Re: syslog
On Wed, 2004-06-30 at 12:18, Ketil Froyn wrote:
> On Wed, 30 Jun 2004, Matthew Joyce said:
>
> > I have been asked by a 3rd party (who managed some
> > comms equipment for us) if we have a syslog server.
> >
> > If so, they say they can direct some logs to it.
> >
> > We have some Debian boxes, don't they all have syslog
> > running ?
> >
> > How does it work ?
>
> man syslogd, look for "-r". If set, syslogd receives messages on the
> network from whoever sends them, and puts them in the local log. Makes
> it easier to log from devices without a disk, and makes it harder for
> a hacker to hide what he has done (he'll need to break in to the
> syslog server too).
I'm no expert, but I see that in
/etc/init.d/sysklogd
there are some comments about how to enable the "-r" option.
Once you restart syslogd with
/etc/init.d/sysklogd reload
I presume that any remote messages received should then show up in
/var/log/messages
along with the messages logged by local apps via the syslog daemon
(syslogd).
Apps like "swatch" can then be used to monitor the logfile and generate
email alerts or send messages to pagers.
If you need info on these options, I am sure someone on this list can
explain the best approach better than I can.
By the way, can anyone explain why the "syslogd" daemon is
started/managed via an init script called "sysklogd"?
Regards,
Simon
Reply to:
- References:
- syslog
- From: "Matthew Joyce" <MJoyce@ccia.unsw.edu.au>
- Re: syslog
- From: Ketil Froyn <ketilfroyn@gmail.com>