LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices



Reply
 
Search this Thread
Old 09-10-2003, 07:14 AM   #1
ganninu
Member
 
Registered: Jul 2003
Distribution: RH 7.3/8.0/9.0, Debian Stable 3.0, FreeBSD 5.2, Solaris 8/9/10,HP-UX
Posts: 340

Rep: Reputation: 30
Getting logs from a remote syslog


I've asked a similar question in another thread but i've realised that i've not understood the whole concept of syslogging.

Anyways, what i want to know is how can i get logs remotely from a syslog daemon.

I have a Linux box and a Cisco server which generates logs via it's syslog daemon. How can i make my Linux box read these logs? I thought that there exist "syslog clients" but i googled in vain. So i came up with the conclusion that they do not exist, and therefore i must take a different approach. Thanks in advance. Ganni.
 
Old 09-10-2003, 08:07 AM   #2
stickman
Senior Member
 
Registered: Sep 2002
Location: Nashville, TN
Posts: 1,552

Rep: Reputation: 53
Remote syslog works the other way around. You don't use a client to read the logs on a remote system. It sends the logs to another system rather than writing them locally. In Linux this is done by using "@loghost.domain" instead of "/path/to/logfile". Also depending on your syslog daemon, you may also need to config syslogd to listen for log submissions from other hosts. See the man pages for syslogd and syslog.conf for full details.
 
Old 09-10-2003, 08:25 AM   #3
ganninu
Member
 
Registered: Jul 2003
Distribution: RH 7.3/8.0/9.0, Debian Stable 3.0, FreeBSD 5.2, Solaris 8/9/10,HP-UX
Posts: 340

Original Poster
Rep: Reputation: 30
Ok i've basically did more research and found out that i need to run the syslog daemon on my Linux box with a '-r' argument to listen for remote logs from the Cisco server. I need to tell the Cisco server to send logs to my linux box which has an IP of 10.0.0.3, and simply start the daemon on the linux box side. Two questions arise though - (1) can i use @10.0.0.3 (instead of @host.domain) for the syslog daemon? & (2) Where will the remote logs be saved? Or do I need to tell the daemon something like: files coming from Cisco, are to be placed on /my/dir_of_choice?

Last edited by ganninu; 09-10-2003 at 08:29 AM.
 
Old 09-10-2003, 09:52 AM   #4
stickman
Senior Member
 
Registered: Sep 2002
Location: Nashville, TN
Posts: 1,552

Rep: Reputation: 53
Yes, you can use an IP address instead of a name. The logs will be sorted and stored according to the syslog.conf on your Linux system.
 
Old 09-10-2003, 10:05 AM   #5
ganninu
Member
 
Registered: Jul 2003
Distribution: RH 7.3/8.0/9.0, Debian Stable 3.0, FreeBSD 5.2, Solaris 8/9/10,HP-UX
Posts: 340

Original Poster
Rep: Reputation: 30
Thanks for your quick reply. However my setup is a bit strange - I have this Cisco server which has a fixed public IP say 111.111.111.111, and my Linux box is inside a LAN (The public IP of the LAN is for example 111.111.111.112, whereas the internal private IP of the Linux box is 10.0.0.3). If I tell the Cisco's daemon to output the logs on @111.111.111.112, will my linux box still receive logs?
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
syslog-ng doen't generating logs emailssent Linux - Newbie 3 03-09-2005 06:44 AM
Guarddog logs in syslog short101 Linux - Security 3 01-06-2005 02:31 AM
Router Logs sent to Syslog - Can I change the location Gnarg Linux - Networking 4 08-10-2004 10:24 AM
SYSLOG - logging to Remote Host dvong3 Linux - Networking 4 09-24-2002 08:14 AM
Im running syslogd. I also have my PIX firewall logs being written to my linux syslog adamrau Linux - Security 2 12-19-2001 02:38 PM


All times are GMT -5. The time now is 10:40 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration