Here’s an explanation of how to have rsyslogd receive logs from remote devices.
sender ( centos 5 : syslogd ) ---- receiver ( linux mint 12 : rsyslogd )
# tail -1 /etc/lsb-release
DISTRIB_DESCRIPTION="Linux Mint 12 Lisa"
# rsyslogd -v | head -1
rsyslogd 5.8.1, compiled with:
|
[ configure rsyslog machine : linux mint ]
By default , rsyslog does not receive logs from remote devices.
on rsyslog machine (Mint)
edit rsyslog.conf
# cat rsyslog.
$ModLoad imudp
$UDPServerRun 514
AllowedSender UDP, 127.0.0.1, 192.168.10.0/24
|
restart rsyslog
before
# lsof -ni:514
# /etc/init.d/rsyslog restart
|
restart rsyslog
# /etc/init.d/rsyslog restart
|
after
# lsof -ni:514
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
rsyslogd 10440 syslog 3u IPv4 54460 0t0 UDP *:syslog
rsyslogd 10440 syslog 4u IPv6 54461 0t0 UDP *:syslog
|
make xxx.conf file under /etc/rsyslog.d directory.
In this case , rsyslog writes logs which facility is local0 into /var/log/local0.log file.
# cat /etc/rsyslog.d/local0.conf
local0.* -/var/log/local0.log
|
restart rsyslog
# /etc/init.d/rsyslog restart
|
rsyslogd made local0.log file.
# ls /var/log/local*
/var/log/local0.log
|
[ sender : centos 5 ]
edit syslog.conf
# tail -1 /etc/syslog.conf
local0.* @192.168.x.x
|
This means that logs ( facility local0 , level debug – emerg ) will be sent to 192.168.x.x ( Linux Mint )
restart syslog
# /etc/init.d/syslog restart
|
[ test ]
Confirm rsyslogd (Linux Mint) receives log message from a remote device ( CentOS5 )
on CentOS. generate log messages by logger command.
# logger -s -p local0.info "test local0 info"
|
on Linux Mint
# cat /var/log/local0.log
Jan 21 02:55:33 centos5.local zzz: test local0 info
|
rsyslogd ( linux mint ) wrote logs into /var/log/local0.log file via the sender ( centos )
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.