[nzlug] Syslog to remote log server
Clark Mills
c.mills at auckland.ac.nz
Mon Jan 1 11:51:46 NZDT 2007
yuri wrote:
> > In another thread someone mentioned logging to a remote log server via
> syslog.
...
==================================================================
For the logging server:
From man syslogd:
-r This option will enable the facility to receive
message from the network using an internet domain
socket with the syslog service (see services(5)).
The default is to not receive any messages from the
network.
For RedHat:
vi /etc/sysconfig/syslog
SYSLOGD_OPTIONS="-m 0 -r"
service syslog restart
or edit your relevant rc file.
Poke a hole in your firewall as required.
==================================================================
For a "normal" server sending syslog copies to the logger:
vi /etc/syslog.conf
authpriv.* /var/log/secure
authpriv.* @10.0.0.250
Poke a hole in your firewall as required.
and restart / kill -HUP the syslog daemon.
==================================================================
IMHO a separate logger is recommended for business use. It's also handy for
that server that dies and can't write/log to it's disks for some reason. I have
15 odd linux boxes and 7 windows servers logging to a dedicated syslog server.
There is an open source windows event log to syslog plugin that you can install
on Windows that allows your Windows boxes to play the syslog game. I have
nearly 4 years of logs online, you'll want a big disk, need not be fast.
Cheers... Clark
More information about the NZLUG
mailing list