Linux Syslog Server

An important part of maintaining a secure system is keeping track of the activities that take place on the system. If you know what usually happens, such as understanding when users log into your system, you can use log files to spot unusual activity. You can configure what syslogd records through the /etc/syslog.conf configuration file. The syslogd daemon manages all the logs on your system and coordinates with any of the logging operations of other systems on your network. Configuration information for syslogd is held in the /etc/syslog.conf file, which contains the names and locations for your system log files.

Necessary configuration for log server

My server and client configuration
  • A linux server with ip address and hostname mohiraj.
  • A linux client with ip address and hostname Client.
  • Running portmap and xinetd services.
  • Firewall should be off on server.

On Server Side

Now open the /etc/sysconfig/syslog file.
It would be like this.
See the line indicated by the arrow.
Linux Syslog Sever configuration
Linux Syslog Sever configuration

add -r option in this tag to accepts logs from clients.(as shown in figure below)
-m 0 disables 'MARK' messages.
-r enables logging from remote machines
Linux Syslog Sever /etc/sysconfig/syslog
Linux Syslog Sever configuration

Save this file and start the service syslog,portmap,xinetd as shown in figure.
Linux Syslog Sever service restart
Linux Syslog Sever service restart

Syslog server - On client side

open /etc/syslog.conf file
Now go to the end of file and do entry for server as user
User.* @
After saving file restart service with service syslog restart command.
To check the message of client on server open
Some example of /var/log/messages
When client request for NIS directory
Linux Syslog Sever service restart
Linux Syslog Sever service restart

When client is shut down
Linux Syslog Sever Client shutdown
Linux Syslog Sever Client shutdown

Above figures are self-explanatory.