| More

Linux comes with a built-in syslog package that you can use as a centralized syslog server. Basically, it can be used to send all log files from your network devices or appliances in a remote and centralized location. There are also some popular syslog packages for Linux that you can use  such as syslog-ng,rsyslog & splunk syslog server which all offers more features and flexibility.

On this tutorial, we are going to use the syslogd/sysklogd server which is a multi-platform and proven stable software.

[Syslog Server]

1.verify if the sysklogd package is installed.

[root@freelinux ~]# rpm -qa | grep sysklogd

2. start the syslog daemon

[root@freelinux ~]# service syslog start
Starting system logger: [  OK  ]
Starting kernel logger: [  OK  ]

3. verify if the process is running

[root@freelinux ~]# ps -ef | grep syslog
root      2174     1  0 17:53 ?        00:00:00 syslogd -m 0
root      2180  2110  0 17:54 pts/1    00:00:00 grep syslog
[root@freelinux ~]# ls -la /var/run | grep syslog
-rw——-  1 root  root     5 Oct  9 17:53 syslogd.pid

4. configure the syslog

configuration files:

Add the “-r” options to enable logging from the remote machines

[root@freelinux ~]# cat /etc/sysconfig/syslog
# Options to syslogd
# -m 0 disables ‘MARK’ messages.
# -r enables logging from remote machines
# -x disables DNS lookups on messages recieved with -r
# See syslogd(8) for more details
# Options to klogd
# -2 prints all kernel oops messages twice; once for klogd to decode, and
#    once for processing with ‘ksymoops’
# -x disables all klogd processing of oops messages entirely
# See klogd(8) for more details
# set this to a umask value to use for all log files as in umask(1).
# By default, all permissions are removed for “group” and “other”.

5. Restart the syslog service

[root@freelinux ~]# service syslog restart
Shutting down kernel logger: [  OK  ]
Shutting down system logger: [  OK  ]
Starting system logger: [  OK  ]
Starting kernel logger: [  OK  ]

[Client devices]

configuration file: /etc/syslog.conf

a. Linux servers

[root@freelinux ~]# cat /etc/syslog.conf
# Log all kernel messages to the console.
# Logging much else clutters up the screen.
#kern.*                                                 /dev/console

*.* @

# Log anything (except mail) of level info or higher.
# Don’t log private authentication messages!
*.info;mail.none;authpriv.none;cron.none                /var/log/messages

# The authpriv file has restricted access.
authpriv.*                                              /var/log/secure

# Log all the mail messages in one place.
mail.*                                                  -/var/log/maillog

# Log cron stuff
cron.*                                                  /var/log/cron

# Everybody gets emergency messages
*.emerg                                                 *

# Save news errors of level crit and higher in a special file.
uucp,news.crit                                          /var/log/spooler

# Save boot messages also to boot.log
local7.*                                                /var/log/boot.log

b. Cisco/Motorola devices

Cisco#configure terminal
Cisco#logging facility local6

c. Juniper OS
darwin@Juniper> configure
Entering configuration mode

darwin@Juniper#  set system syslog host a.a.a.a facility-override local6 any any
darwin@Juniper#commit synch

darwin@Juniper#show configuration

host {
any any;
facility-override local6;

d. Unix

# @(#)B.11.11_LR
# syslogd configuration file.
# See syslogd(1M) for information about the format of this file.
mail.debug              /var/adm/syslog/mail.log
*.info;mail.none;local1.none;local2.none;local5.none;local6.none;local7.none    /var/adm/syslog/syslog.log
*.alert                 /dev/console
#*.alert                        root
*.emerg                 *
local4.info             /var/adm/syslog/fw.log
local6.info             /var/adm/syslog/cisco.log

e. Windows

There’s no way to directly configure the syslog clients or send your event log messages to syslog server. You have to use syslog clients such as Snare & winlogd which I will not cover on this tutorial. Alternative way, is send your event logs as snmp traps by configuring your SNMP service & using the event to trap translator or “evntwin” command.

