Wednesday, 6 October 2010

Syslog-ng server on Ubuntu

Well once you know what to do it is actually easy to get it going, however there is a few things you need to know:

  • Remote logging needs to be enabled on the server

  • Firewall needs to accept traffic for syslogs

  • on the client logs need to be forwarded to the syslog server

  • a log filter need to be created on the client


So a typical / basic setup that forwards everything to the servers default log destinations e.g. /var/log/syslog will look as follows:

Server side:
Basic config change to get the server accepting remote logs:
uncomment:
         udp();
Client side:
The most basic setup to forward all logs to the syslog-ng server:

destination server { udp("192.168.0.1" port (514)); };

log {
        source(s_all);
        destination(server);
};

I am also sending logs from my Mikrotik device to the syslog-ng server as follows:

[user@Mikrotik] > /system logging action print
Flags: * - default
 #   NAME                      TARGET REMOTE                                  
 0 * memory                    memory
 1 * disk                      disk 
 2 * echo                      echo 
 3 * remote                    remote 192.168.0.1:514                           
[user@Mikrotik] >

[user@Mikrotik] > /system logging print       
Flags: X - disabled, I - invalid
 #   TOPICS                          ACTION                          PREFIX   
 0   info                            memory                                   
 1   error                           memory                                   
 2   warning                         memory                                   
 3   critical                        echo                                     
 4   warning                         remote                          mikrotik

Happy logging.
Posted by at No comments:
Labels: , , ,

Tuesday, 5 October 2010

To test if a port is open on linux

Well I wanted to test if a linux box is ready to receive syslog log files remotely and used netcat / ccat / nc for the purpose.

It is a server/client application whereby you run the server in listen mode and then start the client on a different host and connect to the server, it can create both tcp and udp connections.

I had some trouble with the syntax on Ubuntu 10.04 Lucid Lynx and hence will post the commands that worked for me:

Server:

user@server:~$ sudo nc -l -u 514


-l : is for listen
-u : is for udp

Client:

user@client:~$ nc 192.168.0.1 -u 514


where 192.168.0.1 is the ip of the server
If it connects you can then type anything in the client and it will display in the server window confirming the port is available and no firewall is blocking teh traffic, hence you can move to the application layer.
Posted by at No comments:
Labels: , , ,
Subscribe to: Posts (Atom)