configure syslog
Hi,
I am in the proccess of centerlizing all the logs of my 70 linux boxes to one syslog server. I want to forward just security related issus to the central server. how I filter alerts to be send? is there a posibility to so this? Also iin syslog.conf I see this line: # Everybody gets emergency messages *.emerg @loghost my question is how I know what is configured as *.emerg ? do I have an option to configure this? thanks very much ! |
syslog entries are in 3 parts
facility priority and where the log goes auth.info logs auth at the prority info and higher auth.=info logs just the priority info you can send the data to a users terminal like such kern.* joe That logs any kernel messages to joes terminal kern.* /var/log/kernlog sends to a file kern.* @sunbox sends the log messages to a host box named sunbox sending logs to another machine uses port 514 or 601 I forget which, but looking in the /etc/services file shud tell you. That port must be open of course on the reciving end. I suggest ya take a look and d/l webmin from webmin.com it is a nice gui web based tool for admin and allows easy configuration of the /etc/syslog.conf file Any changes to the conf does require restarting of the syslogd daemon |
anorther question please
I want to log all the security related issuss suxh as authentication ( password entring errors , change of file permmisions and etc) to ve send to another syslog server. do u know who can I do it ?
I know webmin but I really dont want to use it beacuse I will need to open other ports on the production linux servers.... thanks. |
The easiest way would be to look at the logs you have now and determine which logs have the info in them that you want to centralize. Then point these facilities to the syslog server by replacing the logfile with @sys.log.ip
|
All times are GMT -5. The time now is 10:24 AM. |