Wednesday, 6 October 2010

Syslog-ng server on Ubuntu

Well once you know what to do it is actually easy to get it going, however there is a few things you need to know:

  • Remote logging needs to be enabled on the server

  • Firewall needs to accept traffic for syslogs

  • on the client logs need to be forwarded to the syslog server

  • a log filter need to be created on the client


So a typical / basic setup that forwards everything to the servers default log destinations e.g. /var/log/syslog will look as follows:

Server side:
Basic config change to get the server accepting remote logs:
uncomment:
         udp();
Client side:
The most basic setup to forward all logs to the syslog-ng server:

destination server { udp("192.168.0.1" port (514)); };

log {
        source(s_all);
        destination(server);
};

I am also sending logs from my Mikrotik device to the syslog-ng server as follows:

[user@Mikrotik] > /system logging action print
Flags: * - default
 #   NAME                      TARGET REMOTE                                  
 0 * memory                    memory
 1 * disk                      disk 
 2 * echo                      echo 
 3 * remote                    remote 192.168.0.1:514                           
[user@Mikrotik] >

[user@Mikrotik] > /system logging print       
Flags: X - disabled, I - invalid
 #   TOPICS                          ACTION                          PREFIX   
 0   info                            memory                                   
 1   error                           memory                                   
 2   warning                         memory                                   
 3   critical                        echo                                     
 4   warning                         remote                          mikrotik

Happy logging.

No comments:

Post a Comment