Difference between revisions of "Syslog"
m |
Unnilennium (talk | contribs) |
||
(8 intermediate revisions by 5 users not shown) | |||
Line 1: | Line 1: | ||
− | ==SME Server as SYSLOG server== | + | ==Syslog== |
+ | ===SME 8.0 Server as SYSLOG server=== | ||
If you have network devices or appliances that can log to '''SYSLOG''', the following mini '''Howto''' shows how you can enable your SME Server to capture the '''SYSLOG''' messages and record them in your messages log. | If you have network devices or appliances that can log to '''SYSLOG''', the following mini '''Howto''' shows how you can enable your SME Server to capture the '''SYSLOG''' messages and record them in your messages log. | ||
Line 7: | Line 8: | ||
First create a custom template directory as follows: | First create a custom template directory as follows: | ||
− | + | mkdir -p /etc/e-smith/templates-custom/etc/sysconfig/syslog | |
− | + | cd /etc/e-smith/templates-custom/etc/sysconfig/syslog | |
Using for favourite editor, create the file '''90AllowRemoteSyslog''' and add | Using for favourite editor, create the file '''90AllowRemoteSyslog''' and add | ||
the following lines: | the following lines: | ||
− | + | # Enable the syslog to capture remote messages from the network | |
− | + | SYSLOGD_OPTIONS="$SYSLOGD_OPTIONS -r" | |
Now expand the template and restart the '''SYSLOG''' service. | Now expand the template and restart the '''SYSLOG''' service. | ||
− | + | expand-template /etc/sysconfig/syslog | |
− | + | service syslog restart | |
You can now use: | You can now use: | ||
− | + | tail -f /var/log/messages | |
to view new entries being added to your messages log and see if the '''SYSLOG''' entries of your network device or appliance are showing up. | to view new entries being added to your messages log and see if the '''SYSLOG''' entries of your network device or appliance are showing up. | ||
+ | ==== Adding a SYSLOG facility and receive WINDOWS event logs ==== | ||
+ | |||
+ | |||
+ | create the desired log file: | ||
+ | touch /var/log/windows | ||
+ | |||
+ | in /etc/e-smith/templates-custom/etc/syslog.conf/00filenames | ||
+ | add a row | ||
+ | $windows = "/var/log/windows"; | ||
+ | |||
+ | pay attention to leave the | ||
+ | ""; | ||
+ | on the last line! | ||
+ | |||
+ | in /etc/e-smith/templates-custom/etc/syslog.conf/local4 (o one of the other local if they are in use already) | ||
+ | |||
+ | change | ||
+ | local4.* -{ "${messages}" } | ||
+ | in | ||
+ | local4.* -{ "${windows}" } | ||
+ | |||
+ | expand templates | ||
+ | expand-template /etc/sysconfig/syslog; | ||
+ | expand-template /etc/syslog.conf | ||
+ | |||
+ | restart syslog | ||
+ | service syslog restart | ||
+ | |||
+ | to redirect (in copy) the windows logs, I used http://code.google.com/p/eventlog-to-syslog/ | ||
+ | |||
+ | copy evtsys.dll and evtsys.exe to c:\windows\system32 and execute | ||
+ | evtsys.exe -i -h YOURSMESERVERIP -f local4 | ||
+ | and then | ||
+ | net start evtsys | ||
+ | |||
+ | ===SME 9.0 Server as SYSLOG server=== | ||
+ | |||
+ | If you have network devices or appliances that can log to '''SYSLOG''', the following mini '''Howto''' shows how you can enable your SME Server to capture the '''SYSLOG''' messages and record them in your messages log. | ||
+ | |||
+ | You need to be root (su -) to do the following installation actions. | ||
+ | |||
+ | First create a custom template directory as follows: | ||
+ | |||
+ | mkdir -p /etc/e-smith/templates-custom/etc/sysconfig/rsyslog | ||
+ | cd /etc/e-smith/templates-custom/etc/sysconfig/rsyslog | ||
+ | |||
+ | Using for favourite editor, create the file '''90AllowRemoteSyslog''' and add | ||
+ | the following lines: | ||
+ | |||
+ | # Enable the syslog to capture remote messages from the network | ||
+ | SYSLOGD_OPTIONS="-r514 -m 0" | ||
+ | |||
+ | Now expand the template and restart the '''SYSLOG''' service. | ||
+ | |||
+ | expand-template /etc/sysconfig/rsyslog | ||
+ | service rsyslog restart | ||
+ | |||
+ | You can now use: | ||
+ | |||
+ | tail -f /var/log/messages | ||
+ | |||
+ | to view new entries being added to your messages log and see if the '''SYSLOG''' entries of your network device or appliance are showing up. | ||
+ | |||
+ | ===SME 9.0 Server redirect to another syslog file=== | ||
