Firmware for Syslog: CentOS 5.5, FreeBSD 8, NetBSD 5.0.2, Open BSD 4.7, Solaris 10, HP-UX, Mandriva 10.1, Slackware 13.1
Firmware for Rsyslog: Debian 5, Ubuntu 10, Fedora 13
Collector: Network Collector - Syslog
To configure a Syslog or Rsyslog module to send log messages to TLC:
1. | Open the hosts file (/etc/hosts) and add the following line: |
<host_ip><tab><host_name><tab><host_alias>
Where:
<host_ip> is the IP address of the syslog host system,
<tab> is a tab space,
<host_name> is the name of the host system, and
<host_alias> is an alias for the host system of your choosing.
2. | Save and close the hosts file, and open the configuration file (/etc/syslog.conf or /etc/rsyslog.conf). |
3. | In the configuration file, add the following line: |
<facility>.<severity>.<location>
Where:
<facility> is one of the following keywords: auth, authpriv, cron, daemon, kern, lpr, mail, mark, news, security (same as auth), syslog, user, uucp and local0 through local7.
<severity> is one of the following keywords: debug, info, notice, warn (or warning), err (or error), crit, alert, emerg (or panic).
<location> is a local logging file or a remote machine to which the log messages will be forwarded.
To save all log messages in a local logging file, enter the following value as the <location>:
/<full_path_to_file>
Tip |
To prevent synchronization of the logging file after each log event, you can format this entry as follows: -/<full_path_to_file> While you may lose some data if the system crashes after a write attempt, the absence of synchronization should improve performance, especially if your programs use logging in a verbose manner. |
---|
To forward all log messages to a remote machine, enter the following value:
*.* @<remote_machine>
Where:
The first * is a wildcard for <facility>.
The second * is a wildcard for the <severity>.
<remote_machine> is the machine's host name or IP address.
Tip |
On an IBM AIX system, you must specify the <severity> rather than entering an * as a wildcard. For example: *.debug @TLCServer.company.com |
---|
4. | To re-start syslogd, enter one of the following commands. |
For Syslog, enter:
“kill –HUP `cat /var/run/syslogd.pid`”
For Rsyslog, enter:
“kill –HUP `cat /var/run/rsyslogd.pid`”
Next |
If you are performing initial configuration of your TLC environment, see Configuring your TLC Environment. Otherwise, see Adding a Monitored Asset for a new Log Source. |
---|