SYSLOG - logging to Remote Host
I would like to redirect my VPN event log to my LINUX 7.1 using syslog. The VPN concentrator is set up to sent all event logs to 172.16.20.2 (Linux 7.1) but no syslog message is generated. Here's my setup.
- edited /etc/sysconfig/syslog ; SYSLOGD_OPRIONS="-r -m 0"
- edited /etc/syslog.conf; *.* @loghost
- edited /etc/hosts ; ip for loghost
- restart syslog
Can someone out there give me some advice to modify /etc/syslog.conf or install new syslog program?
According to man syslogd & man syslog.conf, the @ is used to send to a remote host using the standard syslog service ports.
Putting that into the receiving syslog.conf must forward them away, and the replies to itself, yes?
Unless you have a previous line which creates a file/pipe/~ to store them locally...
O.K I removed /etc/syslog.conf; *.* @loghost and
/etc/hosts ; ip for loghost. What should I put on syslog.conf? What steps should I take to get VPN event log forward to my LInux box? I try many scripts but no luck.
There is a standard *nix syslog service using udp port 514 .
Your VPN hardware needs to be able to use this udp port.
If it uses another port, you can make a PREROUTING rule in your Linux box's firewall to REDIRECT to port 514.
Add a LOG rule to find out what is being sent to yr Linux box.
Yes my VPN is using port 514. Here is my VPN set up:
Syslog server- 172.16.10.2
Facility? Local 7 (select syslog facility tag for events sent to server
Right now, I see message on /var/log/messages :
Sep 24 04:43:01 172.16.20.100 1156664 09/24/2002 04:35:43.280 SEV=3 HTTP/7 RPT=105 172.16.20.2 HTTP 401 Unauthorized: Authorization Failed
Sep 24 04:43:23 172.16.20.100 1156675 09/24/2002 04:36:05.680 SEV=4 HTTP/47 RPT=42 172.16.20.2 New administrator login: admin.
O.K now I'm able to get message from the VPN, only the
authentication. I was hoping to get the event log that have outside connection log. I think the parameter need to be set on the VPN concentrator. How do I move the message log to another directory instead of /var/log/messages? Where can I get info to set up LOG rule. Sorry I'm new to LINUX, please bear with me.
|All times are GMT -5. The time now is 03:00 PM.|