8 - Plus                                            24 kB/s | 1.5 kB     00:00    
CentOS Linux 8 - PowerTools                                      50 kB/s | 4.3 kB     00:00    
Extra Packages for Enterprise Linux Modular 8 - x86_64           13 kB/s | 9.2 kB     00:00    
Extra Packages for Enterprise Linux 8 - x86_64                   24 kB/s | 8.5 kB     00:00    
Metadata cache created.

After updating yum database, We can install syslog-ng using dnf by running the following command:

sudo dnf -y install syslog-ng

Install syslog-ng on CentOS 8 Using yum

Update yum database with yum using the following command.

sudo yum makecache --refresh

The output should look something like this:

CentOS Linux 8 - AppStream                                       43 kB/s | 4.3 kB     00:00    
CentOS Linux 8 - BaseOS                                          65 kB/s | 3.9 kB     00:00    
CentOS Linux 8 - ContinuousRelease                               43 kB/s | 3.0 kB     00:00    
CentOS Linux 8 - Extras                                          23 kB/s | 1.5 kB     00:00    
CentOS Linux 8 - FastTrack                                       40 kB/s | 3.0 kB     00:00    
CentOS Linux 8 - HighAvailability                                36 kB/s | 3.9 kB     00:00    
CentOS Linux 8 - Plus                                            24 kB/s | 1.5 kB     00:00    
CentOS Linux 8 - PowerTools                                      50 kB/s | 4.3 kB     00:00    
Extra Packages for Enterprise Linux Modular 8 - x86_64           13 kB/s | 9.2 kB     00:00    
Extra Packages for Enterprise Linux 8 - x86_64                   24 kB/s | 8.5 kB     00:00    
Metadata cache created.

After updating yum database, We can install syslog-ng using yum by running the following command:

sudo yum -y install syslog-ng

How To Uninstall syslog-ng on CentOS 8

To uninstall only the syslog-ng package we can use the following command:

