[nzlug] Syslog to remote log server
Cliff Pratt
enkidu at cliffp.com
Mon Jan 1 13:36:20 NZDT 2007
Clark Mills wrote:
> yuri wrote:
> > > In another thread someone mentioned logging to a remote log server via
>> syslog.
> ...
> ==================================================================
> For the logging server:
>
> From man syslogd:
> -r This option will enable the facility to receive
> message from the network using an internet domain
> socket with the syslog service (see services(5)).
> The default is to not receive any messages from the
> network.
>
> For RedHat:
> vi /etc/sysconfig/syslog
> SYSLOGD_OPTIONS="-m 0 -r"
> service syslog restart
>
> or edit your relevant rc file.
>
> Poke a hole in your firewall as required.
> ==================================================================
> For a "normal" server sending syslog copies to the logger:
>
> vi /etc/syslog.conf
> authpriv.* /var/log/secure
> authpriv.* @10.0.0.250
>
> Poke a hole in your firewall as required.
>
> and restart / kill -HUP the syslog daemon.
> ==================================================================
>
> IMHO a separate logger is recommended for business use. It's also handy
> for that server that dies and can't write/log to it's disks for some
> reason. I have 15 odd linux boxes and 7 windows servers logging to a
> dedicated syslog server. There is an open source windows event log to
> syslog plugin that you can install on Windows that allows your Windows
> boxes to play the syslog game. I have nearly 4 years of logs online,
> you'll want a big disk, need not be fast.
>
For the firewall holes, I believe that syslog is port 514 *UDP*.
Cheers,
Cliff
More information about the NZLUG
mailing list