[Novalug] SysLogging should be easy right?

Jeremy Hoel jthoel at gmail.com
Fri Mar 23 13:54:12 EDT 2012 

rsyslog is what comes with Cent6.  It's great.  In the
/etc/rsyslogd.conf there is some commented out lines that you need to
enable to allow rsyslog to receive log files.

# Provides UDP syslog reception
#$ModLoad imudp.so
#$UDPServerRun 514

# Provides TCP syslog reception
#$ModLoad imtcp.so
#$InputTCPServerRun 514

un comment the bottom of either of the two to do UDP or TCP log collection.

Then you need to add a rule to to send those logs somewhere (so they
don't go to the normal /var/log/messages place).

Add the following things to conf, above the ###rules### section

$template remoteLogs,"/var/logs/%HOSTNAME%-%$YEAR%%$MONTH%%$DAY%"

$umask 0000
$DirGroup wheel
$DirCreateMode 0740
$FileCreateMode 0640
$FileGroup wheel

:fromhost-ip, isequal, "<remote server ip>" ?remoteLogs
&~


This will send the logs to /var/log/hostname-date  And then the '&~'
tells rysoslog to stop processing those logs, so they don't go to
/var/log/messages-mail-etc.


IF you need more help, let me know.




On Fri, Mar 23, 2012 at 5:46 PM, daniel <daniel at yacg.com> wrote:
> Forgive my density, but I don't see syslogd as available.  There is
> 'rsyslogd' and 'syslogd-ng' available in CentOS 6.x.  Which would be
> most similar to the information you have referenced?  Should I seek an
> alternative repository to acquire syslogd?
>
>
> On 03/23/2012 12:52 PM, Fredrik Nyman wrote:
>> And the next thing is to look at the logger manpage.  logger is your
>> very best friend ever when troubleshooting syslog.
>>
>> On Fri, Mar 23, 2012 at 12:43 PM, Don E. Groves, Jr.
>> <dgrovesjr at gmail.com>  wrote:
>>> See the man pages. The first you should look at is 'man syslogd' and the
>>> network enabling switches  '-r -l 192.168.26.10'
>>>
>>> Also check out:
>>>
>>>   http://lonesysadmin.net/2011/01/13/how-to-configure-remote-syslogd-on-red-hatcentos-5/
>>>     seems to be fairly complete from my experience in the past of enabling
>>> this feature.
>>>
>>> -- Don Jr
>>>
>>>
>>> On Fri, Mar 23, 2012 at 12:25 PM, daniel<daniel at yacg.com>  wrote:
>>>> The concept is pretty straight forward.  You set up the process and the
>>>> firewalls (if any) and the next thing you know, there are logs coming in
>>>> from external devices to the server you set up right?
>>>>
>>>> Well, obviously not easy.  Worse, I'm not finding any useful howto
>>>> guides.  Anyone know of any?
>>>>
>>>> Platform is CentOS 6.x.  All I want to do is catch incoming log messages
>>>> from a device on the network 192.168.26.10.  Not totally concerned about
>>>> security though a little of that would be nice.  The device doesn't know
>>>> how to do encryption though.
>>>>
>>>> Anyone know of a good how-to or could offer one?
>>>
>>> --
>>> --
>>> Don E. Groves, Jr.
>>>
>>> Tag it's your turn now... ... ....
>>>
>>> _______________________________________________
>>> Novalug mailing list
>>> Novalug at calypso.tux.org
>>> http://calypso.tux.org/mailman/listinfo/novalug
>>>
>
> _______________________________________________
> Novalug mailing list
> Novalug at calypso.tux.org
> http://calypso.tux.org/mailman/listinfo/novalug

More information about the Novalug mailing list