Difference between revisions of "Syslog"

From SME Server
Jump to navigationJump to search
Line 7: Line 7:
 
First create a custom template directory as follows:
 
First create a custom template directory as follows:
  
  mkdir -p /etc/e-smith/templates-custom/etc/sysconfig/syslog
+
mkdir -p /etc/e-smith/templates-custom/etc/sysconfig/syslog
  cd /etc/e-smith/templates-custom/etc/sysconfig/syslog
+
cd /etc/e-smith/templates-custom/etc/sysconfig/syslog
  
 
Using for favourite editor, create the file '''90AllowRemoteSyslog''' and add
 
Using for favourite editor, create the file '''90AllowRemoteSyslog''' and add
 
the following lines:
 
the following lines:
  
  # Enable the syslog to capture remote messages from the network
+
# Enable the syslog to capture remote messages from the network
  SYSLOGD_OPTIONS="$SYSLOGD_OPTIONS -r"
+
SYSLOGD_OPTIONS="$SYSLOGD_OPTIONS -r"
  
 
Now expand the template and restart the '''SYSLOG''' service.
 
Now expand the template and restart the '''SYSLOG''' service.
  
  expand-template /etc/sysconfig/syslog
+
expand-template /etc/sysconfig/syslog
  service syslog restart  
+
service syslog restart  
  
 
You can now use:
 
You can now use:
  
  tail -f /var/log/messages
+
tail -f /var/log/messages
  
 
to view new entries being added to your messages log and see if the '''SYSLOG''' entries of your network device or appliance are showing up.
 
to view new entries being added to your messages log and see if the '''SYSLOG''' entries of your network device or appliance are showing up.

Revision as of 06:51, 8 February 2011

SME Server as SYSLOG server

If you have network devices or appliances that can log to SYSLOG, the following mini Howto shows how you can enable your SME Server to capture the SYSLOG messages and record them in your messages log.

You need to be root (su -) to do the following installation actions.

First create a custom template directory as follows:

mkdir -p /etc/e-smith/templates-custom/etc/sysconfig/syslog
cd /etc/e-smith/templates-custom/etc/sysconfig/syslog

Using for favourite editor, create the file 90AllowRemoteSyslog and add the following lines:

# Enable the syslog to capture remote messages from the network
SYSLOGD_OPTIONS="$SYSLOGD_OPTIONS -r"

Now expand the template and restart the SYSLOG service.

expand-template /etc/sysconfig/syslog
service syslog restart 

You can now use:

tail -f /var/log/messages

to view new entries being added to your messages log and see if the SYSLOG entries of your network device or appliance are showing up.



ADDING A SYSLOG FACILITY AND RECEIVE WINDOWS EVENT LOGS

create the desired log file:

touch /var/log/windows

in /etc/e-smith/templates-custom/etc/syslog.conf/00filenames add a row

$windows = "/var/log/windows";

pay attention to leave the

"";

on the last line!

in /etc/e-smith/templates-custom/etc/syslog.conf/local4 (o one of the other local if they are in use already)

change

local4.*                                        -{ "${messages}" } 

in

local4.*                                        -{ "${windows}" }

expand templates

expand-template /etc/sysconfig/syslog;
expand-template /etc/syslog.conf

restart syslog

service syslog restart

to redirect (in copy) the windows logs, I used http://code.google.com/p/eventlog-to-syslog/

copy evtsys.dll and evtsys.exe to c:\windows\system32 and execute

evtsys.exe -i -h YOURSMESERVERIP -f local4

and then

net start evtsys