How to Use syslog-ng to collect logs from a remote Linux machine
If your data centers are all Linux servers, you are the system administrator. One of your tasks is to view the server's log files. However, if you view log files on a large number of machines, You need to log in to the machine one by one to read the log files. If you manage a large number of machines, it will take you a day to work.
In addition, you can configure a separate Linux machine to collect these logs. This will make your daily work more efficient. To achieve this goal, there are many different systems for you to choose from, and syslog-ng is one of them.
The disadvantage of syslog-ng is that documents are not easy to sort out. However, I have solved this problem. I can install and configure syslog-ng immediately in this way. The following two methods will be demonstrated on Ubuntu Server 16.04:
- The IP address of UBUNTUSERVERVM is 192.168.1.118, Which is configured as the log collector.
- UBUNTUSERVERVM2 is configured as a client that sends log files to the Collector
Now let's start installation and configuration.
Install
Installation is simple. To make it as easy as possible, I will install it from the standard repository. Open a terminal window and run the following command:
sudo apt install syslog-ng
You must run the above command on both the collector and the client machine. After the installation is complete, you will start to configure.
Configure collectors
Now, we start to configure the log collector. Its configuration file is/etc/syslog-ng/syslog-ng.conf
. When syslog-ng is installed, a configuration file is included. We do not use this default configuration file. You can usemv /etc/syslog-ng/syslog-ng.conf /etc/syslog-ng/syslog-ng.conf.BAK
Rename the default configuration file. Use nowsudo nano /etc/syslog/syslog-ng.conf
Command to create a new configuration file. Add the following lines to the file:
@version:3.5
@include"scl.conf"
@include"`scl-root`/system/tty10.conf"
options {
time-reap(30);
mark-freq(10);
keep-hostname(yes);
};
source s_local { system(); internal();};
source s_network {
syslog(transport(tcp) port(514));
};
destination d_local {
file("/var/log/syslog-ng/messages_${HOST}");};
destination d_logs {
file(
"/var/log/syslog-ng/logs.txt"
owner("root")
group("root")
perm(0777)
);};
log { source(s_local); source(s_network); destination(d_logs);};
Note that syslog-ng uses port 514 and you need to ensure that it is accessible on your network.
Save and close the file. The preceding configuration transfers the expected Log Filesystem()
Andinternal()
Note)/var/log/syslog-ng/logs.txt
. Therefore, you need to use the following command to create the required directories and files:
sudomkdir/var/log/syslog-ng
sudotouch/var/log/syslog-ng/logs.txt
Run the following command to start and enable syslog-ng:
sudosystemctl start syslog-ng
sudosystemctl enable syslog-ng
Configure the client
We will do the same on the client (move the default configuration file and create a new configuration file ). Copy the following text to the new client configuration file:
@version:3.5
@include"scl.conf"
@include"`scl-root`/system/tty10.conf"
source s_local { system(); internal();};
destination d_syslog_tcp {
syslog("192.168.1.118" transport("tcp") port(514));};
log { source(s_local);destination(d_syslog_tcp);};
Note: Change the IP address to the IP address of the collector.
Save and close the file. Start and enable syslog-ng in the same way as on the machine configured as the Collector.
View log files
Return to the server configured as the Collector and run this command.sudo tail -f /var/log/syslog-ng/logs.txt
. You will see the output containing the log entries of the collector and client (figure ).
Figure
Congratulations! Syslog-ng is working properly. You can now log on to your collector to view logs of local machines and remote clients. If your data center has many Linux servers, install syslog-ng on each server and configure them to send logs to the collector as clients, in this way, you do not need to log on to each machine to view their logs.
Via: https://www.techrepublic.com/article/how-to-use-syslog-ng-to-collect-logs-from-remote-linux-machines/
Author: Jack Wallen Translator: qhwdw Proofreader: wxy
This article was originally compiled by LCTT and launched with the honor of Linux in China
This article permanently updates link: https://www.bkjia.com/Linux/2018-03/151380.htm