1 00:00:00,05 --> 00:00:03,07 - [Instructor] Syslog-ng is a log server 2 00:00:03,07 --> 00:00:07,02 and can also be used to forward logs. 3 00:00:07,02 --> 00:00:11,09 Syslog is a predecessor of syslog-ng. 4 00:00:11,09 --> 00:00:17,06 Ng and syslog-ng stands for next generation. 5 00:00:17,06 --> 00:00:22,05 To live up to its name, syslog-ng must be better and faster 6 00:00:22,05 --> 00:00:24,08 than syslog 7 00:00:24,08 --> 00:00:28,00 What does syslog-ng do? 8 00:00:28,00 --> 00:00:33,03 First of all, it collects logs from various sources. 9 00:00:33,03 --> 00:00:37,03 It forwards the logs do another log management system 10 00:00:37,03 --> 00:00:39,08 or a database. 11 00:00:39,08 --> 00:00:44,05 One of syslog-ng's essential features is filtering. 12 00:00:44,05 --> 00:00:46,09 Without it, the number of logs 13 00:00:46,09 --> 00:00:50,08 will be too overwhelming to manage. 14 00:00:50,08 --> 00:00:54,04 You want to be able to pick and choose the log items 15 00:00:54,04 --> 00:00:57,06 relevant to your security goals. 16 00:00:57,06 --> 00:00:59,08 Filtering is based on the criteria 17 00:00:59,08 --> 00:01:04,00 such as facility and log levels. 18 00:01:04,00 --> 00:01:06,06 Facility refers to the process 19 00:01:06,06 --> 00:01:10,02 that generated a log message on a host. 20 00:01:10,02 --> 00:01:13,09 Each facility has a unique ID. 21 00:01:13,09 --> 00:01:16,03 The facility code for log messages 22 00:01:16,03 --> 00:01:20,08 originating from a mail system process is two 23 00:01:20,08 --> 00:01:24,04 while the code for those created by 24 00:01:24,04 --> 00:01:28,01 an access control process is four. 25 00:01:28,01 --> 00:01:31,04 Therefore you can filter the log messages 26 00:01:31,04 --> 00:01:35,06 according to their facility identifiers. 27 00:01:35,06 --> 00:01:41,00 The log levels represent the severity of the log messages. 28 00:01:41,00 --> 00:01:43,03 The highest level is zero 29 00:01:43,03 --> 00:01:47,06 indicating that the system is unusable. 30 00:01:47,06 --> 00:01:52,07 The lowest level is seven, which is for debugging. 31 00:01:52,07 --> 00:01:56,07 The levels in between are alert, 32 00:01:56,07 --> 00:02:00,05 critical, error, warning, 33 00:02:00,05 --> 00:02:04,02 notice, and informational. 34 00:02:04,02 --> 00:02:07,08 The severity is in the descending order. 35 00:02:07,08 --> 00:02:11,09 Another vital syslog-ng feature 36 00:02:11,09 --> 00:02:16,08 is processing that manipulates the collected logs. 37 00:02:16,08 --> 00:02:20,02 With syslog-ng you should be able to address 38 00:02:20,02 --> 00:02:23,00 most of your logging needs.