Thursday, July 16, 2015

RHEL6 Log syslog set up

syslog is a used for message logging. It allow to save, redirect the system generated message save locally or on remote system. Later, we can analyzer the log to find the cause of the alert. By default it runs on port 514 UDP.

Syslog is set up by category.priority (e.g. mail, cron, authentication, etc)
Config file: /etc/rsyslog.conf
Default port: 514
# grep 514 /etc/services



Lets say our log server is

To log authentication (all priorities) to the log server:
authpriv.* @

To log all emergency (all facilities) to the same log server
*.emerg @

To log every thing (all facilities/priorities)
*.* @

Note: By default the port is UDP. If you want to set up to listen on both UDP/TCP socket, use @ for UDP and @@ for TCP
@ = UDP
@@ = TCP

same above example can be done,
authpriv.* @@
*.emerg @@
*.* @@

Once you make change, restart the service
# service rsyslog restart

To verify it works, run following command below and check on your remote server.
# logger -p category.priority "Testing remote logging"
# logger -p user.emerg "Testing logger on remote server"

On remote server, on the location where log is dumped, tail the file
# tail -f messages
Jul 16 12:10:05 hostname  userid: [ID 152207 user.emerg] Testing logger on remote server

No comments:

Post a Comment