+ | |||
+ | mkdir -p /etc/e-smith/templates-custom/etc/sysconfig/rsyslog | ||
+ | vim /etc/e-smith/templates-custom/etc/sysconfig/rsyslog/10perso | ||
+ | |||
+ | add this | ||
+ | if $programname == 'grandstream' then /var/log/grandstream/grandstream.log | ||
+ | & stop | ||
+ | then | ||
+ | |||
+ | mkdir /var/log/grandstream | ||
+ | touch /var/log/grandstream/grandstream.log | ||
+ | expand-template /etc/sysconfig/rsyslog | ||
+ | service rsyslog restart | ||
+ | |||
+ | |||
+ | |||
+ | also rotate it | ||
+ | vim /etc/logrotate.d/grandstream | ||
+ | |||
+ | /var/log/grandstream/*.log { | ||
+ | weekly | ||
+ | rotate 5 | ||
+ | compress | ||
+ | notifempty | ||
+ | missingok | ||
+ | nocreate | ||
+ | sharedscripts | ||
+ | endscript | ||
+ | } | ||
+ | |||
+ | |||
+ | |||
+ | |||
+ | ---- | ||
---- | ---- | ||
[[Category:Howto]] | [[Category:Howto]] | ||
[[Category:Administration:Monitoring]] | [[Category:Administration:Monitoring]] |
Latest revision as of 22:57, 12 June 2017
Syslog
SME 8.0 Server as SYSLOG server
If you have network devices or appliances that can log to SYSLOG, the following mini Howto shows how you can enable your SME Server to capture the SYSLOG messages and record them in your messages log.
You need to be root (su -) to do the following installation actions.
First create a custom template directory as follows:
mkdir -p /etc/e-smith/templates-custom/etc/sysconfig/syslog cd /etc/e-smith/templates-custom/etc/sysconfig/syslog
Using for favourite editor, create the file 90AllowRemoteSyslog and add the following lines:
# Enable the syslog to capture remote messages from the network SYSLOGD_OPTIONS="$SYSLOGD_OPTIONS -r"
Now expand the template and restart the SYSLOG service.
expand-template /etc/sysconfig/syslog service syslog restart
You can now use:
tail -f /var/log/messages
to view new entries being added to your messages log and see if the SYSLOG entries of your network device or appliance are showing up.
Adding a SYSLOG facility and receive WINDOWS event logs
create the desired log file:
touch /var/log/windows
in /etc/e-smith/templates-custom/etc/syslog.conf/00filenames add a row
$windows = "/var/log/windows";
pay attention to leave the
"";
on the last line!
in /etc/e-smith/templates-custom/etc/syslog.conf/local4 (o one of the other local if they are in use already)
change
local4.* -{ "${messages}" }
in
local4.* -{ "${windows}" }
expand templates
expand-template /etc/sysconfig/syslog; expand-template /etc/syslog.conf
restart syslog
service syslog restart
to redirect (in copy) the windows logs, I used http://code.google.com/p/eventlog-to-syslog/
copy evtsys.dll and evtsys.exe to c:\windows\system32 and execute
evtsys.exe -i -h YOURSMESERVERIP -f local4
and then
net start evtsys
SME 9.0 Server as SYSLOG server
If you have network devices or appliances that can log to SYSLOG, the following mini Howto shows how you can enable your SME Server to capture the SYSLOG messages and record them in your messages log.
You need to be root (su -) to do the following installation actions.
First create a custom template directory as follows:
mkdir -p /etc/e-smith/templates-custom/etc/sysconfig/rsyslog cd /etc/e-smith/templates-custom/etc/sysconfig/rsyslog
Using for favourite editor, create the file 90AllowRemoteSyslog and add the following lines:
# Enable the syslog to capture remote messages from the network SYSLOGD_OPTIONS="-r514 -m 0"
Now expand the template and restart the SYSLOG service.
expand-template /etc/sysconfig/rsyslog service rsyslog restart
You can now use:
tail -f /var/log/messages
to view new entries being added to your messages log and see if the SYSLOG entries of your network device or appliance are showing up.
SME 9.0 Server redirect to another syslog file
mkdir -p /etc/e-smith/templates-custom/etc/sysconfig/rsyslog vim /etc/e-smith/templates-custom/etc/sysconfig/rsyslog/10perso
add this
if $programname == 'grandstream' then /var/log/grandstream/grandstream.log & stop
then
mkdir /var/log/grandstream touch /var/log/grandstream/grandstream.log expand-template /etc/sysconfig/rsyslog service rsyslog restart
also rotate it
vim /etc/logrotate.d/grandstream
/var/log/grandstream/*.log { weekly rotate 5 compress notifempty missingok nocreate sharedscripts endscript }