-   Linux - Newbie (
-   -   Getting logs from a remote syslog (

ganninu 09-10-2003 07:14 AM

Getting logs from a remote syslog
I've asked a similar question in another thread but i've realised that i've not understood the whole concept of syslogging.

Anyways, what i want to know is how can i get logs remotely from a syslog daemon.

I have a Linux box and a Cisco server which generates logs via it's syslog daemon. How can i make my Linux box read these logs? I thought that there exist "syslog clients" but i googled in vain. So i came up with the conclusion that they do not exist, and therefore i must take a different approach. Thanks in advance. Ganni.

stickman 09-10-2003 08:07 AM

Remote syslog works the other way around. You don't use a client to read the logs on a remote system. It sends the logs to another system rather than writing them locally. In Linux this is done by using "@loghost.domain" instead of "/path/to/logfile". Also depending on your syslog daemon, you may also need to config syslogd to listen for log submissions from other hosts. See the man pages for syslogd and syslog.conf for full details.

ganninu 09-10-2003 08:25 AM

Ok i've basically did more research and found out that i need to run the syslog daemon on my Linux box with a '-r' argument to listen for remote logs from the Cisco server. I need to tell the Cisco server to send logs to my linux box which has an IP of, and simply start the daemon on the linux box side. Two questions arise though - (1) can i use @ (instead of @host.domain) for the syslog daemon? & (2) Where will the remote logs be saved? Or do I need to tell the daemon something like: files coming from Cisco, are to be placed on /my/dir_of_choice?

stickman 09-10-2003 09:52 AM

Yes, you can use an IP address instead of a name. The logs will be sorted and stored according to the syslog.conf on your Linux system.

ganninu 09-10-2003 10:05 AM

Thanks for your quick reply. However my setup is a bit strange - I have this Cisco server which has a fixed public IP say, and my Linux box is inside a LAN (The public IP of the LAN is for example, whereas the internal private IP of the Linux box is If I tell the Cisco's daemon to output the logs on @, will my linux box still receive logs?

All times are GMT -5. The time now is 01:19 PM.