syslog server installation and configuration in linux

 

syslog server installation and configuration in linux

 

Syslog server is a centralized log server for linux which collects all log of the client machines. In this post i am going to explain how to install, configure and utilize syslog server.

Syslog server side configuration:

ServerName: syslogserver
Server side Configuration file: /etc/sysconfig/syslog
ServerIP : 192.168.1.5

Step1: Install the syslog package in the syslog server

#yum install sysklogd

Step2: Verify the Installed syslog configuration file

#rpm -qf /etc/sysconfig/syslog
#sysklogd-1.4.1-46.el5

Step3: Start the syslog service

#/etc/init.d/syslog start

Step4: Start the syslog service in boot up using chkconfig tool

#chkconfig syslog on

Step5: Edit the syslog server configuration file to allow logs from client machines. Add “-r” in the line SYSLOGD_OPTIONS to enable logging from the remote machines.

#cat /etc/sysconfig/syslog
# Options to syslogd
# -m 0 disables ‘MARK’ messages.
# -r enables logging from remote machines
# -x disables DNS lookups on messages recieved with -r
# See syslogd(8) for more details
SYSLOGD_OPTIONS=”-r -m 0″
# Options to klogd
# -2 prints all kernel oops messages twice; once for klogd to decode, and
#    once for processing with ‘ksymoops’
# -x disables all klogd processing of oops messages entirely
# See klogd(8) for more details
KLOGD_OPTIONS=”-x”
#
SYSLOG_UMASK=077
# set this to a umask value to use for all log files as in umask(1).
# By default, all permissions are removed for “group” and “other”.

Step5:  Restart the syslog service to enable the modification happens in the configuration file /etc/sysconfig/syslog.

#/etc/init.d/syslog restart

Client Side configuration:

Client Name: syslogclient
Client side configuration file: /etc/syslog.conf
Client IP address: 192.168.1.6

Step1: Install the syslog package in the syslog server

#yum install sysklogd

Step2: Verify the Installed syslog configuration file

#rpm -qf /etc/syslog.conf
sysklogd-1.4.1-46.el5

Step3: Start the syslog service

#/etc/init.d/syslog start

Step4: Start the syslog service in bootup using chkconfig tool

#chkconfig syslog on

Step5:Edit the syslog.conf file and point the log messages to Server IP address(192.168.1.5)

#cat /etc/syslog.conf
# Log all kernel messages to the console.
# Logging much else clutters up the screen.
#kern.*                                                 /dev/console

*.* @192.168.1.5

# Log anything (except mail) of level info or higher.
# Don’t log private authentication messages!
*.info;mail.none;news.none;authpriv.none;cron.none              /var/log/messages

# The authpriv file has restricted access.
authpriv.*                                              /var/log/secure

# Log all the mail messages in one place.
mail.*                                                  -/var/log/maillog

# Log cron stuff
cron.*                                                  /var/log/cron

# Everybody gets emergency messages
*.emerg                                                 *

# Save news errors of level crit and higher in a special file.
uucp,news.crit                                          /var/log/spooler

# Save boot messages also to boot.log
local7.*                                                /var/log/boot.log

#
# INN
#
news.=crit                                        /var/log/news/news.crit
news.=err                                         /var/log/news/news.err
news.notice                                       /var/log/news/news.notice

Step6:Restart the syslog service to enable the edited settings

#/etc/init.d/syslog restart

Step7: Manually add log message to /var/log/messages

[root@client ~]# logger -p user.info I am a test message

Step8:Check the log availability in the server

#tailf /var/log/messages
Oct 25 12:25:21 192.168.1.6 root: I am a test message