I'm guessing its possible but I can't seem to find any documentation on how to do this.I've tried playing with entries at the top of my syslog.conf file like:
*.* @172.20.10.1 # 1 server, works file
*.* @172.20.10.1,172.20.20.11 # doesn't work
*.* @172.20.10.1 172.20.20.11 # nor this
*.* @172.20.10.1,@172.20.20.11 # nor this
*.* @172.20.10.1 @172.20.20.11 # nor this
turn up the level of logging that my DHCP Server is writing to SYSLOG?I can't seem to find a syslog.conf file to edit.
View 1 Replies View RelatedI'm having trouble getting my pix firewall to log to syslog server. Here are the steps I took:
1) Added the following line to /etc/sysconfig/syslog:
SYSLOG_OPTIONS "-m 0 -r514"
**for some reason, without the 514, syslog doesn't listen
[code]....
I wish to prevent the samba messages (mainly nmbd and winbindd) from appearing in the system log (/var/log/messages). I want to allow samba logging to the standard samba logfiles, but prevent the syslog getting clogged up by samba. I added syslog = 0 to smb.conf and reloaded the config but the messages were still appearing. I also tried the following (and restarted the syslog via /sbin/service syslog restart) # Suppress messages from samba.
nmbd.* /dev/null
smbd.* /dev/null
winbindd.* /dev/null
For interests sake the messages I'm getting are below (I'm not concerned about the messages themselves, I can chase them up at my leisure via the samba logs) Mar 18 09:58:29 SERVER nmbd[3808]: query_name_response: Multiple (2) responses received for a query on subnet xx.yy.z.zz for name DOMAIN<1d>. Mar 18 09:58:29 SERVER nmbd[3808]: This response was from IP xx.yy.z.zz, reporting an IP address of xx.yy.z.zz.
Im stuck on why iptables wont log to syslog.Syslog is working fine and log every other event on the server.Here is my Configs:
/etc/syslog.conf
Code:
*.* /var/log/iptables
[code]...
There was an useful discussion on "how to stop logging cron to syslog". The useful answer is to update the line targeting syslog in /etc/syslog.conf to say something like:
Code:
*.*;auth,authpriv.none,mail.none,cron.none -/var/log/syslog
the significant part being that cron.none means that cron will not log to syslog.
There was discussion about whether this was a good thing to do, but omitted to suggest that adding/ uncommenting the following line would mean that no information would be lost but that syslog would be less cluttered as a source of monitoring info:
Code:
cron.* -/var/log/cron.log
You've still got all your cron-related log items available in cron.log if and when you need them. To make the new /etc/syslog.conf lines effective you should also, with root privileges:
Code:
touch /var/log/cron.log
chown syslog:adm /var/log/cron.log
and restart syslog. In my case:
Code:
/etc/init.d/sysklogd restart
I'm looking into setting up logging for Samba that logs every file downloaded, uploaded, renamed, deleted, etc, etc. It's currently working, but I'm trying to get it to output to /var/log/samba/audit.log and it's still outputtin Here are my current settings:
[Code]...
I am facing a problem while trying to log SSH messages in a separate file, say, /var/log/ssh_logs. I have tried modifying the syslog-ng.conf file as follows:
filter f_ssh { facility(auth, authpriv) and match("sshd[[0-9]+]:"); };
destination d_ssh { file ("/var/logs/sshd_logs"); };
log {
[code]....
But still I am not able to get the ssh logs in the new file. They continue to go to /var/log/auth.
For remote syslog logging of the general log files, I set:
Quote:
How do I setup the remote syslog logging of apache logs? Do I just add a line in the httpd.conf file to for example ?:
Quote:
How do clients handle offline syslog servers?Will the log files be buffered locally to be sent to the syslog server when it comes back online, or will any log data generated during downtime be lost in cyber space?
View 1 Replies View RelatedI am looking for an open source syslog server which accumulate the each and every log of Windows, Solaris, Linux and network devices. Currently I am using Syslog-ng which is not fulfiling my requirement in Windows clients, as I need the logs of every action which user performed after logon.
View 2 Replies View RelatedIs there an easy way to prevent the logging of commands run into syslog as post-shell expansion?
I.e log a command of "ls *.log" as just that, rather than "ls a.log b.log c.log d.log" It makes rather a mess of the log files.
I have recently configured sshd_config to have chrooted SFTP service. I'm using SFTP internal-sftp config. However now I have to figure out how to log file transfers happening using the SFTP service. I'm using the Ubuntu Server 10.04 (64bit)
View 3 Replies View RelatedI'm in charge of a church computer lab which is open to children ages 6 to 16 for about 3 hours a week. We try to have adult supervision but don't have 100% coverage.
The lab has a maximum of 8 computers, a mixture of MACs, Windows XP, and Linux machines, depending on their state of repair.
The church's current internet connection is Verizon residential speed DSL to a 4 port wired plus wireless router in a locked office which also houses our Windows XP office computer and is adjacent to our locked pastor's office.
Internet access for the lab is by a single CAT5 cable passing through a small hole in a wall to a network switch on the other side. All of the lab computers are connected to the switch by CAT5 cable.
I would like to add a server in the locked office to log internet usage and block access to certain websites as needed. I think logging internet activity will be a good antidote in case one of the older ones wants to try to get sneaky and cover their tracks.
I envision building a computer from donated parts, including 2 NICs.
I have never done things from the server end, but think the server edition of Ubuntu would be a good starting point.
My goal is to be able to manage internet access with an easy to use GUI system so I could teach the basics to a couple of youth leaders to use it when I'm not there.
I wanted to make a SysLog Server in Ubuntu 10.04 Desktop to collect the startup log of all the workstation inside the local area network,which should have a similar functionality to this guide here:Debian Syslog Server..However, when editing the sysklogd, i noticed it was empty and does not have any default values, along with the /etc/syslog.conf, which does not also exist.
