Saturday, October 13, 2012

Linux syslog Server Configuration Tutorial

Step by Step for configuring linux syslog server:


SYSLOG:
 Syslog is a utility for tracking and logging all manner of system messages from the merely informational to the extremely critical. Each system message sent to the syslog server has two descriptive labels associated with it that makes the message easier to handle.
You can configure syslog's /etc/rsyslog.conf configuration file to place messages of differing severities and facilities in different files.
/etc/syslog.conf:

The files to which syslog writes each type of message received is set in the /etc/rsyslog.confconfiguration file. In older versions of Fedora this file was named /etc/syslog.conf.

The syslogd daemon manages all the logs on your system and coordinates with any of the logging operations of other systems on your network. Configuration information for syslogd is held in the /etc/syslog.conf file, which contains the names and locations for your system log files.

By Default system accept the logs only generated from local host. In this example we will configure a log server and will accept logs from client side.

For this syslog server configuration, i am using one as linux server another as a linux log client.
To check the hostname of the linux servers use the following command.
$hostname



To check the ipaddress use the following command.
$ifconfig 

EX: SenthilTSM1 10.5.5.125 (Syslog Server)
    vnbsenthil    10.0.0.234   (Client)


If you don't have DNS server, then update the host information in both systems /etc/hosts file.



 Ping with the hostname on both the systems.


Now, edit the syslog server configuration file:
vi /etc/sysconfig/syslog (Older version of redhat,centos and fedora)

vi /etc/sysconfig/rsyslog (newer version)



Changes to /etc/rsyslog.conf will not take effect until you restart syslog.


Edit the client side file.
vi /etc/syslog.conf

vi /etc/rsyslog.conf

Add an entry like ... *.*     @hostname




Restart the syslog or rsyslog server.




To check the logs in the syslog server side use the following command.

$tail -f /var/log/messages


 Now you can see client log also in the same file.



It shows both the systems log information.








1 comment: