Syslog-ng 101, part 2: Basic concepts
Welcome to the second part of my syslog-ng tutorial series. In this part, we cover some of the basic concepts behind syslog-ng.
Last time we defined syslog-ng as an enhanced logging daemon with a strong focus on portability and high-performance central log collection.
Let us pull this sentence apart, as all words are here for a reason. The original syslog implementation was pretty simple: it collected log messages from applications and sorted them to various files. Syslog-ng enhanced this with message parsing, advanced filtering and many more log sources and destinations. Daemon means that it is an application normally running continuously in the background. Portability means that syslog-ng runs not just on Linux, but also on various BSD and UNIX systems as well. High performance means that syslog-ng is implemented in C and thus it is fast and resource efficient. Depending on the configuration, even a Raspberry Pi can collect tens of thousands of log messages a second.
You can watch the video on YouTube:
Or you can read the rest of my blog at: https://www.syslog-ng.com/community/b/blog/posts/syslog-ng-101-part-2-basic-concepts
