This chapter describes an installation of the syslog-ng as a probe for a service.


On a target system (e.g. Linux server) we will need:

An Internet connectivity

  • Outbound network connectivity to a host port TCP/5477. The connection uses protocol AMQP over TLS1.2. You can check it by e.g. nc -v 5477.
  • Working network connection to your OS distribution package management server(s). It means working yum on CentOS respective apt to Ubuntu.

An administration access to a target system

  • You need an OS-level user with sudo ability or root account directly.
  • The installation is done in the UNIX shell, so SSH or direct access to server console is required.

An installation directory

  • The probe is installed into /opt/ folder.
  • Required disk space is 20 Megabytes.

Credentials for

  • In order to connect a probe to central infrastructure, you need to provide virtual host, user name and password for every target server. Please contact our support or sales team if you don’t have one.

Installation steps

  1. Download the syslog-ng binary distribution package

Ubuntu 14.04


Ubuntu 18.04


CentOS 7


Debian8 / ARM6


  1. Create destination directory

sudo mkdir -p /opt/

  1. Unpack the binary distribution package

sudo tar xzf logman.io_syslog-ng_ubuntu1404_x86-64_3.14.1.tar.gz -C /opt/

  1. Prepare a configuration folder

sudo mkdir -p /opt/

sudo mkdir -p /opt/

sudo wget -O /opt/

sudo wget -O /opt/

  1. Finish a configuration

sudo vi /opt/

Enter a virtual host instead of <PROVIDE VIRTUAL HOST> place holder.

Enter a user name instead of <PROVIDE USER NAME> place holder.

Enter a password instead of <PROVIDE PASSWORD> place holder.

And when save it and leave vi evitor with :wq.

  1. Uninstall a system syslog

Use ps ax | grep syslog to determine what syslog is running on the target machine.

Ubuntu with rsyslog

sudo apt-get remove rsyslog

  1. Ubuntu with syslog-ng

sudo apt-get remove syslog-ng

  1. Configure system to start syslog-ng

Check respective init script below.

The syslog-ng service is started by sudo service logman-io-syslog-ng start

  1. Reboot the server (optionally)

sudo reboot

Init script for systemd

sudo vi /etc/systemd/system/logman-io-syslog-ng.service

Systemd init script:

[Unit] Syslog-ng

ExecStart=/opt/ -F -f /opt/


Let systemd know that there is a new service.

sudo systemctl enable logman-io-syslog-ng

Init script for upstart (Ubuntu up to 14.04)

sudo vi /etc/init/logman-io-syslog-ng.conf

Upstart init script:

description " Syslog-ng"

start on runlevel [2345]
stop on runlevel [!2345]


exec /opt/ -F -f /opt/

Compile syslog-ng from sources (optional)

If you need to compile a syslog-ng from sources instead of using a provided binary distribution, here is a description a compilation process.

The syslog-ng will be compiled and installed into /opt/ directory.


sudo apt-get install gcc make pkg-config libglib2.0-dev libssl-dev libjson-c-dev flex bison
tar xzvf syslog-ng-3.14.1.tar.gz
./configure --prefix=/opt/ --enable-json=yes --enable-pacct=yes --enable-mongodb=no --enable-amqp=yes
sudo rm -rf /opt/
sudo make install
cd /opt/
tar cvf logman.io_syslog-ng_ubuntu1404_x86-64_3.14.1.tar.gz syslog-ng

CentOS, Red Hat, Fedora

sudo yum install gcc make pcre-devel glib2-devel openssl-devel json-c-devel
tar xzvf syslog-ng-3.14.1.tar.gz
./configure --prefix=/opt/ --enable-json=yes --enable-pacct=yes
sudo rm -rf /opt/
sudo make install