- Remote logging needs to be enabled on the server
- Firewall needs to accept traffic for syslogs
- on the client logs need to be forwarded to the syslog server
- a log filter need to be created on the client
So a typical / basic setup that forwards everything to the servers default log destinations e.g. /var/log/syslog will look as follows:
Server side:
Basic config change to get the server accepting remote logs:
uncomment:
udp();
Client side:
The most basic setup to forward all logs to the syslog-ng server:
destination server { udp("192.168.0.1" port (514)); };
log {
source(s_all);
destination(server);
};
I am also sending logs from my Mikrotik device to the syslog-ng server as follows:
[user@Mikrotik] > /system logging action print
Flags: * - default
# NAME TARGET REMOTE
0 * memory memory
1 * disk disk
2 * echo echo
3 * remote remote 192.168.0.1:514
[user@Mikrotik] >
[user@Mikrotik] > /system logging print
Flags: X - disabled, I - invalid
# TOPICS ACTION PREFIX
0 info memory
1 error memory
2 warning memory
3 critical echo
4 warning remote mikrotik
Happy logging.
No comments:
Post a Comment