News: This forum is now permanently frozen.
linktree m0n0wall Forum  >  m0n0wall Support (English)  >  Services
linktree Topic: logging to external syslog server on linux
Pages: [1]
Topic: logging to external syslog server on linux  (Read 7709 times)
« on: November 03, 2007, 12:29:44 »
fox *
Posts: 5
i have setup logging to an external server to keep the logs. this works if I send them to a windows syslog server such as kiwi enterprises syslog.


i want to have a debian linux syslog server to be able to log these files. can anyone tell me wht i have to do to get syslog onlinix to recieve the logs from monowall.

the linux server is logging its own files fine but am unshure what to add to the syslog.conf file.

any help would be appreciated


thanks
« Reply #1 on: November 07, 2007, 06:16:51 »
cmb *****
Posts: 851
If you're going to use Kiwi in the end, why not start with it? There is a free version that works great. It's really easy to get going.

How to make your Linux server accept syslog from the network varies depending on distro, version, etc. That's a question best suited for a forum or mailing list of your Linux distro.
« Reply #2 on: November 20, 2007, 08:42:08 »
msbaker *
Posts: 8
The options when the syslogd daemon are started will need to be changed from the default options.

By default, the syslogd daemon on Linux, FreeBSD, and most other versions of Unix accepts syslog packets only from the local host. In fact, the way Linux/FreeBSD/etc. force this behavior is the sylogd daemon doesn't open an IP socket on port 514 to even receive syslog messages from the network. A Unix domain socket is used by a local application to communicate with the local syslogd server instead (a named socket has nothing to do with the Internet protocol and doesn't normally go over a network).

You should look in the man page for syslogd on the version of Linux you plan to use. On Red Hat, Centos, Fedora, etc., I believe -r will enable remote logging. It also usually makes sense to use the -x option, which disables reverse DNS lookups for any remote packets received. Otherwise the syslogd server will request a DNS lookup for any remote log packets received to convert the source IP address to a name. This can often be costly. So instead of the remote machine name, the IP address is printed by syslog in the log files. On Red Hat, Centos, Fedora, etc., the options that syslogd starts with can be set in the /etc/sysconfig/syslog text file by changing the default
 SYSLOGD_OPTIONS="-m 0"
to
 SYSLOGD_OPTIONS="-r -x m 0"

Again, use man pages for syslogd on the linux distro to determine the appropriate switches and how to change the options used to start syslogd.

-msbaker
 
Pages: [1]
 
 
Powered by SMF 1.1.20 | SMF © 2013, Simple Machines