Modifying syslog.conf


 
Thread Tools Search this Thread
Top Forums UNIX for Advanced & Expert Users Modifying syslog.conf
# 1  
Old 11-19-2009
Modifying syslog.conf

I have a RHEL box that I want to be the loghost for all of the other systems on my network and have set up a /logs partitions to hold all of the logs. I've also created a file called current.log that will contain daily logs and created it using the following command: cp /dev/null current.log. After that I went into syslog.conf and edited the file and added this entry:
*.info /logs/rsyslog/current.log

Once this is setup the syslog service is stopped and restarted and when i check the current.log file there are messages being written to it. Once I go back into the syslog.conf file and edit out the *.info file info and revert back to normal the system starts logging messages again. Smilie Does anyone have any ideas why the system won't write to the current.log file?
# 2  
Old 11-19-2009
Maybe there is a conflict in your syslog.conf file?

I suggest you post your entire syslog.conf file if you want help.
# 3  
Old 11-19-2009
I have actually gotten past the point where the local system is now logging to the current.log file. Now I'm pointing some additional servers to the that server which will act as the loghost. When i check the log file, the only info there is for the local server and it's not logging for the remote hosts, which i believe is due to an rpc error. How can i fix this rpc error (find the cause of it and allow the remote logs to be written?)
# 4  
Old 11-19-2009
Code:
*.info /logs/rsyslog/current.log

Are you using syslogd or rsyslogd? For syslogd, you add "-r' to the SYSLOGD_OPTIONS in /etc/sysconfig/syslog.

For rsyslogd you need to uncomment the following lines in rsyslogd.conf
Code:
$ModLoad imudp
$UDPServerRun 514

and add list of permitted hosts e.g.
Code:
$AllowedSender UDP, 127.0.0.1, *example.com

You also need to open up any firewall that is in place on the log server for 514/UDP.
# 5  
Old 11-20-2009
Thanks, adding the -r option in /etc/sysconfig/syslog did the trick.
Login or Register to Ask a Question

Previous Thread | Next Thread

10 More Discussions You Might Find Interesting

1. Solaris

Which are the available entries to forward syslog in syslog.conf?

Hi Community Which are the available entries to forward syslog in syslog.conf i have put *.err;kern.debug;daemon.notice;mail.crit;user.alert;user.emerg;kern.notice;auth.notice;kern.warning @172.16.200.50 and it's not going through.giving error message like below: syslogd:... (2 Replies)
Discussion started by: bentech4u
2 Replies

2. BSD

Syslog.conf issue

I'm trying to get all ipfw logs going to ipfw.log I've managed that, but ipfw.log is also getting stuff that shows up in system.log !-ipfw *.notice;authpriv,remoteauth,ftp,install,internal.none /var/log/system.log kern.* /var/log/kernel.log... (5 Replies)
Discussion started by: jnojr
5 Replies

3. Red Hat

Configuring syslog.conf

Hi, I would like to configure syslog linux client, syslog server is windows server. so adding on linux client in /etc/syslog.conf @hostname will work in the place of directory location. example of /etc/syslog.conf # Log all kernel messages to the console. # Logging much else clutters up... (2 Replies)
Discussion started by: manoj.solaris
2 Replies

4. Solaris

best configuration for syslog.conf

I would like to configure the syslog.conf to have a good monitoring information about my system. do you have any idea about best configuration from your experience in your Data Centers BR, (5 Replies)
Discussion started by: maxim42
5 Replies

5. Shell Programming and Scripting

syslog.conf

How can i configure messages with warn priority to be logged in /var/log/mywarnings.log ? (1 Reply)
Discussion started by: g0dlik3
1 Replies

6. Red Hat

problems after modifying modprobe.conf

Hey Guys, I am having a problem after modifying the modprobe.conf. I added a few entries for the HBA drivers. When I noticed that it would not boot after this, I mounted a knoppix disk and removed those lines from the modprobe.conf. Now after removing those lines, it is still stuck at the same... (2 Replies)
Discussion started by: s ladd
2 Replies

7. Red Hat

Modifying limits.conf & pam.d

Hello all, I'm running Oracle 10.2 on RHEL5. Current value of ulimit -n is set to a low value of 1024. I need to increase it to 65536 using the following procedure. cat >> /etc/security/limits.conf <<EOF oracle soft nproc 2047 oracle hard nproc 16384 oracle soft nofile 1024 oracle hard... (3 Replies)
Discussion started by: luft
3 Replies

8. UNIX for Dummies Questions & Answers

Help confiuring syslog.conf

Hi, We had a hardware problem at work and none of the kernel problems outputted to the log file, just the screen. How can I configure the syslogd.conf file to record kernel events (ie hardware problems) to /dev/console and/var/log/messages. Can I just put: /dev/console /var/log/messages on... (5 Replies)
Discussion started by: mojoman
5 Replies

9. Solaris

syslog-ng.conf

Has anyone here configured a central syslog server using syslog-ng ? I have set one up and I'm trying to tune the syslog-ng.conf file, both for the server and the client. I have found lots of linux example files, but not much on Solaris which is slightly different. So if you have a Solaris... (5 Replies)
Discussion started by: Tornado
5 Replies

10. Red Hat

syslog.conf

Hi all I have a RedHat Linux AS2.1 server that keep crashing/rebooting and there are no messages in the /var/log/messages file pointing to any problems. I had a look at the /etc/syslog.conf file to see what gets logged to /var/log/messages, but I don't know what else to add. Can anyone tell me... (1 Reply)
Discussion started by: soliberus
1 Replies
Login or Register to Ask a Question