sudo dnf remove syslog-ng

syslog-ng Package Contents on CentOS 8

/etc/syslog-ng
/etc/syslog-ng/conf.d
/etc/syslog-ng/patterndb.d
/etc/syslog-ng/scl.conf
/etc/syslog-ng/syslog-ng.conf
/usr/bin/dqtool
/usr/bin/loggen
/usr/bin/pdbtool
/usr/bin/persist-tool
/usr/bin/update-patterndb
/usr/lib/.build-id
/usr/lib/.build-id/00
/usr/lib/.build-id/00/781237160389d9a5e92692a5c37f48ba270397
/usr/lib/.build-id/02
/usr/lib/.build-id/02/1ac5d65ddb67cd3d524a249fb5d2aff7497be6
/usr/lib/.build-id/02/39012a43ff79fe773ba3349544824e3211bd2c
/usr/lib/.build-id/02/d9aa2ae5e4335d9266e7b6902579c4b6ed1f95
/usr/lib/.build-id/0d
/usr/lib/.build-id/0d/87f0f778a2298396b4193e38b3c6956e05bcaa
/usr/lib/.build-id/0d/cb2a389277258a5210a110724fa348f267b7e7
/usr/lib/.build-id/10
/usr/lib/.build-id/10/3a8c1fc86606bac5e40b62dcf086e4eab480c3
/usr/lib/.build-id/16
/usr/lib/.build-id/16/7c75acff7ac17091e0b62387b3aaa3c67e4e6d
/usr/lib/.build-id/19
/usr/lib/.build-id/19/9fd7146d03acb1e3c64609f890157d5df8cc0a
/usr/lib/.build-id/1b
/usr/lib/.build-id/1b/de402332b8d6e0df68c996d07c71d044eff284
/usr/lib/.build-id/1d
/usr/lib/.build-id/1d/4cf888cf9d63b47e0ff270473f84da6aeb5107
/usr/lib/.build-id/28
/usr/lib/.build-id/28/402e72f7e834bb92874387ed00ea80924ae159
/usr/lib/.build-id/28/89c674a5cca363688dd11ce9dbc76e73324228
/usr/lib/.build-id/33
/usr/lib/.build-id/33/cdc96905a7e5773b488341dcda1ecb4b29ac82
/usr/lib/.build-id/33/e0632f8959cb8c12c0ab7e092b17b289223b4b
/usr/lib/.build-id/43
/usr/lib/.build-id/43/e473014845f9c3cc6d4f6d49ba85a75ceb1fe1
/usr/lib/.build-id/48
/usr/lib/.build-id/48/b24fcf497b4229402ce9c5b630b163f55b1575
/usr/lib/.build-id/53
/usr/lib/.build-id/53/0082ad1a0a93f702d773e99235a6c0dd513eff
/usr/lib/.build-id/61
/usr/lib/.build-id/61/9f1250c663d3b259a5f182d22cec3d1aaed970
/usr/lib/.build-id/64
/usr/lib/.build-id/64/ed15cb56828908cb742adc06a284ecbee920a9
/usr/lib/.build-id/67
/usr/lib/.build-id/67/130b4fe265166f551d2ed8f728463ab35b7967
/usr/lib/.build-id/72
/usr/lib/.build-id/72/0e7f567f5929e83c1a7ad8ccced3de7a5cb2c3
/usr/lib/.build-id/75
/usr/lib/.build-id/75/58bbd20ff3d608342c182c0094c635cfa6ded9
/usr/lib/.build-id/79
/usr/lib/.build-id/79/479c755f5e1d44908e7d0c6f46c05bbf522896
/usr/lib/.build-id/7a
/usr/lib/.build-id/7a/e222985a2a4a884f56cc19ebf96e312262c16e
/usr/lib/.build-id/7d
/usr/lib/.build-id/7d/e2aa4762e3d9546fe43ff037d2f2c87474655b
/usr/lib/.build-id/7e
/usr/lib/.build-id/7e/94decb1e216dbe8f61c9d0c035a900674c422f
/usr/lib/.build-id/86
/usr/lib/.build-id/86/a8805bfceaea89ca3057c65633a21d40dfefe1
/usr/lib/.build-id/87
/usr/lib/.build-id/87/2d920a77b9923fd511d379481a229c55edc720
/usr/lib/.build-id/8d
/usr/lib/.build-id/8d/d94bb01e5a78ea05767dd9818fc0b9de503ea3
/usr/lib/.build-id/90
/usr/lib/.build-id/90/d476905a4045dc76a28eb0ca036152f989807d
/usr/lib/.build-id/93
/usr/lib/.build-id/93/07019b3d967e0ba5a7e6f4739186f459e8487f
/usr/lib/.build-id/93/d6017af9667615b2e14d2e93b061afe12b7f5a
/usr/lib/.build-id/9c
/usr/lib/.build-id/9c/3d0ca2b56d7274737310acb699b852bb719a9c
/usr/lib/.build-id/9d
/usr/lib/.build-id/9d/98c577088a46b4fd48396945256526b2c564b9
/usr/lib/.build-id/a8
/usr/lib/.build-id/a8/5631f5d1b69201a15472c2b737327a622ea3b1
/usr/lib/.build-id/aa
/usr/lib/.build-id/aa/f2163ecb0755b6e31fa55d6b2f1c368296805e
/usr/lib/.build-id/aa/f920f5c3a86743802d1364aece118466c501de
/usr/lib/.build-id/b0
/usr/lib/.build-id/b0/96cbfc724e5d083bc571c59447e6dea8c97b3d
/usr/lib/.build-id/b7
/usr/lib/.build-id/b7/311119335e6ccfa42a2996bb07efcda1d9382c
/usr/lib/.build-id/b7/8c22afe79da7ae9889fdc26ee0bb21beeadc4b
/usr/lib/.build-id/bb
/usr/lib/.build-id/bb/02a03f47eeef974286b573128b4f05254cdaa5
/usr/lib/.build-id/bc
/usr/lib/.build-id/bc/fc18958e41a4293d4dbb22e2f208241ea98f0e
