LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Software (https://www.linuxquestions.org/questions/linux-software-2/)
-   -   secure log file entries not appearing in loganalyzer (https://www.linuxquestions.org/questions/linux-software-2/secure-log-file-entries-not-appearing-in-loganalyzer-836181/)

kaplan71 10-04-2010 06:36 PM

secure log file entries not appearing in loganalyzer
 
Hi there --

I am testing LogAnalyzer 3.0, with several Linux servers configured to send their log files to the central server. All Linux servers use syslog as the daemon of choice.

While it does appear that LogAnalyzer to be working somewhat, I noticed that a particular log file present on all servers, secure, does not have any entries appearing at the central server. The configuration of the secure file, via the /etc/syslog.conf file, on all servers is shown below:

Code:

# The authpriv file has restricted access.
authpriv.*                                              /var/log/secure

Do I need to make any additional modifications to the syslog.conf or any other file? Thanks.

unSpawn 10-04-2010 07:00 PM

Unless this line is preceded by one sending this specific facility / priority pair (or everything) to your remote server it's only sending them to a file?

kaplan71 10-04-2010 08:11 PM

Hi there --

Thanks for your reply. If I understand you correctly, should the syntax be as follows:

Code:

*.*                                                    @<ip address>
# The authpriv file has restricted access.
authpriv.*                                              /var/log/secure

I do have the line:

Code:

*.*                                                    @<ip address>
already at the beginning of the file so shouldn't that be enough?

unSpawn 10-05-2010 02:02 PM

Yes it should. Can you confirm that if you use Mike Hammers famous 'logger -p authpriv.emerg -t test "Trust me, I know what I'm doing."' quote on one of the clients this message at least gets sent and received using tcpdump to capture packets on both client and server?

kaplan71 10-05-2010 02:52 PM

Hi there --

I ran the logger command with the 'recommended' syntax, and while the message did appear on-screen, there was no reference to in any log file on the client, nor did it appear on the central log server.

The entries from the /var/log/messages file do make it to the central server, but so far those are the only ones that do make it.


All times are GMT -5. The time now is 11:49 AM.