How to setup a syslog server

anandhg02 · 12-25-2004, 12:39 AM

I am having a D-Link DFL-500 hardware firewall. I have an option like to log all the activities to a syslog server in it. So I want to setup a syslog server in Fedora Core 2 and to log all the activities of the firewall.

Plz guide me to setup a syslog server.

bulliver · 12-25-2004, 03:40 AM

Your FC2 most certainly already has a system logger installed. All you need to do is set it up to accept connections from the firewall.

This step is dependant on which logger you use. To see which one try:

Code:

# rpm -qa | grep syslog

The two most popular are the newer syslog-ng and the older but trusty syslogd. Once you find this out I can probably help you out more.

anandhg02 · 12-26-2004, 10:17 PM

Sir, I am having sysklogd

#rpm -qa sysklogd
sysklogd-1.4.1-16

This includes the syslogd daemon. Plz guide me on how to setup a syslog for DLINK firewall

bulliver · 12-26-2004, 10:29 PM

Ok, the only thing you have to do is restart syslogd with the '-r' command line switch. You will need to edit syslog's startup script (in /etc/rc.d or /etc/init.d) to make this permanent. Now syslogd will be listening on UDP port 514.

Here is a link to help:
http://freebooks.by.ru/view/LinuxNet...htm#Heading327

As for configuring the dlink, I cannot help..read the docs and make it log to your box on port 514

HTH.

anandhg02 · 12-26-2004, 10:40 PM

Thank you sir, I will try this and come back to you, if I am having any problem

bulliver · 12-26-2004, 10:50 PM

No prob, and please, no need to call me "sir", as I am still too young and foolish to deserve such a title

anandhg02 · 12-28-2004, 12:03 AM

I had setup my D-Link to log to my syslog server.
It is sending messages, but all the messages goes into /var/log/messages. The following is one of a log made by D-Link.
============================================================
Dec 28 11:33:40 192.168.100.5 type=mgmt, msg="Log&Report setting set successful at 192.168.100.1 by admin"
============================================================

Is it possible to make the logging to some other file such as to log all the log comming from D-Link to /var/log/dlink.

bulliver · 12-28-2004, 12:30 AM

I am sorry, but I don't think you can with syslogd, but I may be wrong. There doesn't seem to be a facility for seperating messages from your dlink. Have a good look at man 5 syslog.conf to be sure...

You can do this however, with syslog-ng