Configuring_Remote_Syslog_-_Unix_and_BSD-OSX

Follow these instructions to redirect messages received from a syslog file on a remote system to the Event Manager Server.

Determining the System Logger

Run the following command on the system where the syslog file is stored: 

The next step depends on the filename returned by this command: 

• rsyslog.conf
• syslog-ng.conf
• syslog.conf

Configuration of rsyslog.conf

rsyslog is commonly found in Debian, Fedora, SUSE, Ubuntu and most other Linux distributions.

Configure rsyslog

1. As root, open /etc/rsyslog.conf or /etc/syslog.conf with a text editor such as pico or vi.
2. Paste the following line at the end of the file.

3. Save the edited file.

Activate the change

Use the following command to activate the change (applicable on most Linux distributions except Ubuntu).

On Ubuntu:

Log messages should now begin appearing in the Monitoring Server.

By default, rsyslog sends messages from the system's hostname.

Configuration of syslog-ng.conf

Syslog-ng commonly found in Gentoo 2005.0+, SUSE 9.3+

Configure syslog-ng

1. As root, open /etc/syslog-ng.conf with a text editor
2. Find a line starting with source, for example, source s_sys { . . . }
3. At the end of the file, paste the following configuration. Replace s_sys with the source name above, typically s_sys, src, s_all or s>local.

Destination d_alignia {

};

Activate the change

Use the following command to activate the change:

Configuration of syslog.conf

Syslogd and sysklogd are offten found in BSDs, CentOS, Gentoo 2004.3 and older, MAC OS X, RHEL, Slackware, Solaris and most other UNIX distributions; remote_syslog can also be used in place of syslogd.

Configure syslogd

1. As root, open/edit /etc/syslog.conf with a text editor such as pico or vi.
2. Paste the following line at the end of the file.

3. Save the edited file.

Activate the change

Use the following command to activate the change (applicable on most Linux distributions)