Linux Help
guides forums blogs
Home Desktops Distributions ISO Images Logos Newbies Reviews Software Support & Resources Linuxhelp Wiki

Welcome Guest ( Log In | Register )



Advanced DNS Management
New ZoneEdit. New Managment.

FREE DNS Is Back

Sign Up Now
 
Reply to this topicStart new topic
> Setting Up A Log Server
Joey
post Dec 18 2003, 11:46 PM
Post #1


LinuxHelp Admin
*******

Group: Admin
Posts: 1,096
Joined: 18-September 02
Member No.: 1



Hi,

So I bought this new wireless router this weekend and it has the option to forward the logs to a log server. I simply have to enter in the IP (in the router config) and what type of info I want in the logs.

I've been looking through google and I've found a few sites that explain what you have to do on the client machines (aka the router in this case) but not much on what needs to be done on the server machine.

I know I have to restart syslogd with the -r flag (so it listens on a specific port) but I'm guessing I have to also edit /etc/syslog.conf and let it know what to do with the logs.

Any ideas of what I have to put in /etc/syslog.conf? I presume the IP of the machine sending the logs and the filename I want everything to go into?
Go to the top of the page
 
+Quote Post
hughesjr
post Dec 19 2003, 12:12 AM
Post #2


Its GNU/Linuxhelp.net
*******

Group: Admin
Posts: 3,433
Joined: 25-July 03
From: Corpus Chrsiti, TX, USA
Member No.: 1,151



Here is a remote log setup in Debian.


--------------------
Johnny Hughes
hughesjr@linuxhelp.net
Enterprise Alternatives: CentOS, WhiteBoxEL
Favorite Workstation Distros (in order): CentOS, Gentoo, Debian Sarge, Ubuntu, Mandrake, FedoraCore, Slackware, SUSE
Favorite Server Distros (in order): CentOS, WhiteBoxEL, Debian Sarge, Slackware, Mandrake, FedoraCore, Gentoo, SUSE
Go to the top of the page
 
+Quote Post
Joey
post Dec 19 2003, 08:20 AM
Post #3


LinuxHelp Admin
*******

Group: Admin
Posts: 1,096
Joined: 18-September 02
Member No.: 1



Excellent that was exactly what I was looking for.

Thanks!
Go to the top of the page
 
+Quote Post
Joey
post Dec 21 2003, 03:13 PM
Post #4


LinuxHelp Admin
*******

Group: Admin
Posts: 1,096
Joined: 18-September 02
Member No.: 1



Hmm either I'm doing something wrong or that guide on the link is incorrect.

I have the following specified in /etc/syslog.conf:

10.1.1.66 /var/log/wireless

however the logs are still going into /var/log/messages... (yah I restarted syslog)

Any ideas?
Go to the top of the page
 
+Quote Post
hughesjr
post Dec 21 2003, 10:50 PM
Post #5


Its GNU/Linuxhelp.net
*******

Group: Admin
Posts: 3,433
Joined: 25-July 03
From: Corpus Chrsiti, TX, USA
Member No.: 1,151



Did you edit the /etc/sysconfig/syslog file and change the line:

SYSLOGD_OPTIONS="-m 0"

to

SYSLOGD_OPTIONS="-rm 0"

--------------------------------
I'm not sure it matters, but maybe try the:

10.1.1.66 /var/log/wireless

as the top line in the file /etc/syslog.conf


--------------------
Johnny Hughes
hughesjr@linuxhelp.net
Enterprise Alternatives: CentOS, WhiteBoxEL
Favorite Workstation Distros (in order): CentOS, Gentoo, Debian Sarge, Ubuntu, Mandrake, FedoraCore, Slackware, SUSE
Favorite Server Distros (in order): CentOS, WhiteBoxEL, Debian Sarge, Slackware, Mandrake, FedoraCore, Gentoo, SUSE
Go to the top of the page
 
+Quote Post
Joey
post Dec 21 2003, 10:52 PM
Post #6


LinuxHelp Admin
*******

Group: Admin
Posts: 1,096
Joined: 18-September 02
Member No.: 1



Yah it was receiving fine remember, everything goes into /var/log/messages

I'll try it with the entry at the top of the file.
Go to the top of the page
 
+Quote Post
hughesjr
post Dec 21 2003, 10:54 PM
Post #7


Its GNU/Linuxhelp.net
*******

Group: Admin
Posts: 3,433
Joined: 25-July 03
From: Corpus Chrsiti, TX, USA
Member No.: 1,151



-------------------------------
10.1.1.66 is the IP address of the router right?
-------------------------------
did you touch /var/log/wireless?


--------------------
Johnny Hughes
hughesjr@linuxhelp.net
Enterprise Alternatives: CentOS, WhiteBoxEL
Favorite Workstation Distros (in order): CentOS, Gentoo, Debian Sarge, Ubuntu, Mandrake, FedoraCore, Slackware, SUSE
Favorite Server Distros (in order): CentOS, WhiteBoxEL, Debian Sarge, Slackware, Mandrake, FedoraCore, Gentoo, SUSE
Go to the top of the page
 
+Quote Post
Joey
post Dec 21 2003, 11:03 PM
Post #8


LinuxHelp Admin
*******

Group: Admin
Posts: 1,096
Joined: 18-September 02
Member No.: 1



Yup and Yup
Go to the top of the page
 
+Quote Post
hughesjr
post Dec 22 2003, 07:23 AM
Post #9


Its GNU/Linuxhelp.net
*******

Group: Admin
Posts: 3,433
Joined: 25-July 03
From: Corpus Chrsiti, TX, USA
Member No.: 1,151



