LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Newbie (http://www.linuxquestions.org/questions/linux-newbie-8/)
-   -   Getting logs from a remote syslog (http://www.linuxquestions.org/questions/linux-newbie-8/getting-logs-from-a-remote-syslog-91187/)

ganninu 09-10-2003 06:14 AM

Getting logs from a remote syslog
 
I've asked a similar question in another thread but i've realised that i've not understood the whole concept of syslogging.

Anyways, what i want to know is how can i get logs remotely from a syslog daemon.

I have a Linux box and a Cisco server which generates logs via it's syslog daemon. How can i make my Linux box read these logs? I thought that there exist "syslog clients" but i googled in vain. So i came up with the conclusion that they do not exist, and therefore i must take a different approach. Thanks in advance. Ganni.

stickman 09-10-2003 07:07 AM

Remote syslog works the other way around. You don't use a client to read the logs on a remote system. It sends the logs to another system rather than writing them locally. In Linux this is done by using "@loghost.domain" instead of "/path/to/logfile". Also depending on your syslog daemon, you may also need to config syslogd to listen for log submissions from other hosts. See the man pages for syslogd and syslog.conf for full details.

ganninu 09-10-2003 07:25 AM

Ok i've basically did more research and found out that i need to run the syslog daemon on my Linux box with a '-r' argument to listen for remote logs from the Cisco server. I need to tell the Cisco server to send logs to my linux box which has an IP of 10.0.0.3, and simply start the daemon on the linux box side. Two questions arise though - (1) can i use @10.0.0.3 (instead of @host.domain) for the syslog daemon? & (2) Where will the remote logs be saved? Or do I need to tell the daemon something like: files coming from Cisco, are to be placed on /my/dir_of_choice?

stickman 09-10-2003 08:52 AM

Yes, you can use an IP address instead of a name. The logs will be sorted and stored according to the syslog.conf on your Linux system.

ganninu 09-10-2003 09:05 AM

Thanks for your quick reply. However my setup is a bit strange - I have this Cisco server which has a fixed public IP say 111.111.111.111, and my Linux box is inside a LAN (The public IP of the LAN is for example 111.111.111.112, whereas the internal private IP of the Linux box is 10.0.0.3). If I tell the Cisco's daemon to output the logs on @111.111.111.112, will my linux box still receive logs?


All times are GMT -5. The time now is 05:41 PM.