Hey all, Excuse the ignorance, first of all. I have always just used syslog/syslog-ng as logging sources on local machines, I've yet to use the network functionality. How exactly would one configure a host, so that it sends all logs to a central syslog-ng machine? I am using linux, I assume that I would just change the unix-stream to an IP address, or something of the source? Thanks in advance everyone.
Stephen C Burns writes:
How exactly would one configure a host, so that it sends all logs to a central syslog-ng machine?
In the client's syslog-ng.conf: destination central { tcp("loghost.my.example.com" port(NNN)); }; Where NNN is the port number your central server is listening on. Over at the central server, you need to define the source: source src { tcp(port(NNN) max-connections(500)); internal(); }; You might want to put in other sources, such as local syslog messages or kernel messages. See the documentation for more description of the source and destination directives.
On Mon, Jan 07, 2002 at 06:36:02PM -0500, Ed Ravin wrote:
Over at the central server, you need to define the source:
source src { tcp(port(NNN) max-connections(500)); internal(); };
You might want to put in other sources, such as local syslog messages or kernel messages. See the documentation for more description of the source and destination directives.
I usually separate the net sources from the local: source net { tcp(port... }; That way, I can have special rules for host-specific logs while still keeping my standard local loggin setup for the central server itself. -- Chad Walstrom <chewie@wookimus.net> | a.k.a. ^chewie http://www.wookimus.net/ | s.k.a. gunnarr Get my public key, ICQ#, etc. Send email w/the Subject: "get help"
participants (3)
-
Chad C. Walstrom
-
Ed Ravin
-
Stephen C Burns