Features:
1. Handles logging
2. Unix Domain Sockets (/dev/log)
3. Internet Sockets (UDP:514)
4. Ability to log to local and remote targets
Implented as 'sysklogd' package
Primary configuration file: /etc/syslog.conf
Standard syslog.conf file contains:
1. Rules
a.facilities -> applications/daemons/network device/etc.
b. levels -> Importance of message
Range: 0-7
7 = emergency (less information)
6 = alert
5 = critical
4 = error
3 = warning
2 = notice
1 = info
0 = debug (more information)
2. Targets
a. file - /var/log/messages
b. tty - /dev/console
c. remote hosts - @IP_ADDR_of_REMOTE_HOST
'*' = catchall/wildcard to mean any facility or level
'.none' = exclusion rule
'man syslog.conf' to learn about the support facilities.levels
Task:
1. Enable UDP logging for remote Cisco gateway (192.168.75.1)
a. netstat -nul | grep 514 - reveals UDP:514 listener
b. nano /etc/sysconfig/syslog
b1. 'SYSLOGD_OPTIONS="-r"'
c. restart syslog and confirm UDP:514 listener
c1. confirm using 'netstat -nul | grep 514'
d. Configure the router using facility 'local0' and level 'info'
e. configure /etc/syslog.conf to accept 'local0.info'
f. restart or reload 'syslog'
Showing posts with label SysLogD. Show all posts
Showing posts with label SysLogD. Show all posts
Saturday, August 13, 2011
Subscribe to:
Posts (Atom)