# man 5 rsyslog.conf --> manual pages for configurtion file
#
For ex:
debug , info , notice , warning (warn) , error (err) , alert , critical (crit) , emergency (emerg)
Action Field:- The action field showss where to send the log information. i.e. into the file or terminal or to the remote m/c.
#ls /var/log/ --> All logs by default are sent to files in this location. We can set that each copy of log should go to server m/c for monitoring
SET UP OF CENTRALISED LOG SERVER
######################################
################# Client side configuration #################
#vi /etc/rsyslog.conf
*.* @<ip of log server> --> Append this line below, it says any kind of log
should be redirected to the server so that it
maintain local and remote copy of log.
authpriv.* @<ip of log server> --> This would send logs to remote system's /var/log/secure file .
Note: '@' signifies UDP & '@@' signifies that server is receiving logs as TCP (at port 514)
#/etc/init.d/rsyslog restart --> to start the syslog service
#/etc/init.d/rsyslog restart --> to start the syslog service
No comments:
Post a Comment