LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Networking (http://www.linuxquestions.org/questions/linux-networking-3/)
-   -   SYSLOG - logging to Remote Host (http://www.linuxquestions.org/questions/linux-networking-3/syslog-logging-to-remote-host-31079/)

dvong3 09-24-2002 03:48 AM

SYSLOG - logging to Remote Host
 
Hi,

I would like to redirect my VPN event log to my LINUX 7.1 using syslog. The VPN concentrator is set up to sent all event logs to 172.16.20.2 (Linux 7.1) but no syslog message is generated. Here's my setup.

- edited /etc/sysconfig/syslog ; SYSLOGD_OPRIONS="-r -m 0"
- edited /etc/syslog.conf; *.* @loghost
- edited /etc/hosts ; ip for loghost
- restart syslog

Can someone out there give me some advice to modify /etc/syslog.conf or install new syslog program?

Dan

peter_robb 09-24-2002 04:22 AM

According to man syslogd & man syslog.conf, the @ is used to send to a remote host using the standard syslog service ports.
Putting that into the receiving syslog.conf must forward them away, and the replies to itself, yes?
Unless you have a previous line which creates a file/pipe/~ to store them locally...

Regards,
Peter

dvong3 09-24-2002 06:15 AM

Hi Peter,

O.K I removed /etc/syslog.conf; *.* @loghost and
/etc/hosts ; ip for loghost. What should I put on syslog.conf? What steps should I take to get VPN event log forward to my LInux box? I try many scripts but no luck.

Dan

peter_robb 09-24-2002 06:25 AM

There is a standard *nix syslog service using udp port 514 .
Your VPN hardware needs to be able to use this udp port.
If it uses another port, you can make a PREROUTING rule in your Linux box's firewall to REDIRECT to port 514.

Add a LOG rule to find out what is being sent to yr Linux box.

Regards,
Peter

dvong3 09-24-2002 07:14 AM

Yes my VPN is using port 514. Here is my VPN set up:

Syslog server- 172.16.10.2
Port- 514
Facility? Local 7 (select syslog facility tag for events sent to server

Right now, I see message on /var/log/messages :

Sep 24 04:43:01 172.16.20.100 1156664 09/24/2002 04:35:43.280 SEV=3 HTTP/7 RPT=105 172.16.20.2 HTTP 401 Unauthorized: Authorization Failed

Sep 24 04:43:23 172.16.20.100 1156675 09/24/2002 04:36:05.680 SEV=4 HTTP/47 RPT=42 172.16.20.2 New administrator login: admin.

O.K now I'm able to get message from the VPN, only the
authentication. I was hoping to get the event log that have outside connection log. I think the parameter need to be set on the VPN concentrator. How do I move the message log to another directory instead of /var/log/messages? Where can I get info to set up LOG rule. Sorry I'm new to LINUX, please bear with me.

Dan


All times are GMT -5. The time now is 06:58 AM.