1) on the debian/ubuntu system configure syslogd to listen to internet socket udp:514
i) edit the file /etc/default/syslogd so that it contains the line SYSLOGD="-r"
ex:-
celsius@gmladmin:~$ cat /etc/default/syslogd
# Top configuration file for syslogd
# Full documentation of possible arguments are found in the manpage syslogd(8).
# For remote UDP logging use SYSLOGD="-r"
SYSLOGD="-r"
celsius@gmladmin:~$
ii) restart syklogd daemon:- sudo /etc/init.d/sysklogd restart
iii) give the command netstat -nulp on the terminal
your o/p should contain something similar to the following:-
udp 0 0 0.0.0.0:514 0.0.0.0:*
since, celsius@gmladmin:~$ cat /etc/services | grep -i 514 gives
syslog 514/udp
2) CENTOS SIDE:-
i) edit the /etc/syslog.conf file to have something similar to the following entry
auth,authpriv.* @192.168.0.17
ii) restart syslog service (i.e service syslog restart)
iii) edit the file /etc/sysconfig/syslog file to have the following entry
SYSLOGD_OPTIONS = "-m 0 -r"
iv) restart syslog service (i.e service syslog restart)
v) give the command netstat -nulp on the terminal
your o/p should contain something similar to the following:-
udp 0 0 0.0.0.0:514 0.0.0.0:*
3) now if the centos machine is called "alpha" and debian/ubuntu system is called "gmladmin"
The command celsius@gmladmin:~$ cat /var/log/auth.log | grep -i alpha will give the output as follows:-
NB:- tested on ubuntu 10.04 & centos 5.5
See:- http://aarklonlinuxinfo.blogspot.com/2009/01/syslogd-and-syslogconf.html
No comments:
Post a Comment