Rsyslog is a syslog daemon installed on Ubuntu. The purpose is to
collect information and store them in /var/log/syslog
file.
Note | |
---|---|
Rsyslog daemon can store information using databases like MySQL, SQlite, SyBase. Search documentation on Internet to know how to configure it. |
Edit the file /etc/rsyslog.conf
to enable
rsyslog daemon to collect syslog events from a client. There are two
protocols available to collect information: UDP and TCP. Abilis uses UDP
protocol so edit /etc/rsyslog.conf
uncommenting
lines:
$ModLoad imudp
$UDPServerRun 514
# /etc/rsyslog.conf Configuration file for rsyslog.
#
# For more information see
# /usr/share/doc/rsyslog-doc/html/rsyslog_conf.html
#
# Default logging rules can be found in /etc/rsyslog.d/50-default.conf
#################
#### MODULES ####
#################
$ModLoad imuxsock # provides support for local system logging
$ModLoad imklog # provides kernel logging support (previously done by rklogd)
#$ModLoad immark # provides --MARK-- message capability
$KLogPath /proc/kmsg
# provides UDP syslog reception
$ModLoad imudp
$UDPServerRun 514
# provides TCP syslog reception
#$ModLoad imtcp
#$InputTCPServerRun 514
Type service rsyslog restart to restart syslog daemon and apply the new configuration.
root@ubuntu-desktop:/var/log# service rsyslog restart
rsyslog start/running, process 2372
root@ubuntu-desktop:/var/log#
Tip | |
---|---|
If rsyslog is not installed, type sudo apt-get install rsyslog to install it. |
Add Syslog resource and then
configure it so that RECEIVER1
parameter is equal
to ip address of your syslog server.
[15:26:07] ABILIS_CPX:s p syslog receiver1:192.168.30.1
COMMAND EXECUTED [15:26:15] ABILIS_CPX:d p syslog
RES:SysLog - Not Saved (SAVE CONF), Not Refreshed (INIT) ---------------------- ------------------------------------------------------------------------ Run DESCR:System_Log_protocol LOG:NO ACT:YES queue-size:64 udp-locport:514 RELAY:NO LOCAL-SEVERITY:ALL LOCAL-SOURCES:SYS SRCADD:R-ID (192.168.000.201) TOS:0-N HOSTNAME: HOSTNAME-IP:R-ID (192.168.000.201) IPSRC:* IPSRCLIST:# RECEIVER1:192.168.030.001 RECEIVER2:# RECEIVER3:# RECEIVER4:# [15:26:19] ABILIS_CPX:init res:syslog
COMMAND EXECUTED [15:26:27] ABILIS_CPX:save conf
VALIDATION IN PROGRESS ... VALIDATION SUCCESSFULLY EXECUTED SAVE EXECUTED
The following are the information collected by linux syslog server.
root@ubuntu-desktop:/var/log# tail -f syslog
Dec 23 15:10:51 192.168.0.201 Abilis-CPX [00033] WARM START#015
Dec 23 15:11:35 192.168.0.201 Abilis-CPX [00092] I: Ip-3 PLink:d2 SLink:RD#015
Dec 23 15:11:35 192.168.0.201 Abilis-CPX [00092] I: Ip-4 PLink:d2 SLink:ln#015
Dec 23 15:11:35 192.168.0.201 Abilis-CPX [00092] I: Pv-5 PLink:d2 SLink:ln#015
Dec 23 15:11:35 192.168.0.201 Abilis-CPX [00092] I: Pv-6 PLink:d2 SLink:ln#015
Dec 23 15:11:35 192.168.0.201 Abilis-CPX [00092] I: Ip-9 PLink:d2 SLink:ln#015
Dec 23 15:11:53 192.168.0.201 Abilis-CPX [00092] I: Pv-5 PLink:RD SLink:ln#015
Dec 23 15:11:53 192.168.0.201 Abilis-CPX [00092] I: Pv-6 PLink:RD SLink:ln#015
Dec 23 15:15:47 192.168.0.201 Abilis-CPX [00033] WARM START#015
Dec 23 15:16:30 192.168.0.201 Abilis-CPX [00092] I: Ip-3 PLink:d2 SLink:RD#015
Dec 23 15:16:30 192.168.0.201 Abilis-CPX [00092] I: Ip-4 PLink:d2 SLink:ln#015
Dec 23 15:16:30 192.168.0.201 Abilis-CPX [00092] I: Pv-5 PLink:d2 SLink:ln#015
Dec 23 15:16:30 192.168.0.201 Abilis-CPX [00092] I: Pv-6 PLink:d2 SLink:ln#015
Dec 23 15:16:30 192.168.0.201 Abilis-CPX [00092] I: Ip-9 PLink:d2 SLink:ln#015
Dec 23 15:16:48 192.168.0.201 Abilis-CPX [00092] I: Pv-5 PLink:RD SLink:ln#015
Dec 23 15:16:48 192.168.0.201 Abilis-CPX [00092] I: Pv-6 PLink:RD SLink:ln#015