LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
Reload this Page syslog server receives logs from remote device
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 01-17-2007, 12:34 AM   #1
dwarf007
Member
 
Registered: Sep 2004
Location: Malaysia
Posts: 181

Rep: Reputation: 30
syslog server receives logs from remote device

Is there anyone knows how to configure syslog server to receive remote device logs?

I have 1 wireless router gateway which is have an option to store it logs to syslog server.
I already configure the device to point to my syslog server IP address.


I believe I need to edit the syslog.conf file.
I already added 1 line in the bottom of the syslog.conf file

Code:
???			/var/log/routergateway.log
What are the info I should put in the "???" in order to make the syslog server receive logs from the wireless router gateway?

What are the steps I need to configure in the syslog server in order to receive all the logs from my wireless router gateway?

Appreciate if there is anyone could help me.
Thank You…..
 
Old 01-17-2007, 05:17 AM   #2
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,415
Blog Entries: 55

Rep: Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600
See for instance http://www.linuxhomenetworking.com/linux-hn/logging.htm.

Some notes to go with that:
On the host that *receives* logs:
- check if you need to separate logs by IP or name or use TCP instead of UDP (replace Syslogd with Syslog-NG or RSyslog),
- check if you need more secure logging over SSL (install Stunnel on both sides),
- check 'man syslogd' for needing '-l' or '-s',
- check your firewall contains an appropriate line for host(s) allowed access to syslogd ('getent services syslog'),
- check your /etc/hosts.deny contains the 'ALL: ALL' line if you need strict access controls,
- check your /etc/hosts.allow contains an appropriate line for host(s) allowed access to syslogd.

On the host that *sends* logs:
- check your firewall contains an appropriate line for outbound access to the syslogd host,
- use 'logger' with an appropriate facility + priority combo to generate a test message or wait aeons for one to show up on the loghost.
 
Old 01-19-2007, 10:50 PM   #3
dwarf007
Member
 
Registered: Sep 2004
Location: Malaysia
Posts: 181

Original Poster
Rep: Reputation: 30
There is no firewall between. The remote device is the gateway of my syslog. It should be manage to push all the logs to the syslog server.

I believe the syslog server has to know the logs is collect from which remote device(IP address)

I need to log all logs from the remote device in the below log file.

/var/log/routergateway.log

Can anyone give some idea?
Appreciate if someone can help on.
 
Old 01-24-2007, 07:49 AM   #4
macnanc
LQ Newbie
 
Registered: May 2002
Location: Ireland
Posts: 5

Rep: Reputation: 0
Try starting the syslogd server on the remote device with the "-r" option.
/sbin/syslogd -r

in your syslog.conf, put
*.* /var/log/routergateway.log
 
  


Reply

Tags
rsyslog, syslog



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
loging syslog messages to a Remote Server nevxille Linux - Newbie 1 10-18-2006 06:12 AM
Syslog to a Remote Server Antonius_Block Linux - Software 1 05-06-2006 03:29 AM
Guarddog logs in syslog short101 Linux - Security 3 01-06-2005 01:31 AM
logging to a remote syslog server is dropping packets draeician73 Linux - Security 1 10-20-2004 06:19 PM
Getting logs from a remote syslog ganninu Linux - Newbie 4 09-10-2003 09:05 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 09:23 PM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration