HPE Community
Operating System - Linux
1819803 Members
2987 Online
109607 Solutions
New Discussion юеВ

Configure SLES9 as a central log host

 
Ryan Goh
Frequent Advisor

тАО12-21-2004 09:04 PM

тАО12-21-2004 09:04 PM

Configure SLES9 as a central log host

Hi all,

My company just bought one hp server installed with SLES 9. My boss ask me to configure this server based on requirement stated below:

1. Configure the syslog daemon to accept messages from other machines.
2. Configure the syslog daemon to write all messages concerning mail to /var/log/allmail. Mail messages must not be written anywhere else. Disable immediate file syncing after writing messages.
3. Configure the syslog daemon to write all kernel messages to /var/log/kernel. Kernel messages with priority equal or higher than "warning" have also to be written to console 10.
4. Configure the syslog daemon to write all messages other than mail and kernel messages to /var/log/allmessages.

I have difficuty on how to configure syslog.conf based on the requirement stated above, need your expertise to help me on the configuration of syslog.conf.

Thank you.
Ryan Goh

0 Kudos
13 REPLIES 13
Ivajlo Yanakiev
Respected Contributor

тАО12-21-2004 11:12 PM

тАО12-21-2004 11:12 PM

Re: Configure SLES9 as a central log host

use -r option for syslogd.
It will tell your syslogd to get all messege from network.
Also you need to change syslog.conf on all server that need to send syslog to main server.

by the way :)
Did you try to read man syslog , syslogd , syslog.conf
0 Kudos
Vitaly Karasik_1
Honored Contributor

тАО12-22-2004 01:57 AM

тАО12-22-2004 01:57 AM

Re: Configure SLES9 as a central log host

you can use the following resources for syslog/logrotate:

http://www.linuxjournal.com/article.php?sid=5476 syslog Configuration


http://www.precision-guesswork.com/sage-guide/syslog-overview.html syslog Overview

http://www.linux-mag.com/cgi-bin/printer.pl?issue=2000-09&article=guru Keeping Track of What Goes On

http://www.chinalinuxpub.com/doc/www.siliconvalleyccie.com/linux-hn/logging.htm
Troubleshooting Linux With Syslog [you can read here about logrotate too!]
0 Kudos
Ryan Goh
Frequent Advisor

тАО12-22-2004 03:59 PM

тАО12-22-2004 03:59 PM

Re: Configure SLES9 as a central log host

Hi,

I try "syslogd -r", get error message "syslogd: Already running". So, I type "/etc/init.d/syslog stop" follow by "syslogd -r". Is it correct.

Do I need to configure syslog.conf on central log host server with the requirement I stated, or only on other servers which send messages to the central log host server.

Regards,
Ryan Goh


0 Kudos
Ermin Borovac
Honored Contributor

тАО12-22-2004 04:54 PM

тАО12-22-2004 04:54 PM

Re: Configure SLES9 as a central log host

On the central syslog server add "-r" to SYSLOGD_PARAMS in /etc/sysconfig/syslog and restart syslog service

SYSLOGD_PARAMS="-r"

# /etc/init.d/syslog restart

On other machines add the following line to /etc/syslog.conf and restart syslog service.

*.debug @

You may want different logging level as *.debug will forward all syslog messages to central syslog server.
0 Kudos
Ivajlo Yanakiev
Respected Contributor

тАО12-22-2004 07:04 PM

тАО12-22-2004 07:04 PM

Re: Configure SLES9 as a central log host

my be it better to send *.* that mean
all msg.all services
0 Kudos
Ryan Goh
Frequent Advisor

тАО12-22-2004 09:43 PM

тАО12-22-2004 09:43 PM

Re: Configure SLES9 as a central log host

Hi All,

Anyone know how to configure the syslog daemon to write all kernel messages to /var/log/kernel. Kernel messages with priority equal or higher than "warning" have also to be written to console 10, how to write it in syslog.conf. If I want to send it console 10, is it correct wrote it as "/dev/console10 .

What is the diffrent between syslog.conf and syslog file?

Thank for the reply.

Ryan Goh
0 Kudos
Ivajlo Yanakiev
Respected Contributor

тАО12-22-2004 11:20 PM

тАО12-22-2004 11:20 PM

Re: Configure SLES9 as a central log host

syslog.conf is config file :)
You place your option for syslogd daemon

syslog file = /var/log/message this is text file that get all system messeges :)


You realy need some general reading for linux.

You can not use linux wihtout know basic :)
Sorry man.
If you want I can invite you to my Linux classes :)
0 Kudos
Ryan Goh
Frequent Advisor

тАО12-23-2004 01:13 AM

тАО12-23-2004 01:13 AM

Re: Configure SLES9 as a central log host

Thank very much for the help. I know I still need a lot of guidance, that why I post it to the forum.

