SYSLOGD
Features:
1. Handles logging
2. Unix Domain Sockets (/dev/log)
3. Internet Sockets (UDP:514)
4. Ability to log to local and remote targets
5.Implented as 'sysklogd' package
6.Primary configuration file: /etc/syslog.conf
Standard syslog.conf file contains:
1. Rules
•a.facilities -> applications/daemons/network device/etc.
•b. levels -> Importance of message
Range: 0-7
•7 = emergency (less information)
•6 = alert
•5 = critical
•4 = error
•3 = warning
•2 = notice
•1 = info
•0 = debug (more information)
2. Targets
•file - /var/log/messages
•b. tty - /dev/console
•c. remote hosts - @IP_ADDR_of_REMOTE_HOST
•'*' = catchall/wildcard to mean any facility or level
•'.none' = exclusion rule
'man syslog.conf' to learn about the support facilities.levels
Task:
1. Enable UDP logging for remote Cisco gateway (192.168.75.1)
•netstat -nul | grep 514 - reveals UDP:514 listener
•nano /etc/sysconfig/syslog
'SYSLOGD_OPTIONS="-r"'
•restart syslog and confirm UDP:514 listener
confirm using 'netstat -nul | grep 514'
•Configure the router using facility 'local0' and level 'info'
•configure /etc/syslog.conf to accept 'local0.info'
•restart or reload 'syslog'
No comments:
Post a Comment