NOTE: This is an old article I wrote in January 2007, it’s still relevant today. It was originally posted on luckydonkey.com which I am in the process of retiring.
I wanted to log everything from my servers and router to a singer server to make it easier to keep up. Here are the steps I went through.
I’m using bonobo.local as my syslog server. Start by editting /etc/syslog.conf. At the first line that isn’t a comment (first line that doesn’t start with a #) insert +
1 2 3 4 5 6 7 8 9 10
then at the bottom of the file add the name of the client machine, for me this was hypnotoad.local:
1 2 3
there are some funny characters in here that complicate matters.
!* resets the target. A few lines up the default syslog.conf has the line !ppp this tells the syslog daemon that all the following rules only apply to ppp messages. Putting
!* tells the syslog daemon that all the following rules match all messages.
+hypnotoad.local tells the syslog daemon that the following rules relate to the machine mentioned.
*.* <tab> <filename> tells the syslog daemon to log anything from the afore mentioned machine to the logfile ‘filename’
For security reasons the syslog daemon won’t start appending (logging) to a file that DOESN’T exist when it starts so you must create the files before restarting the syslog daemon.
edit /etc/rc.conf and append the line
This looks odd. Why deliberately pass in empty flags? Because /etc/defaults/rc.conf has
-s option stops syslog from listening for external logging messages. This caught me out first time I tried to do this
Now restart syslog
you should see a few lines about syslog stopping and starting again.
Setting up the clients
On each client make a backup of the original /etc/syslog.conf file and edit the original to include a single line
replacing bonobo.local with the name / ip address of your logging server. restart your syslog server:
try out the logging with
the message “hello from my syslog client” should appear in the syslog servers log file for the machine you are changing.