Wednesday 11 September 2013

How to setup Logging Remotely (on a remote machine)

Problem: You want system logger messages saved on a remote machine rather than locally
 

Solution: Configure /etc/syslog.conf for remote logging, using the "@" syntax:

/etc/syslog.conf
# send all messages to remote system "loghost"
 

*.*    @loghost

On loghost, tell syslogd to accept messages from the network by adding the -r option:
 

# syslog -r ....

or within /etc/sysconfig/syslog:

SYSLOGD_OPTIONS=".... -r ...."

Remember to send a signal to syslogd to pick up any changes to /etc/syslog.conf or restart he demon on loghost(remote host[above exmp]). If we store it in remote machine if an intruder breals in the sytem also he cannt remove the log messages or tampered it.

The system logger will not accept messages from another machine by default. To allow this add the syslogd -r command-line option on loghost.

To allow the loghost to be changed easily, set up a "loghost" CNAME record on your nameserver that points to a specific machine:

loghost IN CNAME watchdog.example.com.

No comments:

Post a Comment