Setup syslog server in UBuntu

0

To setup syslog server in UBuntu Linux, follow the steps below:-

  • First you need to make sure you are login as root, then stop the syslog service

/etc/init.d/sysklogd stop

Open /etc/sysconfig/syslog with your favourite editor and look for the line below:

SYSLOGD=”-u syslog”

and edit the line to:

SYSLOGD=”-ru syslog”

Now open /etc/default/syslogd file with your editor and look for

SYSLOGD=””

and change it to

SYSLOGD=”-r”

 

  • ** This is the steps that i miss previously and result the syslog server not listening for remote log. Other linux distro do not need to perform this step

 

  • Restart the syslog service

/etc/init.d/sysklogd restart

Now you need to configure the ubuntu firewall to allow the log sender IP. We assume the log sender is 192.168.0.100 and our ubuntu syslog server IP is 192.168.0.1. So, just enter the command below:

iptables -I INPUT -p udp -i eth0 -s 192.168.0.100 -d 192.168.0.1 –dport 514 -j ACCEPT

 

  • ** Remember to change the IP above to your server IP

 

  • To check if your syslog is listening on port 514, run the command below:

netstat -a | grep syslog

and you should see the line below, else your syslog is not listening for remote log.

udp    26880      0 *:syslog                *:*

Done. you just setup your syslog server in Unbuntu Linux.

 

 

 

You might also like More from author