37.6. Rsyslog

37.6. Rsyslog
	Chapter 37. SYSLOG - The syslog protocol

Rsyslog is a syslog daemon installed on Ubuntu. The purpose is to collect information and store them in /var/log/syslog file.

	Note
	Rsyslog daemon can store information using databases like MySQL, SQlite, SyBase. Search documentation on Internet to know how to configure it.

37.6.1. Rsyslog configuration

Edit the file /etc/rsyslog.conf to enable rsyslog daemon to collect syslog events from a client. There are two protocols available to collect information: UDP and TCP. Abilis uses UDP protocol so edit /etc/rsyslog.conf uncommenting lines:

$ModLoad imudp

$UDPServerRun 514

#  /etc/rsyslog.conf    Configuration file for rsyslog.
#
#                       For more information see
#                       /usr/share/doc/rsyslog-doc/html/rsyslog_conf.html
#
#  Default logging rules can be found in /etc/rsyslog.d/50-default.conf


#################
#### MODULES ####
#################

$ModLoad imuxsock # provides support for local system logging
$ModLoad imklog   # provides kernel logging support (previously done by rklogd)
#$ModLoad immark  # provides --MARK-- message capability

$KLogPath /proc/kmsg

# provides UDP syslog reception
$ModLoad imudp
$UDPServerRun 514

# provides TCP syslog reception
#$ModLoad imtcp
#$InputTCPServerRun 514

Type service rsyslog restart to restart syslog daemon and apply the new configuration.

root@ubuntu-desktop:/var/log# service rsyslog restart
rsyslog start/running, process 2372
root@ubuntu-desktop:/var/log#

	Tip
	If rsyslog is not installed, type sudo apt-get install rsyslog to install it.

37.6.2. Syslog resource configuration

Add Syslog resource and then configure it so that RECEIVER1 parameter is equal to ip address of your syslog server.

[15:26:07] ABILIS_CPX:s p syslog receiver1:192.168.30.1 

COMMAND EXECUTED

[15:26:15] ABILIS_CPX:d p syslog

RES:SysLog - Not Saved (SAVE CONF), Not Refreshed (INIT) ----------------------
       ------------------------------------------------------------------------
Run    DESCR:System_Log_protocol
       LOG:NO        ACT:YES      queue-size:64    udp-locport:514    RELAY:NO
       LOCAL-SEVERITY:ALL
       LOCAL-SOURCES:SYS
       SRCADD:R-ID (192.168.000.201)               TOS:0-N
       HOSTNAME:
       HOSTNAME-IP:R-ID (192.168.000.201)
       IPSRC:*                    IPSRCLIST:#
       RECEIVER1:192.168.030.001  RECEIVER2:#                
       RECEIVER3:#                RECEIVER4:#                

[15:26:19] ABILIS_CPX:init res:syslog

COMMAND EXECUTED 

[15:26:27] ABILIS_CPX:save conf

VALIDATION IN PROGRESS ...
VALIDATION SUCCESSFULLY EXECUTED

SAVE EXECUTED

37.6.3. Results

The following are the information collected by linux syslog server.

root@ubuntu-desktop:/var/log# tail -f syslog
Dec 23 15:10:51 192.168.0.201 Abilis-CPX [00033] WARM START#015
Dec 23 15:11:35 192.168.0.201 Abilis-CPX [00092] I: Ip-3 PLink:d2 SLink:RD#015
Dec 23 15:11:35 192.168.0.201 Abilis-CPX [00092] I: Ip-4 PLink:d2 SLink:ln#015
Dec 23 15:11:35 192.168.0.201 Abilis-CPX [00092] I: Pv-5 PLink:d2 SLink:ln#015
Dec 23 15:11:35 192.168.0.201 Abilis-CPX [00092] I: Pv-6 PLink:d2 SLink:ln#015
Dec 23 15:11:35 192.168.0.201 Abilis-CPX [00092] I: Ip-9 PLink:d2 SLink:ln#015
Dec 23 15:11:53 192.168.0.201 Abilis-CPX [00092] I: Pv-5 PLink:RD SLink:ln#015
Dec 23 15:11:53 192.168.0.201 Abilis-CPX [00092] I: Pv-6 PLink:RD SLink:ln#015
Dec 23 15:15:47 192.168.0.201 Abilis-CPX [00033] WARM START#015
Dec 23 15:16:30 192.168.0.201 Abilis-CPX [00092] I: Ip-3 PLink:d2 SLink:RD#015
Dec 23 15:16:30 192.168.0.201 Abilis-CPX [00092] I: Ip-4 PLink:d2 SLink:ln#015
Dec 23 15:16:30 192.168.0.201 Abilis-CPX [00092] I: Pv-5 PLink:d2 SLink:ln#015
Dec 23 15:16:30 192.168.0.201 Abilis-CPX [00092] I: Pv-6 PLink:d2 SLink:ln#015
Dec 23 15:16:30 192.168.0.201 Abilis-CPX [00092] I: Ip-9 PLink:d2 SLink:ln#015
Dec 23 15:16:48 192.168.0.201 Abilis-CPX [00092] I: Pv-5 PLink:RD SLink:ln#015
Dec 23 15:16:48 192.168.0.201 Abilis-CPX [00092] I: Pv-6 PLink:RD SLink:ln#015


37.5. Win2k SYSLOG server implementations		37.7. Appendix