/usr/lib/.build-id/bf
/usr/lib/.build-id/bf/d5245873c3675523cb3dd0fb30844f6529d36b
/usr/lib/.build-id/c1
/usr/lib/.build-id/c1/1b53a5bb08296287fa91b8141b0c0672b14fd1
/usr/lib/.build-id/c3
/usr/lib/.build-id/c3/dd2c338f82cf07403e409bee8da6943e554986
/usr/lib/.build-id/cc
/usr/lib/.build-id/cc/f46b197656f890146c20ad328bd453ba943215
/usr/lib/.build-id/d7
/usr/lib/.build-id/d7/333f814301492717db4f1097300fb5cb90bee6
/usr/lib/.build-id/de
/usr/lib/.build-id/de/629b4f5c749586e1bd6851e60708045b10f438
/usr/lib/.build-id/e8
/usr/lib/.build-id/e8/0502169950314fabcf188c4038a46362cea3f9
/usr/lib/.build-id/ea
/usr/lib/.build-id/ea/9a8535707f1431cc9678a319b68b5dff67baaf
/usr/lib/.build-id/f8
/usr/lib/.build-id/f8/3ce4b6dd40a1274a465330215ff1c7ce17fec5
/usr/lib/.build-id/fc
/usr/lib/.build-id/fc/758c5c804faa43adb15159c9307db3ed719b70
/usr/lib/.build-id/fd
/usr/lib/.build-id/fd/31222ed8b6c7368e96b728232a9fe9d687919e
/usr/lib/systemd/system/syslog-ng.service
/usr/lib64/libevtlog-3.23.so.0
/usr/lib64/libevtlog-3.23.so.0.0.0
/usr/lib64/libloggen_helper-3.23.so.0
/usr/lib64/libloggen_helper-3.23.so.0.0.0
/usr/lib64/libloggen_plugin-3.23.so.0
/usr/lib64/libloggen_plugin-3.23.so.0.0.0
/usr/lib64/libsecret-storage.so.0
/usr/lib64/libsecret-storage.so.0.0.0
/usr/lib64/libsyslog-ng-3.23.so.0
/usr/lib64/libsyslog-ng-3.23.so.0.0.0
/usr/lib64/syslog-ng
/usr/lib64/syslog-ng/libadd-contextual-data.so
/usr/lib64/syslog-ng/libaffile.so
/usr/lib64/syslog-ng/libafprog.so
/usr/lib64/syslog-ng/libafsocket.so
/usr/lib64/syslog-ng/libafstomp.so
/usr/lib64/syslog-ng/libafuser.so
/usr/lib64/syslog-ng/libappmodel.so
/usr/lib64/syslog-ng/libbasicfuncs.so
/usr/lib64/syslog-ng/libcef.so
/usr/lib64/syslog-ng/libconfgen.so
/usr/lib64/syslog-ng/libcryptofuncs.so
/usr/lib64/syslog-ng/libcsvparser.so
/usr/lib64/syslog-ng/libdate.so
/usr/lib64/syslog-ng/libdbparser.so
/usr/lib64/syslog-ng/libdisk-buffer.so
/usr/lib64/syslog-ng/libexamples.so
/usr/lib64/syslog-ng/libgraphite.so
/usr/lib64/syslog-ng/libhook-commands.so
/usr/lib64/syslog-ng/libjson-plugin.so
/usr/lib64/syslog-ng/libkvformat.so
/usr/lib64/syslog-ng/liblinux-kmsg-format.so
/usr/lib64/syslog-ng/libmap-value-pairs.so
/usr/lib64/syslog-ng/libpseudofile.so
/usr/lib64/syslog-ng/libsdjournal.so
/usr/lib64/syslog-ng/libsnmptrapd-parser.so
/usr/lib64/syslog-ng/libstardate.so
/usr/lib64/syslog-ng/libsyslogformat.so
/usr/lib64/syslog-ng/libsystem-source.so
/usr/lib64/syslog-ng/libtags-parser.so
/usr/lib64/syslog-ng/libtfgetent.so
/usr/lib64/syslog-ng/libxml.so
/usr/lib64/syslog-ng/loggen
/usr/lib64/syslog-ng/loggen/libloggen_socket_plugin.so
/usr/lib64/syslog-ng/loggen/libloggen_ssl_plugin.so
/usr/sbin/syslog-ng
/usr/sbin/syslog-ng-ctl
/usr/sbin/syslog-ng-debun
/usr/share/doc/syslog-ng
/usr/share/doc/syslog-ng/AUTHORS
/usr/share/doc/syslog-ng/COPYING
/usr/share/doc/syslog-ng/NEWS.md
/usr/share/doc/syslog-ng/relogger.pl
/usr/share/doc/syslog-ng/syslog-ng.conf.doc
/usr/share/doc/syslog-ng/syslog2ng
/usr/share/man/man1/dqtool.1.gz
/usr/share/man/man1/loggen.1.gz
/usr/share/man/man1/pdbtool.1.gz
/usr/share/man/man1/syslog-ng-ctl.1.gz
/usr/share/man/man1/syslog-ng-debun.1.gz
/usr/share/man/man5/syslog-ng.conf.5.gz
/usr/share/man/man8/syslog-ng.8.gz
/usr/share/syslog-ng
/usr/share/syslog-ng/include
/usr/share/syslog-ng/include/scl
/usr/share/syslog-ng/include/scl/apache
/usr/share/syslog-ng/include/scl/apache/apache.conf
/usr/share/syslog-ng/include/scl/checkpoint
/usr/share/syslog-ng/include/scl/checkpoint/plugin.conf
/usr/share/syslog-ng/include/scl/cim
/usr/share/syslog-ng/include/scl/cim/adapter.conf
/usr/share/syslog-ng/include/scl/cim/template.conf
/usr/share/syslog-ng/include/scl/cisco
