How to Use syslog-ng to collect logs from a remote Linux machine

Source: Internet
Author: User

How to Use syslog-ng to collect logs from a remote Linux machine

If your data centers are all Linux servers, you are the system administrator. One of your tasks is to view the server's log files. However, if you view log files on a large number of machines, You need to log in to the machine one by one to read the log files. If you manage a large number of machines, it will take you a day to work.

In addition, you can configure a separate Linux machine to collect these logs. This will make your daily work more efficient. To achieve this goal, there are many different systems for you to choose from, and syslog-ng is one of them.

The disadvantage of syslog-ng is that documents are not easy to sort out. However, I have solved this problem. I can install and configure syslog-ng immediately in this way. The following two methods will be demonstrated on Ubuntu Server 16.04:

  • The IP address of UBUNTUSERVERVM is 192.168.1.118, Which is configured as the log collector.
  • UBUNTUSERVERVM2 is configured as a client that sends log files to the Collector

Now let's start installation and configuration.

Install

Installation is simple. To make it as easy as possible, I will install it from the standard repository. Open a terminal window and run the following command:

  1. sudo apt install syslog-ng

You must run the above command on both the collector and the client machine. After the installation is complete, you will start to configure.

Configure collectors

Now, we start to configure the log collector. Its configuration file is/etc/syslog-ng/syslog-ng.conf. When syslog-ng is installed, a configuration file is included. We do not use this default configuration file. You can usemv /etc/syslog-ng/syslog-ng.conf /etc/syslog-ng/syslog-ng.conf.BAKRename the default configuration file. Use nowsudo nano /etc/syslog/syslog-ng.confCommand to create a new configuration file. Add the following lines to the file:

  1. @version:3.5
  2. @include"scl.conf"
  3. @include"`scl-root`/system/tty10.conf"
  4. options {
  5. time-reap(30);
  6. mark-freq(10);
  7. keep-hostname(yes);
  8. };
  9. source s_local { system(); internal();};
  10. source s_network {
  11. syslog(transport(tcp) port(514));
  12. };
  13. destination d_local {
  14. file("/var/log/syslog-ng/messages_${HOST}");};
  15. destination d_logs {
  16. file(
  17. "/var/log/syslog-ng/logs.txt"
  18. owner("root")
  19. group("root")
  20. perm(0777)
  21. );};
  22. log { source(s_local); source(s_network); destination(d_logs);};

Note that syslog-ng uses port 514 and you need to ensure that it is accessible on your network.

Save and close the file. The preceding configuration transfers the expected Log Filesystem()Andinternal()Note)/var/log/syslog-ng/logs.txt. Therefore, you need to use the following command to create the required directories and files:

  1. sudomkdir/var/log/syslog-ng
  2. sudotouch/var/log/syslog-ng/logs.txt

Run the following command to start and enable syslog-ng:

  1. sudosystemctl start syslog-ng
  2. sudosystemctl enable syslog-ng
Configure the client

We will do the same on the client (move the default configuration file and create a new configuration file ). Copy the following text to the new client configuration file:

  1. @version:3.5
  2. @include"scl.conf"
  3. @include"`scl-root`/system/tty10.conf"
  4. source s_local { system(); internal();};
  5. destination d_syslog_tcp {
  6. syslog("192.168.1.118" transport("tcp") port(514));};
  7. log { source(s_local);destination(d_syslog_tcp);};

Note: Change the IP address to the IP address of the collector.

Save and close the file. Start and enable syslog-ng in the same way as on the machine configured as the Collector.

 

View log files

Return to the server configured as the Collector and run this command.sudo tail -f /var/log/syslog-ng/logs.txt. You will see the output containing the log entries of the collector and client (figure ).

Figure

Congratulations! Syslog-ng is working properly. You can now log on to your collector to view logs of local machines and remote clients. If your data center has many Linux servers, install syslog-ng on each server and configure them to send logs to the collector as clients, in this way, you do not need to log on to each machine to view their logs.

Via: https://www.techrepublic.com/article/how-to-use-syslog-ng-to-collect-logs-from-remote-linux-machines/

Author: Jack Wallen Translator: qhwdw Proofreader: wxy

This article was originally compiled by LCTT and launched with the honor of Linux in China

This article permanently updates link: https://www.bkjia.com/Linux/2018-03/151380.htm

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.