Configure SLES9 Server as a central log host

gcw123 · 12-22-2004, 07:17 AM

Hi all,

My company just bought one hp server installed with SLES 9. My boss ask me to configure this server based on requirement stated below:

1. Configure the syslog daemon to accept messages from other machines.
2. Configure the syslog daemon to write all messages concerning mail to /var/log/allmail. Mail messages must not be written anywhere else. Disable immediate file syncing after writing messages.
3. Configure the syslog daemon to write all kernel messages to /var/log/kernel. Kernel messages with priority equal or higher than "warning" have also to be written to console 10.
4. Configure the syslog daemon to write all messages other than mail and kernel messages to /var/log/allmessages.

I have difficuty on how to configure syslog.conf based on the requirement stated above, need your expertise to help me on the configuration of syslog.conf.

Thank you.
Ryan Goh

iluvatar · 12-23-2004, 09:32 AM

"man syslog.conf" may be of great help

I can give you this (from the man page):

1) on the server, start syslog with the -r option to accept network log messages
2) put this in syslog.conf (on the server)
mail.* /var/adm/mail
3) all kernel messages to a file:
kern.* /var/log/kernel
all kernel message with higher priority than 'warning' go to console 10:
kern.warn /dev/tty10
4) log all other messages:
*.=debug;mail.none;kern.none /var/log/allmessages

on the logclient machines, put this in the syslog.conf:
*.* @<log server>
this will redirect all messages to the server

note on my reply: I have not tested this, but got this from 'man syslog.conf' man page. you should really read it to get the complete possibilities.

greetz,
.-=~ iluvatar ~=-.

gcw123 · 12-26-2004, 02:14 AM

Thank for your reply. I will try it out.

Merry Crismas

Regards,Ryan Goh

gcw123 · 12-29-2004, 05:54 AM

I have configure my server, it seem work follow requirement. The settings I set as below. Correct me if I done wrongly.

1. Configure the syslog daemon to accept messages from other machines.

- Add -r option to SYSLOGD_PARAMS in syslog file.

2. Configure the syslog daemon to write all messages concerning mail to /var/log/allmail. Mail messages must not be written anywhere else. Disable immediate file syncing after writing messages.

- add "mail.* -/var/log/allmail" in syslog.conf

3. Configure the syslog daemon to write all kernel messages to /var/log/kernel. Kernel messages with priority equal or higher than "warning" have also to be written to console 10.

- add "kern.* /var/log/kernel" and "kern.warning /dev/tty10" in syslog.conf

4. Configure the syslog daemon to write all messages other than mail and kernel messages to /var/log/allmessages.

- add "*.*;mail.none;kern.none /var/log/allmessages" in syslog.conf

Full content of these two files.

syslog file content :

## Path: System/Logging
## Description: System logging
## Type: list(0,1,2,3,4,5,6,7)
## Default: 1
## Config: ""
## ServiceRestart: syslog
#
# Default loglevel for klogd
#
KERNEL_LOGLEVEL=1

## Type: string
## Default: ""
## Config: ""
## ServiceRestart: syslog
#
# if not empty: parameters for syslogd
# for example SYSLOGD_PARAMS="-r -s my.dom.ain"
#
SYSLOGD_PARAMS="-r"

## Type: string
## Default: -2
## Config: ""
## ServiceRestart: syslog
#
# if not empty: parameters for klogd
# for example KLOGD_PARAMS="-2" for clean oops lines
#
KLOGD_PARAMS="-2"

## Type: list(syslogd,syslog-ng)
## Default: syslogd
## Config: syslog-ng
## Command: /sbin/rcsyslog restart
## PreSaveCommand: /sbin/rcsyslog status && /sbin/rcsyslog stop
#
# The name of the syslog daemon used as
# syslog service: "syslogd", "syslog-ng"
#
SYSLOG_DAEMON="syslogd"

## Type: string
## Default: "/var/lib/ntp/dev/log"
## ServiceRestart: syslog
## Config: syslog-ng
#
# The filename mentioned here will be added with the "-a ..." option as
# additional socket via SYSLOGD_PARAMS when syslogd is started.
#
# This additional socket is needed in case that syslogd is restarted. Otherwise
# a chrooted 'ntpd' won't be able to continue logging.
#
SYSLOGD_ADDITIONAL_SOCKET_NTP="/var/lib/ntp/dev/log"

syslog.conf file content :

# /etc/syslog.conf - Configuration file for syslogd(8)
#
# For info about the format of this file, see "man syslog.conf".
#
mail.* -/var/log/allmail

kern.* /var/log/kernel
kern.warning /dev/tty10

*.*;mail.none;kern.none /var/log/allmessages

Regards
Ryan Goh

iluvatar · 12-29-2004, 07:31 AM

but don't forget to configure the client machines as well

there's only one way to find out... boot a computer on the network and check if you get syslog messages. they should appear with an IP address or DNS name in your log file on the server. to be sure create some mail log and kernel message too....

greetz,
.-=~ iluvatar ~=-.