Bill Davidsen wrote:
Mikkel L. Ellertson wrote:
lanas wrote:
Basically rsyslog works like syslog, but adds a few more options. So simply specify the server (and optional port) to start with and make a few tests by using the logger utility. *.* @@remote-host:514
Replace remote-host with your remote syslog. 514 is the default well-known syslog port so unless you have set up something else, you can leave it there.
Don't forget to restart/reload rsyslog (or any other syslog daemon for that matter) after doing configuration changes. This sometimes can be done by simply sending the daemon a HUP signal:
killall -HUP daemon
or by restarting it altogether:
/etc/init.d/daemon restart
Hope this helps.
Don't forget to configure the host you are logging to so that it will accept logging from an outside machine. By default, it probably doesn't.
Don't know about the syslog daemon, but it looks as if the firewall rules don't. The good think about using a syslog machine is that the *times* match, the bad thing is that it's a single point of failure, and network connected as well. So for debugging network issues it's suboptimal. ;-)
By default, most firewalls don't permit syslog, so you have to open UDP port 514 on the receiving machine.
Also, both the old syslogd and the newer rsyslogd have to have the "-r" option specified for them to actually listen to the network (the "-r" can also have a port number appended, e.g. "-r 514"). Not sure about ng-syslog, but I suspect the same is true.
On Red Hattish machines, options are passed to the syslog daemon by values stuffed into the "SYSLOGD_OPTIONS" line of either the "/etc/sysconfig/syslog" or "/etc/sysconfig/rsyslog" file (depending on which syslog daemon you're running. By default, you'll find
SYSLOGD_OPTIONS="-c 3" (/etc/sysconfig/rsyslog) SYSLOGD_OPTIONS="-m 0" (/etc/sysconfig/syslog)
Prepend that with "-r" (e.g. SYSLOGD_OPTIONS="-r -c 3") and then do a "service syslog restart". It should start listening to the network. ---------------------------------------------------------------------- - Rick Stevens, Systems Engineer ricks@nerd.com - - AIM/Skype: therps2 ICQ: 22643734 Yahoo: origrps2 - - - - When in doubt, mumble. - ----------------------------------------------------------------------