How to setup SYSLOG server
 

Hi,

I have CentOS 5.6 installed in Server.My Network Team has asked me to install SYSLOG server for Fortiget Firewalls log.

Please suggest me.

Hello,

Your first starting point when looking for howtos and guides is the internet. If you ask Google you'll get the following list:
Google is your friend!

Another option you might look at and which has far more possibilities is syslog-ng (links to documentation here).

EDIT: Another link, just published today: http://www.thegeekstuff.com/2012/01/...ing/#more-9477

Kind regards,

Eric

Well, if you're running Linux, you already HAVE a syslog server. So, I'd suggest you just point your firewall logs to your CentOS server...that's it.

If you're looking for more granularity, install syslog-ng, and split the firewall logs to a separate file.

Tbone,

I configured Syslogs server .
1) From client linux System i am getting logs, but from firewall no threate is comming.
2) My self googling but no help .
3) Now i am going for sylog-ng.

Thanks.

No you didn't. It came already installed with CentOS
Did you check your firewall settings?? Is your Linux system allowing incoming connections from those addresses? Are you SURE your firewall is sending those events, since there are many levels of information syslogs can send? Do you have the firewall configured to SEND to the Linux box? Can you see any traffic between the two servers using Wireshark, or another sniffer?
...and unless you have traffic between the two boxes, allow incoming connections to the Linux box from the firewall device(s), or configure the firewall device(s) to SEND syslog events to a remote syslog server, it won't matter WHAT syslog engine you're running.

I am getting error while installing Syslog-ng.

rpm -i syslog-ng-2.0.3-1.el5.kb.i386.rpm
warning: syslog-ng-2.0.3-1.el5.kb.i386.rpm: Header V3 DSA signature: NOKEY, key ID 3e13cf5b
error: Failed dependencies:
libevtlog.so.0 is needed by syslog-ng-2.0.3-1.el5.kb.i386

As the error says - you have a missing dependency.

Install libevtlog0.

And by the way, why are you complicating your life? CentOS 5 has rsyslog in repos - why don't you just use supported rsyslog rather than hunting for unsupported syslog-ng's dependencies?

Hi All

used these rpm & configure you syslog-ng server without any error it's fully tested in rhel5 & centos5
rpm can used as per os architecture 64bit or 32bit
When i made syslog server
#yum groupinstall "Development Tools"
# rpm -ivh syslog-ng-3.1.2-1.rhel5.i386.rpm

or may be these can required
#yum groupinstall "Development Libraries"
# yum install lib* glib* pcre-devel

Uhh...why??

Just typing in "yum install syslog-ng" will get the dependencies it needs.

syslog-ng is not in CentOS repos. He would need to add a repository that contains it (EPEL maybe?). Rsyslog is supported in CentOS 5 so why not just use it.

Hi TB0ne,

it is a open-source pkg for making a log server which required some addition pkg

in syslog-ng required some addition rpm in my case i also see these problem #yum groupinstall "Development Tools" have resolve dependency error.

Syslog-ng 2.0 is totally different from syslog-ng 3.0 as per pkg & configuration so Development tool or "Development Libraries" may required when i tested in 2.0 it shown me some pkg error which resolve through #yum groupinstall "Development Tools" & also same done in 3.0

HI Klearview,

I am install rsylog server , but unable to configure as server.

Which syslog daemon you prefer might be a matter of taste (and I like syslog-ng). But instead of relying on an RPM being available somewhere, I find it easier to compile it on my own in case I need a newer/different version.

@ganesh24pal: what do you mean by “... configure as server.” You want to setup remote logging?

@reuti yes i want to how configure remote logging server via rsyslog.