Configure a RHEL MDS as a syslogd loghost (syslog collection server)
1. This logs all the logs from any number of external hosts to the /var/log/messages and other logs.
2. Edit /etc/sysconfig/syslog. Add “-r” to the SYSLOGD_OPTIONS line:
SYSLOGD_OPTIONS="-m 0 -r"
Restart syslogd with:
/usr/bin/sudo /sbin/service syslog restart
(note that the service is ‘syslog’ and not ‘syslogd’)
3. Verify that syslogd is listening on port 514 using netstat:
$ sudo netstat –anp | grep 514 udp 0 0 0.0.0.0:514 0.0.0.0:* 5332/syslogd
4. Change another host to use the syslogd host. On another Linux box the format is in /etc/syslog.conf is something like:
where logs.company.com is the machine you just set up to listen to syslog messages.
You’ll need to restart that host’s syslog to make the change. If you “tail –f /var/log/messages” on the log host you should be able to use /usr/bin/logger on the client host to make messages appear.
$ logger hey
$ sudo tail -f /var/log/messages … Jan 13 15:33:37 clienthost plankers: hey
Keep in mind that syslog will sort messages into the categories it already has defined in /etc/syslog.conf. So if you send mail log data (mail.*) they’ll end up in /var/log/maillog by default.
5. You may wish to change your log rotation schedule to prevent large files. You can do this in /etc/logrotate.conf.
6. Searching, etc. can be done with standard UNIX tools like grep, tail, less, etc. in /var/log.