###SysLogD###
Features:
1. Handles logging
2. Unix Domain Sockets
(/dev/log)
3. Internet Sockets
(UDP:514)
4. Ability to log to local
and remote targets
Implented as 'sysklogd'
package
Primary configuration file:
/etc/syslog.conf
Standard syslog.conf file
contains:
1. Rules
a.facilities ->
applications/daemons/network device/etc.
b. levels -> Importance
of message
Range: 0-7
7 = emergency (less
information)
6 = alert
5 = critical
4 = error
3 = warning
2 = notice
1 = info
0 = debug (more information)
2. Targets
a. file - /var/log/messages
b. tty - /dev/console
c. remote hosts -
@IP_ADDR_of_REMOTE_HOST
'*' = catchall/wildcard to
mean any facility or level
'.none' = exclusion rule
'man syslog.conf' to learn
about the support facilities.levels
Task:
1. Enable UDP logging for
remote Cisco gateway (192.168.75.1)
a. netstat -nul | grep 514 -
reveals UDP:514 listener
b. nano
/etc/sysconfig/syslog
b1.
'SYSLOGD_OPTIONS="-r"'
c. restart syslog and
confirm UDP:514 listener
c1. confirm using 'netstat
-nul | grep 514'
d. Configure the router
using facility 'local0' and level 'info'
e. configure
/etc/syslog.conf to accept 'local0.info'
f. restart or reload
'syslog'
No comments:
Post a Comment