Linux - ServerThis forum is for the discussion of Linux Software used in a server related context.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I'm new to Syslog/Forwarding/Syslog Server and related stuff,so basically new to Linux as well, well atleast i don't have a lot of experience to UNIX like systems.
Anyways, things i've tried already with the mentioned stuff above:
- setting up azure sentinel/splunk/elk
- setting up kiwi syslog server
- forwarding logs to logz.io
I understand how things work forwarding/listening, didn't do much config stuff so maybe thats why i have the following question:
As far as i understand all above solutions have software based applications/services and when you configure them on a specific win/linux machine they act as a syslog server.
i.e - i have set up kiwi syslog server on windows and it receives messages on udp port 514 from ubuntu machine on the same network.
However, what i want to know is if i can set up one linux machine to listen to syslog messages without installing additional software?
If yes:
1.How?
2.Where does it store the received logs from other machines?
3.What is the capacity of received logs from other machines? Is it depending on the hard drive of the receiving machine?
4.Are there any pros actually or its better/recommended to have 3rd party services installed collecting syslog?
5.Are there Syslog Server appliances or everything is software based/SaaS/PaaS?
If yes:
1.How?
2.Where does it store the received logs from other machines?
3.What is the capacity of received logs from other machines? Is it depending on the hard drive of the receiving machine?
4.Are there any pros actually or its better/recommended to have 3rd party services installed collecting syslog?
5.Are there Syslog Server appliances or everything is software based/SaaS/PaaS?
1. By configuring a remote server in /etc/rsyslog.conf.
2. This is configured in /etc/rsyslog.conf as well.
3. The capacity depends on the capacity of the filesystem(s) where the logs are located.
4. It's mature and open-source. I am sure other log solutions bring their own features and advantages.
5. Appliances are also software-based I have no idea if someone sells a shrink-wrapped syslog server. Business opportunity?
Last edited by berndbausch; 02-23-2021 at 02:46 AM.
what does it mean?
isn't rsyslog enchanced syslog?
which is the 'usual' or 'default' syslog daemon?
now i'm even more confused, haha
syslog is the old original. rsyslog is indeed an enhancement, but it dates from the 1990s (still the same developer, by the way) and can be considered an industry standard now. On Linux systems, you will most likely find rsyslog, perhaps BSDs use something else.
In short, for most purposes you can assume syslog=rsyslog, especially on Linux.
most syslog daemons work the same, in default config they accept logs from local processes and write to the local disk, /var/log/messages for example.
And they can be configured to also send logs somewhere else while at same time also to accept logs from somewhere else.
The logs from other machines follow the same rules as the local ones and go to the same files, for example /var/log/messages again.
A log entry has at least
<date and time> <hostname> <message>
So you can distinguish if this entry is from this machine or from somewhere else.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.