/usr/share/syslog-ng/include/scl/cisco/plugin.conf
/usr/share/syslog-ng/include/scl/collectd
/usr/share/syslog-ng/include/scl/collectd/plugin.conf
/usr/share/syslog-ng/include/scl/default-network-drivers
/usr/share/syslog-ng/include/scl/default-network-drivers/plugin.conf
/usr/share/syslog-ng/include/scl/elasticsearch
/usr/share/syslog-ng/include/scl/elasticsearch/elastic-http.conf
/usr/share/syslog-ng/include/scl/elasticsearch/plugin.conf
/usr/share/syslog-ng/include/scl/ewmm
/usr/share/syslog-ng/include/scl/ewmm/ewmm.conf
/usr/share/syslog-ng/include/scl/graphite
/usr/share/syslog-ng/include/scl/graphite/README
/usr/share/syslog-ng/include/scl/graphite/plugin.conf
/usr/share/syslog-ng/include/scl/graylog2
/usr/share/syslog-ng/include/scl/graylog2/plugin.conf
/usr/share/syslog-ng/include/scl/hdfs
/usr/share/syslog-ng/include/scl/hdfs/plugin.conf
/usr/share/syslog-ng/include/scl/iptables
/usr/share/syslog-ng/include/scl/iptables/iptables.conf
/usr/share/syslog-ng/include/scl/junos
/usr/share/syslog-ng/include/scl/junos/plugin.conf
/usr/share/syslog-ng/include/scl/kafka
/usr/share/syslog-ng/include/scl/kafka/plugin.conf
/usr/share/syslog-ng/include/scl/linux-audit
/usr/share/syslog-ng/include/scl/linux-audit/linux-audit.conf
/usr/share/syslog-ng/include/scl/loadbalancer
/usr/share/syslog-ng/include/scl/loadbalancer/gen-loadbalancer.sh
/usr/share/syslog-ng/include/scl/loadbalancer/plugin.conf
/usr/share/syslog-ng/include/scl/loggly
/usr/share/syslog-ng/include/scl/loggly/loggly.conf
/usr/share/syslog-ng/include/scl/logmatic
/usr/share/syslog-ng/include/scl/logmatic/logmatic.conf
/usr/share/syslog-ng/include/scl/mbox
/usr/share/syslog-ng/include/scl/mbox/mbox.conf
/usr/share/syslog-ng/include/scl/netskope
/usr/share/syslog-ng/include/scl/netskope/plugin.conf
/usr/share/syslog-ng/include/scl/nodejs
/usr/share/syslog-ng/include/scl/nodejs/plugin.conf
/usr/share/syslog-ng/include/scl/osquery
/usr/share/syslog-ng/include/scl/osquery/plugin.conf
/usr/share/syslog-ng/include/scl/pacct
/usr/share/syslog-ng/include/scl/pacct/plugin.conf
/usr/share/syslog-ng/include/scl/rewrite
/usr/share/syslog-ng/include/scl/rewrite/cc-mask.conf
/usr/share/syslog-ng/include/scl/slack
/usr/share/syslog-ng/include/scl/slack/slack.conf
/usr/share/syslog-ng/include/scl/snmptrap
/usr/share/syslog-ng/include/scl/snmptrap/snmptrapd-source.conf
/usr/share/syslog-ng/include/scl/solaris
/usr/share/syslog-ng/include/scl/solaris/plugin.conf
/usr/share/syslog-ng/include/scl/sudo
/usr/share/syslog-ng/include/scl/sudo/sudo.conf
/usr/share/syslog-ng/include/scl/syslogconf
/usr/share/syslog-ng/include/scl/syslogconf/README
/usr/share/syslog-ng/include/scl/syslogconf/convert-syslogconf.awk
/usr/share/syslog-ng/include/scl/syslogconf/plugin.conf
/usr/share/syslog-ng/include/scl/system
/usr/share/syslog-ng/include/scl/system/plugin.conf
/usr/share/syslog-ng/include/scl/telegram
/usr/share/syslog-ng/include/scl/telegram/telegram.conf
/usr/share/syslog-ng/include/scl/websense
/usr/share/syslog-ng/include/scl/websense/plugin.conf
/usr/share/syslog-ng/include/scl/windowseventlog
/usr/share/syslog-ng/include/scl/windowseventlog/plugin.conf
/usr/share/syslog-ng/include/scl/windowseventlog/windowseventlog.xml
/usr/share/syslog-ng/syslog-ng.vim
/usr/share/syslog-ng/xsd
/usr/share/syslog-ng/xsd/patterndb-1.xsd
/usr/share/syslog-ng/xsd/patterndb-2.xsd
/usr/share/syslog-ng/xsd/patterndb-3.xsd
/usr/share/syslog-ng/xsd/patterndb-4.xsd
/usr/share/syslog-ng/xsd/patterndb-5.xsd
/usr/share/vim
/usr/share/vim/vim81
/usr/share/vim/vim81/syntax
/usr/share/vim/vim81/syntax/syslog-ng.vim
/var/lib/syslog-ng

References

Summary

In this tutorial we learn how to install syslog-ng on CentOS 8 using yum and dnf.