setup and use syslog-ng for remote logging

centralizing syslogs in one place is usefull!
my goal was to set up a central server for remote logging of managed switches
There is a usefull tool: syslog-ng
you install it with

apt-get install syslog-ng

or directly

apt-get install syslog-ng-core

if you use

apt-cache search syslog-ng

you can see what plugins exist, like a SQL version

syslog-ng - Enhanced system logging daemon (metapackage)
lwatch - Simple log colorizer
syslog-ng-core - Enhanced system logging daemon (core)
syslog-ng-dbg - Enhanced system logging daemon (debug symbols)
syslog-ng-dev - Enhanced system logging daemon (development files)
syslog-ng-mod-amqp - Enhanced system logging daemon (AMQP plugin)
syslog-ng-mod-basicfuncs-plus - Enhanced system logging daemon (extra template functions)
syslog-ng-mod-geoip - Enhanced system logging daemon (GeoIP plugin)
syslog-ng-mod-json - Enhanced system logging daemon (JSON plugin)
syslog-ng-mod-mongodb - Enhanced system logging daemon (MongoDB plugin)
syslog-ng-mod-redis - Enhanced system logging daemon (Redis plugin)
syslog-ng-mod-riemann - Enhanced system logging daemon (Riemann destination)
syslog-ng-mod-rss - Enhanced system logging daemon (RSS destination)
syslog-ng-mod-smtp - Enhanced system logging daemon (SMTP plugin)
syslog-ng-mod-sql - Enhanced system logging daemon (SQL plugin)
syslog-ng-mod-stomp - Enhanced system logging daemon (STOMP plugin)
syslog-ng-mod-trigger - Enhanced system logging daemon (trigger source)

using it is quite simple
you need to set it up in the config file.My goal was to get external syslogs from the default syslog Port 514 [See Port List]

Further Information on setting up other portshttps://www.balabit.com/sites/default/files/documents/syslog-ng-ose-latest-guides/en/syslog-ng-ose-guide-admin/html/sources.html

 The config file is usually located at:

/etc/syslog-ng/syslog-ng.conf

I added the following lines:
to get the data from the port you want to useuse here your external host ip instead of the 127.0.0.1

source s_extsyslog { network(ip(127.0.0.1) port(514) transport("udp")); };

the logfile is defined here

destination d_extsyslog { file("/var/log/extsyslog.log"); };

here is defined what shall happen – s_extlog > d_extlog

log { source(s_extsyslog); destination(d_extsyslog); };