What I mean is /etc/sysconfig/syslog file and /etc/syslog.conf file. I know syslog.conf, but not very sure about /etc/sysconfig/syslog file. What is the purpose of /etc/sysconfig/syslog file?

Regards,
Ryan Goh
0 Kudos
Vitaly Karasik_1
Honored Contributor

тАО12-23-2004 01:16 AM

тАО12-23-2004 01:16 AM

Re: Configure SLES9 as a central log host

/etc/sysconfig/syslog file - in many distros
contains command-line options for syslog daemon

/etc/syslog.conf - syslogd configuration

I suggest you to read one of articles I sent you.

Good luck!
Vitaly
0 Kudos
Ivajlo Yanakiev
Respected Contributor

тАО12-23-2004 01:37 AM

тАО12-23-2004 01:37 AM

Re: Configure SLES9 as a central log host

You ask for decision !

Did you read man page ?
Did you read some book or google about that.
Did you try to done this by your self ?
Did you ask frineds or support to help you ?

No :0


Take care
and
Merry Christmas
0 Kudos
Ryan Goh
Frequent Advisor

тАО12-28-2004 06:39 PM

тАО12-28-2004 06:39 PM

Re: Configure SLES9 as a central log host

I have configure my server, it seem work follow requirement. The settings I set as below. Correct me if I done wrongly.

1. Configure the syslog daemon to accept messages from other machines.

- Add -r option to SYSLOGD_PARAMS in syslog file.

2. Configure the syslog daemon to write all messages concerning mail to /var/log/allmail. Mail messages must not be written anywhere else. Disable immediate file syncing after writing messages.

- add "mail.* -/var/log/allmail" in syslog.conf

3. Configure the syslog daemon to write all kernel messages to /var/log/kernel. Kernel messages with priority equal or higher than "warning" have also to be written to console 10.

- add "kern.* /var/log/kernel" and "kern.warning /dev/tty10" in syslog.conf

4. Configure the syslog daemon to write all messages other than mail and kernel messages to /var/log/allmessages.

- add "*.*;mail.none;kern.none /var/log/allmessages" in syslog.conf


Full content of these two files.

syslog file content :

## Path: System/Logging
## Description: System logging
## Type: list(0,1,2,3,4,5,6,7)
## Default: 1
## Config: ""
## ServiceRestart: syslog
#
# Default loglevel for klogd
#
KERNEL_LOGLEVEL=1

## Type: string
## Default: ""
## Config: ""
## ServiceRestart: syslog
#
# if not empty: parameters for syslogd
# for example SYSLOGD_PARAMS="-r -s my.dom.ain"
#
SYSLOGD_PARAMS="-r"

## Type: string
## Default: -2
## Config: ""
## ServiceRestart: syslog
#
# if not empty: parameters for klogd
# for example KLOGD_PARAMS="-2" for clean oops lines
#
KLOGD_PARAMS="-2"

## Type: list(syslogd,syslog-ng)
## Default: syslogd
## Config: syslog-ng
## Command: /sbin/rcsyslog restart
## PreSaveCommand: /sbin/rcsyslog status && /sbin/rcsyslog stop
#
# The name of the syslog daemon used as
# syslog service: "syslogd", "syslog-ng"
#
SYSLOG_DAEMON="syslogd"

## Type: string
## Default: "/var/lib/ntp/dev/log"
## ServiceRestart: syslog
## Config: syslog-ng
#
# The filename mentioned here will be added with the "-a ..." option as
# additional socket via SYSLOGD_PARAMS when syslogd is started.
#
# This additional socket is needed in case that syslogd is restarted. Otherwise
# a chrooted 'ntpd' won't be able to continue logging.
#
SYSLOGD_ADDITIONAL_SOCKET_NTP="/var/lib/ntp/dev/log"


syslog.conf file content :

# /etc/syslog.conf - Configuration file for syslogd(8)
#
# For info about the format of this file, see "man syslog.conf".
#
mail.* -/var/log/allmail

kern.* /var/log/kernel
kern.warning /dev/tty10

*.*;mail.none;kern.none /var/log/allmessages

Thank again for the web links and solution you reply. It help a lot.

Regards,
Ryan Goh

0 Kudos
Ryan Goh
Frequent Advisor

тАО12-30-2004 10:49 PM

тАО12-30-2004 10:49 PM

Re: Configure SLES9 as a central log host

Thank all.
0 Kudos
Ryan Goh
Frequent Advisor

тАО08-04-2006 06:34 PM

тАО08-04-2006 06:34 PM

Re: Configure SLES9 as a central log host

tahnks
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.