Signup Login
Try it for FREE!

Categories

Home > Server Management > Events Monitoring > Logging to a Remote Host with…

Logging to a Remote Host with Syslog-ng

POSTED ON: September 14, 2011 POSTED BY Aaron Burnett

In previous syslog-ng articles we focused primarily on how to configure syslog-ng to log to a remote database server, such as PostgreSQL. However, perhaps not all wish to log to a database server for one reason or another. Fortunately, as an alternative method, syslog-ng also has the capability of logging to a remote host using TCP or UDP.

For this, both the syslog-ng client (the host that will be sending logs) and the server (the host that will be receiving logs from the client) will require separate but corresponding configurations. First, on the client, a new destination will need to be created. Here is an example destination configured to send logs on various ports using both TCP and UDP, although in practice this might be overkill.

destination remote_log_server {
 tcp("192.168.0.20" port(25214));
 udp("192.168.0.20" port(25214));
 udp("remotehost.local" port(514));
 };
 log { source(src); destination(remote_log_server); };

As you can see, you have the option of using either the IP address of the logging server, or its FQDN. Now, the log server must be configured with a new source:

source remote_log_host {
 tcp(ip(192.168.0.20) port(25214));
 udp(ip(192.168.0.20) port(25214));
udp(default-facility(syslog) default-priority(emerg));
tcp(default-facility(syslog) default-priority(emerg));
 };
log { source(remote_log_host); destination(debugging_console); };

You obviously have some liberty here when it comes to the destination for this log. You could even filter logs into more complex break downs, as I’ve shown in previous articles. In the event that the remote log host is using an older version of syslog-ng or if it is using a binary that doesn’t support SQL logging, you could still send logs to a logging server that does support logging to a database and from there enter them into PostgreSQL or MySQL, if you so wish.

So, by now you should have a basic understanding of how syslog-ng works, how to filter and sort logs, how to keep all of your logs in a database for easy sorting and centralization, and how to log to a remote logging server using TCP and UDP. I hope that you have found these articles useful, and that they just might make your life a little easier. Lastly, I highly recommend browsing through the syslog-ng Administrator Guide for more information on syslog-ng.

This entry was posted in Events Monitoring, Server Management, Sysadmin Tools and tagged , , . Bookmark the permalink.

Trusted by:

trusted by trusted by trusted by trusted by trusted by trusted by trusted by trusted by trusted by trusted by
About Monitis

Monitis GFI is a specialist provider of web and Cloud monitoring services that include website monitoring, site load testing, transaction monitoring, application and database monitoring, Cloud resource monitoring, and server and internal network monitoring within one easy-to-use dashboard. Over 100,000 users worldwide have chosen Monitis as their provider of choice to increase uptime and user experience of their services and products. What makes Monitis' solutions different is that they are fast to deploy, feature-rich in technology and provide a comprehensive single-pane view of on-premise and off-premise infrastructure and applications.

Follow Monitis on Facebook
Follow Monitis on Twitter
Home | Products | Tools | Blog | Support | Company | Plans

All Rights Reserved. Monitis Inc.info@monitis.com