View 2 Replies View RelatedIve been asked by my boss to set up a ubuntu machine that will be used as a syslog server. He wants a GUI as a posed to a CLI. He would also perfer to have it non web based. We already have cati installed but he is not keen on the syslog side of that. Does anyone know of any other syslog programs?
View 1 Replies View RelatedOn this Ubuntu 8.04.4 LTS server, I want to log the messages from a Linksys router. So I made this change to "/etc/init.d/sysklogd" SYSLOGD="-r" Then in "/etc/syslog.conf" I added the following to the top of the file: Code: if $fromhost isequal 'Linksys' then /var/log/Linksys.log & ~
Then I rebooted the server. But there is no "/var/log/Linksys.log" file.
When building 8.04 servers, I reconfigure snmpd's logging options to prevent copious low priority messages being logged whenever our network management workstation polls them. I edit /etc/default/snmpd and change line 11 from:
Code:
SNMPDOPTS='-Lsd -Lf /dev/null ...'
to:
[code]....
I wish it was under better circumstances...very morning at 6:25am syslog-ng stops logging, right after it attempts to log rotate. its odd... the daemon doesnt die... it gets a new PID, but doesnt write the output to /var/log/syslog.Yet if I manually restart or reload syslog-ng it works great... its just like it doesnt like the logrotate...I have googled around and tried a few things...first I changed the postrotate in the logrotate.d/syslog-ng
--------/etc/logrotate.d/syslog-ng---------
/var/log/syslog {
rotate 7
[code]....
Is there a way to force the syslog ie /var/log/messages to restart at say 1:00 am instead of 7:55 or so each morning?
View 4 Replies View RelatedCurrently Im having a syslog server that consolidate firewall logs on port 514 udp. Im also having a IDS device that I wish to push its logs to this particular syslog server so that I can retrieve my IDS logs on this server as well.
Is it possible to do so?Having syslog listening on port 514 for both firewall and IDS logs? If it is possible will the logs be recorded in a single log file?Or will it be recorded in a separate log file ie. firewall.log, IDS.log etc?? I wish to have them in separate individual log files or else there will be hard time segregating the log entries in a single file. Can anyone advice on how to achieve this??
I'm running a syslog server on ubuntu 7.04. Can I somehow have it email me if it finds a certain thing in the log? For example. I'm running a PRI and when the PRI goes down, it logs a "DEACTIVED" in the log. I would like an email telling me this so I know to get on it and fix it.
View 9 Replies View RelatedI recently upgraded a Ubuntu server from version 8.04 to 10.04 and after a reboot the webmin and syslog-ng server do not start at boot anymore. I can start them manually by doing /etc/init.d/webmin start and /etc/init.d/syslong-ng start and everything works fine until I root again. Granted this machine is rarely rebooted but when it is, I don't want to have to remember to start these services. I have tried a full removal of syslog-ng and reinstall but to no avail. The entries are in the rc directories like they should and the links are valid.
View 1 Replies View RelatedI am running a headless Ubuntu 10.04 server with the 2.6.32-28-generic kernel. For what I can figure out no single direct cause I get a high load average and the following syslog output at random intervals. Generally the load average will drop back down to normal however the kernel errors will still continue What little I have been able to find has pointed to memory issues. I am not totaly convinced this is the cause as the server will be showing >50% free when the errors are happening.
[code]...
I guess with major changes to syslog-ng, php-syslog going to licensing cost, and major overhaul to the syslog plugin with cacti - alot of documention was either disjointed, outdated or I just couldn't find it.this was performed on an 11.04 Ubuntu Server tall. I already had Cacti up and running and just needed to make it also a syslog collector.This guide assumes you already have mysql running, and cacti is already in place. If something looks wrong - please correct me. I am doing this from memory - trying to remember what all I had to do, and not a super admin.Required ubuntu install packages:libdbd-mysql syslog-ngcacti install packages:[URL]
Stop syslog-ng if you want. Changes should not take effect until you restart it.Should save the default syslog-ng configuration if you want to be safe. Below is the absolute minimum you need to get this working.Configuration on ubuntu is location in /etc/syslog/syslog-ng.conf Also make sure you fill in the proper username and password for mysql.
Code:
@version: 3.1
#Bare minimum syslog-ng configuration
[code]....
trying to replace syslog with syslog-ng. When I:
yum erase syslog,
wants to remove everything else that (presumably) has syslog as a dependency. how do I replace the dependency on syslog with a dependency on syslog-ng?
How to set up syslog server on Fedora 10 Linux server ?
View 1 Replies View RelatedIm trying to get syslog-ng to log ssh stuff to a own file (later i want it to be forwarded to a other server but thats a later problem.
The thing is that if i restart my syslog-ng server and login with ssh, it logs it. but when i login again it dont. But if i restart the syslog-ng daemon again it logs again, but only once.
Here is my config.
Code:
I noticed in my system that my root partition is getting full. I found a lot of old compacted syslogfiles. Had a look at etc/sysconfig editor eg cron but could not find a setting which allows to delete files older than a month. Where and how could I influence this ? I deleted manually all syslog files older than a month. Approx 6GB
View 9 Replies View RelatedI tried to install Syslog-ng-3.2.4 in Centos 5.6,when i need to start the deamon syslog-ng =>Failure and i have this message:
Code: [root@RelaisXXX etc]# service syslog-ng start Starting syslog-ng: Your configuration file uses an obsoleted keyword, please up Your configuration file uses an obsoleted keyword, please update your configurat
Error creating persistent state file; filename='/usr/local/var/syslog-ng.persist Starting Kernel Logger [FAILED]: