Configure Centralized Syslog server in Linux & setup syslog clients on different platforms

Linux comes with a built-in syslog package that you can use as a centralized syslog server. Basically, it can be used to send all log files from your network devices or appliances in a remote and centralized location. There are also some popular syslog packages for Linux that you can use  such as syslog-ng,rsyslog & splunk syslog server which all offers more features and flexibility.

On this tutorial, we are going to use the syslogd/sysklogd server which is a multi-platform and proven stable software.

[Syslog Server]

1.verify if the sysklogd package is installed.

[root@freelinux ~]# rpm -qa | grep sysklogd

2. start the syslog daemon

[root@freelinux ~]# service syslog start
Starting system logger: [  OK  ]
Starting kernel logger: [  OK  ]

3. verify if the process is running

[root@freelinux ~]# ps -ef | grep syslog
root      2174     1  0 17:53 ?        00:00:00 syslogd -m 0
root      2180  2110  0 17:54 pts/1    00:00:00 grep syslog
[root@freelinux ~]# ls -la /var/run | grep syslog
-rw——-  1 root  root     5 Oct  9 17:53

4. configure the syslog

configuration files:

Add the “-r” options to enable logging from the remote machines

[root@freelinux ~]# cat /etc/sysconfig/syslog
# Options to syslogd
# -m 0 disables ‘MARK’ messages.
# -r enables logging from remote machines
# -x disables DNS lookups on messages recieved with -r
# See syslogd(8) for more details
# Options to klogd
# -2 prints all kernel oops messages twice; once for klogd to decode, and
#    once for processing with ‘ksymoops’
# -x disables all klogd processing of oops messages entirely
# See klogd(8) for more details
# set this to a umask value to use for all log files as in umask(1).
# By default, all permissions are removed for “group” and “other”.

5. Restart the syslog service

[root@freelinux ~]# service syslog restart
Shutting down kernel logger: [  OK  ]
Shutting down system logger: [  OK  ]
Starting system logger: [  OK  ]
Starting kernel logger: [  OK  ]

[Client devices]

configuration file: /etc/syslog.conf

a. Linux servers

[root@freelinux ~]# cat /etc/syslog.conf
# Log all kernel messages to the console.
# Logging much else clutters up the screen.
#kern.*                                                 /dev/console

*.* @

# Log anything (except mail) of level info or higher.
# Don’t log private authentication messages!
*.info;mail.none;authpriv.none;cron.none                /var/log/messages

# The authpriv file has restricted access.
authpriv.*                                              /var/log/secure

# Log all the mail messages in one place.
mail.*                                                  -/var/log/maillog

# Log cron stuff
cron.*                                                  /var/log/cron

# Everybody gets emergency messages
*.emerg                                                 *

# Save news errors of level crit and higher in a special file.
uucp,news.crit                                          /var/log/spooler

# Save boot messages also to boot.log
local7.*                                                /var/log/boot.log

b. Cisco/Motorola devices

Cisco#configure terminal
Cisco#logging facility local6

c. Juniper OS
darwin@Juniper> configure
Entering configuration mode

darwin@Juniper#  set system syslog host a.a.a.a facility-override local6 any any
darwin@Juniper#commit synch

darwin@Juniper#show configuration

host {
any any;
facility-override local6;

d. Unix

# @(#)B.11.11_LR
# syslogd configuration file.
# See syslogd(1M) for information about the format of this file.
mail.debug              /var/adm/syslog/mail.log
*.info;mail.none;local1.none;local2.none;local5.none;local6.none;local7.none    /var/adm/syslog/syslog.log
*.alert                 /dev/console
#*.alert                        root
*.emerg                 *             /var/adm/syslog/fw.log             /var/adm/syslog/cisco.log

e. Windows

There’s no way to directly configure the syslog clients or send your event log messages to syslog server. You have to use syslog clients such as Snare & winlogd which I will not cover on this tutorial. Alternative way, is send your event logs as snmp traps by configuring your SNMP service & using the event to trap translator or “evntwin” command.

Additional Tips:

1. To make syslogd, re-read its configuration file, send it a HANGUP  signal:
[root@freelinux ~]# kill -HUP `cat /var/run/`

2. Familiarize with syslog facility and severity levels. A good reference about this is Wiki Sample syslog.conf is on the Config-Scripts Section to show how this will be very useful for system administrators.

3.You can verify messages if it’s being logged in your syslog or if you want to test your /etc/syslog.conf, you can use the “logger” command

*.info;mail.none;authpriv.none;cron.none                /var/log/messages

[root@freelinux ~]# logger -p “Test Message”
[root@freelinux ~]# tail /var/log/messages
Oct 11 21:25:39 localhost root: Test Message

About the author

Free Linux Tutorials

View all posts


  • Can i see the logs from a web console?

  • Howdy I am so grateful I found your website, I really
    found you by error, while I was browsing on Bing for something else, Nonetheless I am here now and would just like
    to say thanks for a marvelous post and a all round exciting
    blog (I also love the theme/design), I don’t
    have time to look over it all at the minute but I have bookmarked it and also added your RSS
    feeds, so when I have time I will be back to read much more, Please do keep up the great

  • I merely wanted to thank you one more time for your amazing blog you have made here.
    Its full of useful tips for those who are really interested in this particular subject, in particular this very post.

    You really are all so sweet as well as thoughtful of others
    plus reading your site posts is an excellent delight in my experience.

    And exactly what a generous surprise! Mary and I are
    going to have fun making use of your guidelines in what we need to do in the near future.

    Our listing is a distance long which means your tips are going to be put to very
    good use.

  • Thanks for every other informative web site.

    Where else may just I am getting that type of information written in such an ideal method?
    I have a project that I’m simply now running on, and I have been at the glance out for such

  • Aw, this was a really nice post. Taking the time and actual effort to create a great article?
    but what can I say? I hesitate a whole lot and don’t manage to get nearly anything done.

  • Excellent post. I was checking constantly this blog and I am
    impressed! Extremely helpful info specifically the last part 🙂 I care
    for such info much. I was looking for this certain info for a long time.

    Thank you and best of luck.

  • Of course, what a magnificent site and informative posts,
    I surely will bookmark your website.Have an awsome

  • Pingback: visit here
  • Are you looking for powerful advertising that isn’t full of BS? Sorry to bug you on your contact form but actually that was the whole point. We can send your promotional message to sites through their contact pages just like you’re receiving this note right now. You can target by keyword or just fire off mass blasts to sites in any country you choose. So let’s say you would like to push through an ad to all the web developers in the USA, we’ll grab websites for only those and post your advertisement to them. As long as you’re advertising something that’s relevant to that business category then you’ll receive awesome results!

    Shoot an email to for the details

  • Hi there everyone, it’s my first pay a visit at this site, and paragraph is really fruitful in favor of me, keep up posting these articles or reviews.

Leave a Reply