LinuxQuestions.org
Support LQ: Use code LQ3 and save $3 on Domain Registration
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices



Reply
 
Search this Thread
Old 06-21-2011, 02:31 AM   #1
harshaabba
Member
 
Registered: Aug 2009
Posts: 71

Rep: Reputation: -14
Centralized syslog in solaris 10


hi all,

I want to implement centralized syslog server for my linux servers in order to log successfull logging and failure
loggings.

I uses solaris 10 as a centralized server.Here is the syslog.conf file.

*.err;kern.notice;auth.notice /dev/sysmsg
*.err;kern.debug;daemon.notice;mail.crit /var/adm/messages

*.alert;kern.err;daemon.err operator
*.alert root

*.emerg *

local7.err /logs/cisco/cis
local7.warn /logs/cisco/cis
auth.debug /logs/cisco/cis

# if a non-loghost machine chooses to have authentication messages
# sent to the loghost machine, un-comment out the following line:
#auth.notice ifdef(`LOGHOST', /var/log/authlog, @loghost)

mail.debug ifdef(`LOGHOST', /var/log/syslog, @loghost)

#
# non-loghost machines will use the following lines to cause "user"
# log messages to be logged locally.
#
ifdef(`LOGHOST', ,
user.err /dev/sysmsg
user.err /var/adm/messages
user.alert `root, operator'
user.emerg *


This is the remote client linux machine syslog.conf

authpriv.* /var/log/secure
authpriv.* @<SOLARIS_SERVER_IP>


But Still I coudnt get the authentication messages. Please help me.

tnx
 
Old 06-21-2011, 08:45 PM   #2
chrism01
Guru
 
Registered: Aug 2004
Location: Sydney
Distribution: Centos 6.6, Centos 5.10
Posts: 16,324

Rep: Reputation: 2041Reputation: 2041Reputation: 2041Reputation: 2041Reputation: 2041Reputation: 2041Reputation: 2041Reputation: 2041Reputation: 2041Reputation: 2041Reputation: 2041
As it says here, on the CLIENT
Code:
# if a non-loghost machine chooses to have authentication messages
# sent to the loghost machine, un-comment out the following line:
#auth.notice ifdef(`LOGHOST', /var/log/authlog, @loghost)
you need to un-comment out ie activate that line.

On the Central SERVER, amend /etc/default/syslogd
Code:
#ident  "@(#)syslogd.dfl        1.1     01/11/01 SMI"
#
# Copyright (c) 2001 by Sun Microsystems, Inc.
# All rights reserved.
#
# /etc/default/syslogd
#
# syslogd default settings processed via syslogd(1M).
#
# LOG_FROM_REMOTE affects the logging of remote messages, see syslogd(1M)
# for details.  The default value is "YES".  A value of "NO" (any case)
# results in disabling of remote logging; any other value is ignored.
#
# Copy and uncomment the following default lines to change the values.
#
#LOG_FROM_REMOTE=YES
ie activate (un-comment) that line.

You may(?) also have to adjust the firewalls at each end ( on Solaris http://www.homepage.montana.edu/~uni...laris_ipf.html).
FYI
Code:
grep syslog /etc/services
syslog          514/udp
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Syslog / Solaris 10 felix001 Solaris / OpenSolaris 3 10-14-2010 04:34 PM
Centralized syslog-ng on RHEL4 gurl4sh25 Linux - Server 2 05-14-2007 10:14 PM
Centralized logging with syslog-ng jantman Suse/Novell 2 03-30-2007 09:57 PM
Solaris Syslog 10 vs 9 jewel Solaris / OpenSolaris 0 11-01-2006 05:38 AM
LXer: Centralized Syslog Server Using syslog-NG LXer Syndicated Linux News 0 04-28-2006 07:21 PM


All times are GMT -5. The time now is 01:49 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration