Ubuntu Syslog Server

From Teknologisk videncenter
Revision as of 17:18, 14 March 2013 by Rael (talk | contribs) (Discard)
Jump to: navigation, search

Installation

Installer rsyslog med 

aptitude install rsyslog -y

Configuration

Tillad UDP syslog pakker at komme ind til maskinen. Normalt er syslog kun sat op til interne log beskeder. 

# provides UDP syslog reception
$ModLoad imudp
$UDPServerRun 514

opret en folder i /var/log/cisco med mkdir -p /var/log/cisco

opret en fil der hedder /etc/rsyslog.d/99-cisco.conf og smid noget indhold i den: 

# Log syslog messages recieved from the network
$template DynFile,"/var/log/cisco/%$year%%$month%%$day%.log"
:fromhost-ip, isequal, "172.16.4.19" ?DynFile
:fromhost-ip, isequal, "172.16.4.19" ~

reload rsyslog med service rsyslog reload

Config forklaring

Discard

If the discard action is carried out, the received message is immediately discarded. Discard can be highly effective if you 

      want  to  filter out some annoying messages that otherwise would
      fill your log files. To do that, place the discard actions early
      in  your  log  files.  This often plays well with property-based
      filters, giving you great freedom in specifying what you do  not
      want.

      Discard  is  just  the  single  tilde  character with no further
      parameters.

      Example:
             *.*   ~      # discards everything.

Cisco config

logging nms.domain.com
logging trap 5
logging source-interface fa0/1
Retrieved from "http://mars.merhot.dk/w/index.php?title=Ubuntu_Syslog_Server&oldid=24609"