1) Configuration of both log server and log client:
Check if there is an entry in /etc/services regarding port 514 (default for syslog).
grep 514 /etc/services
syslog 514/udp
Enable communication on this port by setting proper rule on firewall:
-A RH-Firewall-1-INPUT -p udp –dport 514 -j ACCEPT
Syslog by default is not configured to send logs to remote hosts or receive them from network. You have to change startup options in /etc/sysconfig/syslog by adding ‘-r’ to SYSLOG_OPTS.
Now we are prepared to configure syslog! Configuration is stored in /etc/syslog.conf . Entries are different on log server and log client.
2) Configuration of log server:
You have to provide information about log client and destination where logs from client will be written. To do this you have to add two lines to the /etc/syslog.conf:
+LOG_CLIENT
log_source.log_type log_file
where:
- LOG_CLIENT could be hostname or IP adress. If you are using hostname it have to be resolved by DNS or written in /etc/hosts.
- log_source.log_type – here you can specify subsystems from which information will be logged and message types. Here are a few examples: user.notice -> information from users; kernel.warn -> warnings from kernel; *.* -> all messages from all subsystems.
- log_file – logs will be written here.
Example:
+log_client
user.* /var/log/log_client.log
In above example logs from user subsystem from host ‘log_client‘ will be written in /var/log/log_client.log
3) Configuration of log client:
In /etc/syslog.conf you have to specify which logs will be copied on log server:
log_source.log_type @LOG_SERVER
where:
- log_source.log_type – here you can specify subsystems from which information will be logged and message types. Here are a few examples: user.notice -> information from users; kernel.warn -> warnings from kernel; *.* -> all messages from all subsystems.
- LOG_SERVER could be hostname or IP adress. If you are using hostname it have to be resolved by DNS or written in /etc/hosts.
Example:
user.* @log_server
In above example logs from user subsystem will be sent to ‘log_server’ host.
Remember to restart syslog service after making any changes in /etc/syslog.conf!
service syslog restart
'서버관리' 카테고리의 다른 글
[쉘스크립트] user SID 가져오기 (0) | 2013.08.13 |
---|---|
[쉘스크립트] 쉘에서 DB 쿼리하기 (0) | 2013.08.07 |
[LInux Connection Check] (0) | 2013.04.08 |
[넷백업 Active 폴리시 구하기] (0) | 2013.03.15 |
우분투 원격터미널 접속 (0) | 2013.01.04 |