Hello list, I am learning how to get a syslog server with syslog-ng.

I started working on a IT department and I have more than 50 servers, we actually has rsyslog on the client side and syslog-ng on the syslog server.

I want to change the client side rsyslog to configure it with syslog-ng. On the server side I read lot of documentation and I know how to configure it (source, destination and filter).

I want to get  this logs on the client side and send to the syslog server on a TCP+SSL:

/var/log/auth.log

/var/log/daemon.log

/var/log/dmesg

/var/log/messages

/var/log/syslog

I want to get on the server side something like this:

/var/log/extern/host1/auth.log

/var/log/extern/host1/ daemon.log

/var/log/extern/host1/ dmesg

/var/log/extern/host1/ messages

/var/log/extern/host1/ syslog

/var/log/extern/host2/auth.log

/var/log/extern/host2/ daemon.log

/var/log/extern/host2/ dmesg

/var/log/extern/host2/ messages

/var/log/extern/host2/ syslog

…

/var/log/extern/hostn/auth.log

/var/log/extern/hostn/ daemon.log

/var/log/extern/hostn/ dmesg

/var/log/extern/hostn/ messages

/var/log/extern/hostn/ syslog

On the past post you help me and I have how to get It on the server side for the TCP+SSL:

source s_tcptls {

  tcp (ip("10.200.42.1")

        port(10514)

        tls(

          peer-verify(require-trusted)

          ca_dir("/etc/syslog-ng/certs/")

          key_file("/etc/syslog-ng/certs/server.key")

          cert_file("/etc/syslog-ng/certs/server.crt")

        )

   );

};

I have some questions:

1.       Must I uninstall rsyslog before install syslog-ng?

2.       How can I configure the client side to send my logs to the server and to save on the local /var/log/?

3.       Is there any client limit on syslog-ng?

I will try to read and learn as much as I can, I will appreciate your help.

Thanks for your job and best regards.