Setting Up A Central Syslog Server:-
how to set up a syslog server for one or more Unix systems, on Fedora Core and Ubuntu/Debian.
Linux systems already have syslog installed.
Configure the Server Computers:-
#service syslog stop
and if it fails again, go for the old-school kill command
#ps axfu | grep syslog
copy the PID (number from second column) from the syslog line and
#kill -9 PID
Open /etc/sysconfig/syslog with your favorite text editor
and Find the line
SYSLOGD_OPTIONS="-m 0"
Replace it with
SYSLOGD_OPTIONS="-rm 0"
Restart the syslog daemon
#service syslog restart
you should see a message similar to “syslog restarted (remote reception) when executing the command
#tail /var/log/messages
you should either find the RC syslog file, edit it and add the “-r” flag to the syslog options or, if you’ve used
the old-school kill command, simply start syslog manually
#syslogd -r
In the final step, you’ll have to make sure the firewall isn’t blocking any incoming packets. Simply run this
iptables command so any rule will be overridden
#iptables -I INPUT -p udp -i eth0 -s 10.10.10.2 -d 10.10.10.1 --dport 514 -j ACCEPT
This rule will ensure that the syslog server (10.10.10.1) will receive UDP packets (containing log events) from the CLIENT (10.10.10.2).
You MUST replace these IP addresses with the correct ones. Also, you will have to re-execute this command for every other client PC you may have (10.10.10.3, 10.10.10.4 etc).
Configure the CLIENT computers:-
The client computers are configured to send any logged event to the syslog server, immediately as the events occur. To do this, edit the file /etc/syslog.conf on every client computer and add this line in the file
*.* @10.10.10.1
Again, replace the example IP address with the syslog server’s correct IP address.
restart the syslog on every client you’ve edited.
#service syslog restart
make sure the client machine is allowed by the firewall to send UDP packets. Again, you can easily override any rule by running the iptables command.
#iptables -I OUTPUT -p udp -i eth0 -s 10.10.10.2 -d 10.10.10.1 --dport 514 -j ACCEPT
This is it. If everything was done correctly, you should start receiving log events to the syslog server. To view them, run.
#tail -f /var/log/messages
Thanks,
Vishal Vyas
how to set up a syslog server for one or more Unix systems, on Fedora Core and Ubuntu/Debian.
Linux systems already have syslog installed.
Configure the Server Computers:-
#service syslog stop
and if it fails again, go for the old-school kill command
#ps axfu | grep syslog
copy the PID (number from second column) from the syslog line and
#kill -9 PID
Open /etc/sysconfig/syslog with your favorite text editor
and Find the line
SYSLOGD_OPTIONS="-m 0"
Replace it with
SYSLOGD_OPTIONS="-rm 0"
Restart the syslog daemon
#service syslog restart
you should see a message similar to “syslog restarted (remote reception) when executing the command
#tail /var/log/messages
you should either find the RC syslog file, edit it and add the “-r” flag to the syslog options or, if you’ve used
the old-school kill command, simply start syslog manually
#syslogd -r
In the final step, you’ll have to make sure the firewall isn’t blocking any incoming packets. Simply run this
iptables command so any rule will be overridden
#iptables -I INPUT -p udp -i eth0 -s 10.10.10.2 -d 10.10.10.1 --dport 514 -j ACCEPT
This rule will ensure that the syslog server (10.10.10.1) will receive UDP packets (containing log events) from the CLIENT (10.10.10.2).
You MUST replace these IP addresses with the correct ones. Also, you will have to re-execute this command for every other client PC you may have (10.10.10.3, 10.10.10.4 etc).
Configure the CLIENT computers:-
The client computers are configured to send any logged event to the syslog server, immediately as the events occur. To do this, edit the file /etc/syslog.conf on every client computer and add this line in the file
*.* @10.10.10.1
Again, replace the example IP address with the syslog server’s correct IP address.
restart the syslog on every client you’ve edited.
#service syslog restart
make sure the client machine is allowed by the firewall to send UDP packets. Again, you can easily override any rule by running the iptables command.
#iptables -I OUTPUT -p udp -i eth0 -s 10.10.10.2 -d 10.10.10.1 --dport 514 -j ACCEPT
This is it. If everything was done correctly, you should start receiving log events to the syslog server. To view them, run.
#tail -f /var/log/messages
Thanks,
Vishal Vyas
0 comments:
Post a Comment