I need help getting syslog to log remotely, this is just the regular syslog.

on the local server, in syslogd.conf I have
authpriv.* @xx.xx.xx.xx

Where xx.xx.xx.xx is the IP of the remote syslog server

And on the remote syslog server, I started syslog with syslogd -r

But its not logging anything.

#1. Where does it put the logs? would authpriv goto /var/log/secure?

#2. how come the local server is not sending anything? I even ran
# tcpdump dst xx.xx.xx.xx
on the local server and no traffic is going to the remote syslog server.

TIA!

hi

To configure the machine as a centralised syslog server and to accept log messages from remote machines,
edit the /etc/sysconfig/syslog file and include -r option in SYSLOGD_OPTIONS variable as shown below:

# Options to syslogd
# -m 0 disables 'MARK' messages.
# -r enables logging from remote machines
# -x disables DNS lookups on messages recieved with -r
# See syslogd(8) for more details
SYSLOGD_OPTIONS="-m 0 -r"
# Options to klogd
# -2 prints all kernel oops messages twice; once for klogd to decode, and
# once for processing with 'ksymoops'
# -x disables all klogd processing of oops messages entirely
# See klogd(8) for more details
KLOGD_OPTIONS="-x"

Once this is done, restart the syslog service.
#service syslog restart

Configuring the Client Machine
Edit the /etc/syslog.conf file to make the syslog messages send to the new loghost. Append these lines to the file:

*.debug @loghost
*.debug /var/log/messages

Note: loghost is the hostname of the centralised syslog server.
Once this is done, restart the syslog service.

#service syslog restart

It will now send all debug messages to the remote loghost.

Thanks! That worked.

Now I will see if I can get that to work with rsyslog.