Home > Developer > Linux

How to Use syslog-ng to collect logs from a remote Linux machine

Source: Internet
Author: User
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >

How to Use syslog-ng to collect logs from a remote Linux machine

If your data centers are all Linux servers, you are the system administrator. One of your tasks is to view the server's log files. However, if you view log files on a large number of machines, You need to log in to the machine one by one to read the log files. If you manage a large number of machines, it will take you a day to work.

In addition, you can configure a separate Linux machine to collect these logs. This will make your daily work more efficient. To achieve this goal, there are many different systems for you to choose from, and syslog-ng is one of them.

The disadvantage of syslog-ng is that documents are not easy to sort out. However, I have solved this problem. I can install and configure syslog-ng immediately in this way. The following two methods will be demonstrated on Ubuntu Server 16.04:

  • The IP address of UBUNTUSERVERVM is 192.168.1.118, Which is configured as the log collector.
  • UBUNTUSERVERVM2 is configured as a client that sends log files to the Collector

Now let's start installation and configuration.

Install

Installation is simple. To make it as easy as possible, I will install it from the standard repository. Open a terminal window and run the following command:

  1. sudo apt install syslog-ng

You must run the above command on both the collector and the client machine. After the installation is complete, you will start to configure.

Configure collectors

Now, we start to configure the log collector. Its configuration file is/etc/syslog-ng/syslog-ng.conf. When syslog-ng is installed, a configuration file is included. We do not use this default configuration file. You can usemv /etc/syslog-ng/syslog-ng.conf /etc/syslog-ng/syslog-ng.conf.BAKRename the default configuration file. Use nowsudo nano /etc/syslog/syslog-ng.confCommand to create a new configuration file. Add the following lines to the file:

  1. @version:3.5
  2. @include"scl.conf"
  3. @include"`scl-root`/system/tty10.conf"
  4. options {
  5. time-reap(30);
  6. mark-freq(10);
  7. keep-hostname(yes);
  8. };
  9. source s_local { system(); internal();};
  10. source s_network {
  11. syslog(transport(tcp) port(514));
  12. };
  13. destination d_local {
  14. file("/var/log/syslog-ng/messages_${HOST}");};
  15. destination d_logs {
  16. file(
  17. "/var/log/syslog-ng/logs.txt"
  18. owner("root")
  19. group("root")
  20. perm(0777)
  21. );};
  22. log { source(s_local); source(s_network); destination(d_logs);};

Note that syslog-ng uses port 514 and you need to ensure that it is accessible on your network.

Save and close the file. The preceding configuration transfers the expected Log Filesystem()Andinternal()Note)/var/log/syslog-ng/logs.txt. Therefore, you need to use the following command to create the required directories and files:

  1. sudomkdir/var/log/syslog-ng
  2. sudotouch/var/log/syslog-ng/logs.txt

Run the following command to start and enable syslog-ng:

  1. sudosystemctl start syslog-ng
  2. sudosystemctl enable syslog-ng
Configure the client

We will do the same on the client (move the default configuration file and create a new configuration file ). Copy the following text to the new client configuration file:

  1. @version:3.5
  2. @include"scl.conf"
  3. @include"`scl-root`/system/tty10.conf"
  4. source s_local { system(); internal();};
  5. destination d_syslog_tcp {
  6. syslog("192.168.1.118" transport("tcp") port(514));};
  7. log { source(s_local);destination(d_syslog_tcp);};

Note: Change the IP address to the IP address of the collector.

Save and close the file. Start and enable syslog-ng in the same way as on the machine configured as the Collector.

 

View log files

Return to the server configured as the Collector and run this command.sudo tail -f /var/log/syslog-ng/logs.txt. You will see the output containing the log entries of the collector and client (figure ).

Figure

Congratulations! Syslog-ng is working properly. You can now log on to your collector to view logs of local machines and remote clients. If your data center has many Linux servers, install syslog-ng on each server and configure them to send logs to the collector as clients, in this way, you do not need to log on to each machine to view their logs.

Via: https://www.techrepublic.com/article/how-to-use-syslog-ng-to-collect-logs-from-remote-linux-machines/

Author: Jack Wallen Translator: qhwdw Proofreader: wxy

This article was originally compiled by LCTT and launched with the honor of Linux in China

This article permanently updates link: https://www.bkjia.com/Linux/2018-03/151380.htm

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Related Keywords:
how to use syslog how to view logs in linux how to check error logs in linux how to check logs in linux how to check ssh logs in linux how to check sudo logs in linux how to read logs in linux
Related Article
Linux Kernel Coding Style
Linux error--->export ' = ' not a valid identifier for gen...

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

What's Trending
Top 10 Tags
datastax versions naming convention zookeeper client class definition md5 microsoft sql server 2005 data structures exception handling error handling
Top 10 Keywords
microsoft download center down wordpress address url site address url wordpress address url windows installer 4 0 download 302 not found web address url definition site address url wordpress db2 integer mac os installation step by step pdf abbreviation for return

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More