Learn Devops tools online from the blog. Devops Institute Ahmedabad.

Setting Up A Central Syslog Server:-

how to set up a syslog server for one or more Unix systems, on Fedora Core and Ubuntu/Debian.

Linux systems already have syslog installed.

Configure the Server Computers:-

#service syslog stop

and if it fails again, go for the old-school kill command

#ps axfu | grep syslog
copy the PID (number from second column) from the syslog line and

#kill -9 PID
Open /etc/sysconfig/syslog with your favorite text editor
and  Find the line

Replace it with


Restart the syslog daemon

#service syslog restart

you should see a message similar to “syslog restarted (remote reception) when executing the command

#tail /var/log/messages
you should either find the RC syslog file, edit it and add the “-r” flag to the syslog options or, if you’ve used

the old-school kill command, simply start syslog manually

#syslogd -r

In the final step, you’ll have to make sure the firewall isn’t blocking any incoming packets. Simply run this

iptables command so any rule will be overridden

#iptables -I INPUT -p udp -i eth0 -s -d --dport 514 -j ACCEPT
This rule will ensure that the syslog server ( will receive UDP packets (containing log events) from the CLIENT (

You MUST replace these IP addresses with the correct ones. Also, you will have to re-execute this command for every other client PC you may have (, etc).

Configure the CLIENT computers:-

The client computers are configured to send any logged event to the syslog server, immediately as the events occur. To do this, edit the file /etc/syslog.conf on every client computer and add this line in  the file

*.* @

Again, replace the example IP address with the syslog server’s correct IP address.

restart the syslog on every client you’ve edited.

#service syslog restart

make sure the client machine is allowed by the firewall to send UDP packets. Again, you can easily override any rule by running the iptables command.

#iptables -I OUTPUT -p udp -i eth0 -s -d --dport 514 -j ACCEPT

This is it. If everything was done correctly, you should start receiving log events to the syslog server. To view them, run.

#tail -f /var/log/messages

Vishal Vyas

No comments:

Post a Comment