Creating a central syslog server

In this example, I will configure our Solaris server environment to send syslog information to a remote Red Hat Linux 8.0 server.

Changes needed on the syslog server (Red Hat Linux 8.0):

1. vi /etc/sysconfig/syslog

2. Change:
SYSLOGD_OPTIONS="-m 0"

To:
SYSLOGD_OPTIONS="-m 0 -r -x"

This change to the syslog daemon enables logging from remote machines and disables DNS lookups on incoming syslog messages.


Changes needed on the syslog clients (Sun Solaris):

1. vi /etc/syslog.conf

Add the following lines:
# Send a copy to remote loghost
*.info @loghost
auth.* @loghost

Note: make sure that you do not have extra whitespace in the Solaris syslog.conf file. Separate the facility and severity from the location with either a single space or with tabs.

2. vi /etc/hosts

Remove any reference to "loghost." By default, Solaris will configure each host to be its own loghost.

3. Send the syslogd process a SIGHUP signal (kill -HUP pid_of_syslogd).

If you are using DNS, you will want to add a DNS A record for your "loghost" server. Since it may already have an entry in DNS, you may wish to use a DNS CNAME record.

If you are using NIS in your environment, you may want to add "loghost" to your NIS hosts map.

Back to brandonhutchinson.com.

Last modified: 11/19/02