[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Sending syslog to another machine

Bill Davidsen wrote:
Mikkel L. Ellertson wrote:
lanas wrote:
Basically rsyslog works like syslog, but adds a few more options.  So
simply specify the server (and optional port) to start with and make a
few tests by using the logger utility. *.* @@remote-host:514

Replace remote-host with your remote syslog.  514 is the default
well-known syslog port so unless you have set up something else, you
can leave it there.

Don't forget to restart/reload rsyslog (or any other syslog daemon for
that matter) after doing configuration changes.  This sometimes can be
done by simply sending the daemon a HUP signal:

killall -HUP daemon

or by restarting it altogether:

/etc/init.d/daemon restart

Hope this helps.
Don't forget to configure the host you are logging to so that it
will accept logging from an outside machine. By default, it probably

Don't know about the syslog daemon, but it looks as if the firewall rules don't. The good think about using a syslog machine is that the *times* match, the bad thing is that it's a single point of failure, and network connected as well. So for debugging network issues it's suboptimal. ;-)

By default, most firewalls don't permit syslog, so you have to open
UDP port 514 on the receiving machine.

Also, both the old syslogd and the newer rsyslogd have to have the "-r"
option specified for them to actually listen to the network (the "-r"
can also have a port number appended, e.g. "-r 514").  Not sure about
ng-syslog, but I suspect the same is true.

On Red Hattish machines, options are passed to the syslog daemon by
values stuffed into the "SYSLOGD_OPTIONS" line of either the
"/etc/sysconfig/syslog" or "/etc/sysconfig/rsyslog" file (depending on
which syslog daemon you're running.  By default, you'll find

	SYSLOGD_OPTIONS="-c 3" (/etc/sysconfig/rsyslog)
	SYSLOGD_OPTIONS="-m 0" (/etc/sysconfig/syslog)

Prepend that with "-r" (e.g. SYSLOGD_OPTIONS="-r -c 3") and then do a
"service syslog restart".  It should start listening to the network.
- Rick Stevens, Systems Engineer                      ricks nerd com -
- AIM/Skype: therps2        ICQ: 22643734            Yahoo: origrps2 -
-                                                                    -
-                       When in doubt, mumble.                       -

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]