Configuring a Syslog or Rsyslog Module

Firmware for Syslog: CentOS 5.5, FreeBSD 8, NetBSD 5.0.2, Open BSD 4.7, Solaris 10, HP-UX, Mandriva 10.1, Slackware 13.1

Firmware for Rsyslog: Debian 5, Ubuntu 10, Fedora 13

Collector: Network Collector - Syslog

To configure a Syslog or Rsyslog module to send log messages to TLC:

Open the hosts file (/etc/hosts) and add the following line:

<host_ip><tab><host_name><tab><host_alias>

Where:

<host_ip> is the IP address of the syslog host system,

<tab> is a tab space,

<host_name> is the name of the host system, and

<host_alias> is an alias for the host system of your choosing.

Save and close the hosts file, and open the configuration file (/etc/syslog.conf or /etc/rsyslog.conf).

In the configuration file, add the following line:

Where:

<facility> is one of the following keywords: auth, authpriv, cron, daemon, kern, lpr, mail, mark, news, security (same as auth), syslog, user, uucp and local0 through local7.

<severity> is one of the following keywords: debug, info, notice, warn (or warning), err (or error), crit, alert, emerg (or panic).

<location> is a local logging file or a remote machine to which the log messages will be forwarded.

To save all log messages in a local logging file, enter the following value as the <location>:

/<full_path_to_file>

Tip	To prevent synchronization of the logging file after each log event, you can format this entry as follows: -/<full_path_to_file> While you may lose some data if the system crashes after a write attempt, the absence of synchronization should improve performance, especially if your programs use logging in a verbose manner.

Tip

To prevent synchronization of the logging file after each log event, you can format this entry as follows:

-/<full_path_to_file>

While you may lose some data if the system crashes after a write attempt, the absence of synchronization should improve performance, especially if your programs use logging in a verbose manner.

To forward all log messages to a remote machine, enter the following value:

*.* @<remote_machine>

Where:

The first * is a wildcard for <facility>.

The second * is a wildcard for the <severity>.

<remote_machine> is the machine's host name or IP address.

Tip	On an IBM AIX system, you must specify the <severity> rather than entering an * as a wildcard. For example: *.debug @TLCServer.company.com

Tip

On an IBM AIX system, you must specify the <severity> rather than entering an * as a wildcard. For example:

*.debug @TLCServer.company.com

To re-start syslogd, enter one of the following commands.

For Syslog, enter:

“kill –HUP `cat /var/run/syslogd.pid`”

For Rsyslog, enter:

“kill –HUP `cat /var/run/rsyslogd.pid`”

Next	If you are performing initial configuration of your TLC environment, see Configuring your TLC Environment. Otherwise, see Adding a Monitored Asset for a new Log Source.

Next

If you are performing initial configuration of your TLC environment, see Configuring your TLC Environment.

Otherwise, see Adding a Monitored Asset for a new Log Source.