I need help getting syslog to log remotely, this is just the regular syslog.
I need help getting syslog to log remotely, this is just the regular syslog.
on the local server, in syslogd.conf I have authpriv.* @xx.xx.xx.xx Where xx.xx.xx.xx is the IP of the remote syslog server And on the remote syslog server, I started syslog with syslogd -r But its not logging anything. #1. Where does it put the logs? would authpriv goto /var/log/secure? #2. how come the local server is not sending anything? I even ran # tcpdump dst xx.xx.xx.xx on the local server and no traffic is going to the remote syslog server. TIA! |
hi
To configure the machine as a centralised syslog server and to accept log messages from remote machines, edit the /etc/sysconfig/syslog file and include -r option in SYSLOGD_OPTIONS variable as shown below: # Options to syslogd # -m 0 disables 'MARK' messages. # -r enables logging from remote machines # -x disables DNS lookups on messages recieved with -r # See syslogd(8) for more details SYSLOGD_OPTIONS="-m 0 -r" # Options to klogd # -2 prints all kernel oops messages twice; once for klogd to decode, and # once for processing with 'ksymoops' # -x disables all klogd processing of oops messages entirely # See klogd(8) for more details KLOGD_OPTIONS="-x" Once this is done, restart the syslog service. #service syslog restart Configuring the Client Machine Edit the /etc/syslog.conf file to make the syslog messages send to the new loghost. Append these lines to the file: *.debug @loghost *.debug /var/log/messages Note: loghost is the hostname of the centralised syslog server. Once this is done, restart the syslog service. #service syslog restart It will now send all debug messages to the remote loghost. |
Thanks! That worked.
Now I will see if I can get that to work with rsyslog. |
All times are GMT -5. The time now is 09:16 AM. |