syslog is a used for message logging. It allow to save, redirect the system generated message save locally or on remote system. Later, we can analyzer the log to find the cause of the alert. By default it runs on port 514 UDP.
Syslog is set up by category.priority (e.g. mail, cron, authentication, etc)
Config file: /etc/rsyslog.conf
Default port: 514
# grep 514 /etc/services
Facilities:
auth,authpriv,cron,daemon,kern,lpr,mail,mark,news,syslog,user,uucp,local0,local1,local2,local3,local4,local5,local6,local7
Priorities:
debug,info,notice,warning,err,crit,alert,emerg
Lets say our log server is 192.168.10.110
To log authentication (all priorities) to the log server:
authpriv.* @192.168.10.10:514
To log all emergency (all facilities) to the same log server
*.emerg @192.168.10.110:514
To log every thing (all facilities/priorities)
*.* @192.168.10.110:514
Note: By default the port is UDP. If you want to set up to listen on both UDP/TCP socket, use @ for UDP and @@ for TCP
@ = UDP
@@ = TCP
same above example can be done,
authpriv.* @@192.168.10.10:514
*.emerg @@192.168.10.110:514
*.* @@192.168.10.110:514
Once you make change, restart the service
# service rsyslog restart
To verify it works, run following command below and check on your remote server.
# logger -p category.priority "Testing remote logging"
# logger -p user.emerg "Testing logger on remote server"
On remote server, on the location where log is dumped, tail the file
# tail -f messages
Jul 16 12:10:05 hostname userid: [ID 152207 user.emerg] Testing logger on remote server
Syslog is set up by category.priority (e.g. mail, cron, authentication, etc)
Config file: /etc/rsyslog.conf
Default port: 514
# grep 514 /etc/services
Facilities:
auth,authpriv,cron,daemon,kern,lpr,mail,mark,news,syslog,user,uucp,local0,local1,local2,local3,local4,local5,local6,local7
Priorities:
debug,info,notice,warning,err,crit,alert,emerg
Lets say our log server is 192.168.10.110
To log authentication (all priorities) to the log server:
authpriv.* @192.168.10.10:514
To log all emergency (all facilities) to the same log server
*.emerg @192.168.10.110:514
To log every thing (all facilities/priorities)
*.* @192.168.10.110:514
Note: By default the port is UDP. If you want to set up to listen on both UDP/TCP socket, use @ for UDP and @@ for TCP
@ = UDP
@@ = TCP
same above example can be done,
authpriv.* @@192.168.10.10:514
*.emerg @@192.168.10.110:514
*.* @@192.168.10.110:514
Once you make change, restart the service
# service rsyslog restart
To verify it works, run following command below and check on your remote server.
# logger -p category.priority "Testing remote logging"
# logger -p user.emerg "Testing logger on remote server"
On remote server, on the location where log is dumped, tail the file
# tail -f messages
Jul 16 12:10:05 hostname userid: [ID 152207 user.emerg] Testing logger on remote server
No comments:
Post a Comment