DevOps Army

Understand, Learn and Implement.. LINUX / UNIX DEVOPS CONTAINERS OPENSHIFT KUBERNETES DEVOPS TOOLS VIRTUALIZATION STORAGE BACKUP SCRIPTS MONITORING MIDDLEWARE

Monday, January 19, 2015

SYSLOG server setup in Linux

11:53 PM Posted by vinod , , No comments
A syslog server represents a central log monitoring point on a network which includes Linux, windows, routers, swtiches or any other servers in a network.

Basic of Syslog Standard:

When logs are collected with syslog mechanism, three important things must be taken into consideration:
  • Facility level: what type of processes to monitor
  • Severity (priority) level: what type of log messages to collect
  • Destination: where to send or record log messages
Let's take a look at how the configuration is defined in more detail.
The facility levels define a way to categorize internal system processes. Some of the common standard facilities in Linux are:
  • auth: messages related to authentication (login)
  • cron: messages related to scheduled processes or applications
  • daemon: messages related to daemons (internal servers)
  • kernel: messages related to the kernel
  • mail: messages related to internal mail servers
  • syslog: messages related to the syslog daemon itself
  • lpr: messages related to print servers
  • local0 - local7: messages defined by user (local7 is usually used by Cisco and Windows servers)
The severity (priority) levels are standardized, and defined by using standard abbreviation and an assigned number with number 7 being the highest level of all. These levels are:
  • emerg: Emergency - 0
  • alert: Alerts - 1
  • crit: Critical - 2
  • err: Errors - 3
  • warn: Warnings - 4
  • notice: Notification - 5
  • info: Information - 6
  • debug: Debugging - 7







Next we need to set the rsyslog  to accept remote TCP and UDP syslog requests.
In the "/etc/rsyslog.conf" file  un comment the below lines as shown below.








Once you're done with changes, Please restart the rsyslog service and make it configured on boot also.







Verify the log server is listening to port:






If port is not opened, Ask the network team to open the port from firewall end and also in server, use the below iptable steps to open






After the changes,you can test your changes to make sure it is working.
Client setup
[root@client ~]# vi /etc/rsyslog.conf
At the end of file place the following line to point the client message log to the server
*.info;mail.none;authpriv.none;cron.none   @192.168.248.134
You can either mention hostname or ip address.
Restart the syslog service
[root@client ~]# service rsyslog restart
Now all the message logs are sent to the central server and also it keeps the copy locally.

0 comments:

Post a Comment