Is it working?
--------------
I know I'm asking silly questions ... but sometimes it's simple things that bit us in the behind biggrin.gif


--------------------
Johnny Hughes
hughesjr@linuxhelp.net
Enterprise Alternatives: CentOS, WhiteBoxEL
Favorite Workstation Distros (in order): CentOS, Gentoo, Debian Sarge, Ubuntu, Mandrake, FedoraCore, Slackware, SUSE
Favorite Server Distros (in order): CentOS, WhiteBoxEL, Debian Sarge, Slackware, Mandrake, FedoraCore, Gentoo, SUSE
Go to the top of the page
 
+Quote Post
Joey
post Dec 22 2003, 07:46 AM
Post #10


LinuxHelp Admin
*******

Group: Admin
Posts: 1,096
Joined: 18-September 02
Member No.: 1



I havent tried it with the entry at the top of the file yet. Maybe later on today but I doubt that will work.
Go to the top of the page
 
+Quote Post
hughesjr
post Dec 22 2003, 08:29 AM
Post #11


Its GNU/Linuxhelp.net
*******

Group: Admin
Posts: 3,433
Joined: 25-July 03
From: Corpus Chrsiti, TX, USA
Member No.: 1,151



OK ... I've actaully been giving this a lot of thought.

In reading the man page and other places, I think (but I'm not sure) that incoming files from a remote machine are logged via local0 through local7 ... and not necessarily in order.

So, you might try this:

Change this line:
CODE
*.info;mail.none;authpriv.none;cron.none                /var/log/messages


to (all one line)
CODE
*.info;mail.none;authpriv.none;cron.none;local0.none;local1.none;local2.none;loc
al3.none;local4.none;local5.none;local6.none;local7.none               /var/log/messages


Then add this line:
CODE
local0.*;local1.*;local2.*;local3.*;local4.*;local5.*;local6.*;local7.*     /var/log/local0-7


then touch /var/log/local0-7 and (just for testing) chmod 777 /var/log/local0-7.

and see what splits off...and if the wireless is now in local0-7.

If the wireless splits off, then you can do 8 seperate files to figure out the exact channel...


--------------------
Johnny Hughes
hughesjr@linuxhelp.net
Enterprise Alternatives: CentOS, WhiteBoxEL
Favorite Workstation Distros (in order): CentOS, Gentoo, Debian Sarge, Ubuntu, Mandrake, FedoraCore, Slackware, SUSE
Favorite Server Distros (in order): CentOS, WhiteBoxEL, Debian Sarge, Slackware, Mandrake, FedoraCore, Gentoo, SUSE
Go to the top of the page
 
+Quote Post
Joey
post Dec 22 2003, 08:45 AM
Post #12


LinuxHelp Admin
*******

Group: Admin
Posts: 1,096
Joined: 18-September 02
Member No.: 1



I've already tried the local lines however I didn't modify any of the existing ones. I'll give it a shot later.
Go to the top of the page
 
+Quote Post
hughesjr
post Dec 22 2003, 08:57 AM
Post #13


Its GNU/Linuxhelp.net
*******

Group: Admin
Posts: 3,433
Joined: 25-July 03
From: Corpus Chrsiti, TX, USA
Member No.: 1,151



I tried it between 2 linux machines and it didn't work ... the remote machine still went straight into mesages...

Now I want to find out how to do this too!

I'm leaving for work ... I'll play will this some more at work (if possible) or at home latter today.

I can also verify that adding the IP doesn't redirect the remote logs to a seperate file (at least on RedHat).


--------------------
Johnny Hughes
hughesjr@linuxhelp.net
Enterprise Alternatives: CentOS, WhiteBoxEL
Favorite Workstation Distros (in order): CentOS, Gentoo, Debian Sarge, Ubuntu, Mandrake, FedoraCore, Slackware, SUSE
Favorite Server Distros (in order): CentOS, WhiteBoxEL, Debian Sarge, Slackware, Mandrake, FedoraCore, Gentoo, SUSE
Go to the top of the page
 
+Quote Post
hughesjr
post Dec 22 2003, 03:06 PM
Post #14


Its GNU/Linuxhelp.net
*******

Group: Admin
Posts: 3,433
Joined: 25-July 03
From: Corpus Chrsiti, TX, USA
Member No.: 1,151



This looks like what you want. Although it doesn't solve the problem with syslogd .. it replaces the remote logging feature.

Or better yet this article shows how to log to a mysql database for easy searching...


--------------------
Johnny Hughes
hughesjr@linuxhelp.net
Enterprise Alternatives: CentOS, WhiteBoxEL
Favorite Workstation Distros (in order): CentOS, Gentoo, Debian Sarge, Ubuntu, Mandrake, FedoraCore, Slackware, SUSE
Favorite Server Distros (in order): CentOS, WhiteBoxEL, Debian Sarge, Slackware, Mandrake, FedoraCore, Gentoo, SUSE
Go to the top of the page
 
+Quote Post
Joey
post Dec 22 2003, 05:16 PM
Post #15


LinuxHelp Admin
*******

Group: Admin
Posts: 1,096
Joined: 18-September 02
Member No.: 1



I don't think I'm going to install that rsyslog application, it seems very shady. I'm going to leave everything as is and just log into the router to check the logs periodically.

Thanks for the help.
Go to the top of the page
 
+Quote Post

Reply to this topicStart new topic
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:

 



RSS Lo-Fi Version Time is now: 11th December 2017 - 02:06 PM