Additional Tips:

1. To make syslogd, re-read its configuration file, send it a HANGUP  signal:
[root@freelinux ~]# kill -HUP `cat /var/run/syslog.pid`

2. Familiarize with syslog facility and severity levels. A good reference about this is Wiki http://en.wikipedia.org/wiki/Syslog. Sample syslog.conf is on the Config-Scripts Section to show how this will be very useful for system administrators.

3.You can verify messages if it’s being logged in your syslog or if you want to test your /etc/syslog.conf, you can use the “logger” command

*.info;mail.none;authpriv.none;cron.none                /var/log/messages

[root@freelinux ~]# logger -p user.info “Test Message”
[root@freelinux ~]# tail /var/log/messages
Oct 11 21:25:39 localhost root: Test Message

11 Responses to “Configure Centralized Syslog server in Linux & setup syslog clients on different platforms”

  1. Hilfepost: Server einrichten (Links) | lernnotizen

    on June 17 2013

  2. Rafael

    on May 27 2015

    Can i see the logs from a web console?

  3. reverse phone lookup uk

    on July 30 2018

    Howdy I am so grateful I found your website, I really
    found you by error, while I was browsing on Bing for something else, Nonetheless I am here now and would just like
    to say thanks for a marvelous post and a all round exciting
    blog (I also love the theme/design), I don’t
    have time to look over it all at the minute but I have bookmarked it and also added your RSS
    feeds, so when I have time I will be back to read much more, Please do keep up the great

  4. visit here

    on January 12 2019

    I merely wanted to thank you one more time for your amazing blog you have made here.
    Its full of useful tips for those who are really interested in this particular subject, in particular this very post.

    You really are all so sweet as well as thoughtful of others
    plus reading your site posts is an excellent delight in my experience.

    And exactly what a generous surprise! Mary and I are
    going to have fun making use of your guidelines in what we need to do in the near future.

    Our listing is a distance long which means your tips are going to be put to very
    good use.

  5. click here

    on January 19 2019

    Thanks for every other informative web site.

    Where else may just I am getting that type of information written in such an ideal method?
    I have a project that I’m simply now running on, and I have been at the glance out for such

  6. click here

    on January 23 2019

    Aw, this was a really nice post. Taking the time and actual effort to create a great article?
    but what can I say? I hesitate a whole lot and don’t manage to get nearly anything done.

  7. click here

    on January 26 2019

    Excellent post. I was checking constantly this blog and I am
    impressed! Extremely helpful info specifically the last part 🙂 I care
    for such info much. I was looking for this certain info for a long time.

    Thank you and best of luck.

  8. visit here

    on January 27 2019

    Of course, what a magnificent site and informative posts,
    I surely will bookmark your website.Have an awsome

  9. visit here

    on January 27 2019

    click here

    blog topic

  10. Florence Nadeau

    on December 7 2019

    Are you looking for powerful advertising that isn’t full of BS? Sorry to bug you on your contact form but actually that was the whole point. We can send your promotional message to sites through their contact pages just like you’re receiving this note right now. You can target by keyword or just fire off mass blasts to sites in any country you choose. So let’s say you would like to push through an ad to all the web developers in the USA, we’ll grab websites for only those and post your advertisement to them. As long as you’re advertising something that’s relevant to that business category then you’ll receive awesome results!

    Shoot an email to sarah1916eva@gmail.com for the details

  11. deutsche pornofilme

    on April 19 2020

    Hi there everyone, it’s my first pay a visit at this site, and paragraph is really fruitful in favor of me, keep up posting these articles or reviews.

Comment RSS · TrackBack URI

Leave a comment

Name: (Required)

E-mail: (Required)




About FLT

This site is dedicated to everyone who likes to learn and explore the beautiful world of Linux. If you have comments and suggestions, please feel free to email at freelinuxtutorials@gmail.com. I am happy to serve and share things esp. that is free and enjoyable as Linux.