Syslog-NG
log serverJuly 2007
Note | |
---|---|
ToDo: log over TCP instead of UDP, and encrypt communication between client and server (using a tunnel?) This document shows plain-text logging over UDP. While this is simple, it is hardly bandwidth-efficient, and certainly not secure. |
Syslog-NG
is an improvement upon syslog
with regard to configurability.
We followed the SysLog-NG Administrator Guide, in which syslog-ng
is documented well.
syslog-ng
server
Install syslog-ng
:
apt-get install syslog-ng
In /etc/syslog-ng/syslog-ng.conf.dist
, configure the server to listen to incoming logs:
source s_all { # message generated by Syslog-NG internal(); # standard Linux log source (this is the default place for the syslog() # function to send logs to) unix-stream("/dev/log"); # messages from the kernel file("/proc/kmsg" log_prefix("kernel: ")); # use the following line if you want to receive remote UDP logging messages # (this is equivalent to the "-r" syslogd flag) # enabled --JB 20070718 udp(); };
Restart the daemon:
/etc/init.d/syslog-ng restart
Now you can see the daemon listen on udp
port 514:
netstat -lpn|grep syslog
udp 0 0 0.0.0.0:514 0.0.0.0:* 2692/syslog-ng
unix 2 [ ACC ] STREAM LISTENING 7009 2692/syslog-ng /dev/log