Configure sysklogd to receive remote system logs

Sysklogd download: http://www.infodrom.org/projects/sysklogd/download.php

This article comes from:

Http://wiki.linux.org.hk/w/Setup_sysklogd_to_receive_remote_logging

============================================

Like other syslog servers
Syslogd supports receiving or transmitting system logs using the Syslog protocol.

Directory [Hide] 1. Check usage Sysklogd 2. allows remote logs to be received. 2.1 red Hat system (Fedora/RHEL/centos) December 2.2 Debian System (Debian and UBUNTU) 3 check 4. Other settings 5. See 6 external links

[Edit]

Check whether sysklogd is used

You can use commandsPS ax | grep syslogdCheck System usage
Syslogd of sysklogd:

# Ps ax | grep syslogd2312? SS 0: 00 syslog-M 09042 pts/2 S + 0: 00 grep Syslog

If syslogd is displayed, sysklogd is generally used on GNU/Linux. If you see rsyslogd or syslog-ng, use rsyslog and syslog-ng respectively. For details, see related articles.

[Edit]

Allows remote logs to be received

To syslogd receive logs from other remote systems, add the option when executing syslogd.-R.

[Edit]

Red Hat system (Fedora/RHEL/centos)

Administrators of Fedora 7, RHEL 5, centos 5, or earlier versions can edit the/etc/sysconfig/syslog file.Syslogd_optionsAdd-ROption:

Syslogd_options = "-M 0-R" klogd_options = "-X" syslog_umask = 077

After this is done, restart sysklogd:

Service syslog restart

[Edit]

Debian (Debian and UBUNTU)

Administrators of Debian 4 and Ubuntu 9.04 or earlier versions can edit the file/etc/default/syslogd.SyslogdAdd-ROption:

# Top configuration file for syslogd ### full documentation of possible arguments are found in the manpage # syslogd (8 ). ### for remote UDP logging use syslogd = "-R" # syslogd = "-M 0-R"

After this is done, restart sysklogd:

/Etc/init. d/sysklogd restart

[Edit]

Check

After restarting, you can use the commandNetstat-ntulpCheck whether UDP port 514 Is Enabled:

# Netstat-ntulpactive Internet connections (only servers) proto Recv-Q send-Q local address foreign address State pidtcp 0 0 127.0.0.1: 2208 0.0.0.0: * Listen 2960/hpiodtcp 0 0 127.0.0.1: 631 0.0.0.0: * Listen 2996/cupsdudp 0 0 0.0.0.0: 514 0.0.0.0: * Listen 9107/syslogdudp 0 0 127.0.0.1: 631 0.0.0.0: * Listen 2996/cupsdudp 0 0: 44589 ::: * Listen 3152/avahi-daemon: UDP 0 0 ::: 5353 ::: * Listen 3152/avahi-daemon:

[Edit]

Other settings

Division-RThe following syslogd options also affect remote system logs:

• -H-Syslogd is allowed to send remote system logs to other remote syslog servers.
• -LHost Name List-Only remote system logs from the host name list are recorded. The host names are separated by colons.
• -SDomain Name List-Specify the domain name to be deleted.

[Edit]

See

• Receive remote system logs, including rsyslog and syslog-ng, on other syslog servers.

[Edit]

External links

• Nixcraft:Linux
  Configure netconsole to log messages over UDP Network(Vivek GITE 2008-07-02)
• GNU/Linux manpage:Sysklogd (8)
  -Linux system logging utilities[SuSE] [opensuse]-
  Sysklogd (8) description file of sysklogd In GNU/Linux.
• GNU/Linux manpage:Klogd (8)
  -Kernel log daemon[SuSE] [opensuse]-
  The klogd (8) description file of sysklogd In GNU/Linux.
• GNU/Linux manpage:Syslog. conf (5)
  -Syslogd (5) configuration file[SuSE] [opensuse]-
  Syslog. conf (5) description file of sysklogd In GNU/Linux.