Requirements:
- BSD Ready box. Ethernet with static should be configured
- Internet connection(of course)
- #pkg fetch extract
- #pkg update
Syslog-ng Installation
#pkg installl syslog-ng
or
You can also install it from
# cd /usr/ports/sysutils/syslog-ng && make install clean
Syslong-ng configurations.
/etc/rc.conf entries for syslog-ng
=============================syslogd_enable="NO"
syslog_ng_enable="YES"
=============================
# cd /usr/local/etc/syslog-ng/
# cp syslog-ng.conf.sample syslog-ng.conf
# service syslogd stop
# service syslog-ng start
My syslog-ng.conf
syslog-ng.confAdd new host to syslog-ng.conf
### add under source section ####
source windows {
udp(port(25215));
#tcp(ip(192.168.1.22) port(25215));
#udp(ip(192.168.1.22) port(25215));
#udp(default-facility(syslog) default-priority(emerg));
#tcp(default-facility(syslog) default-priority(emerg));
};
###Add under destination section ########
destination windows {file("/var/log/windows.log");};
###Add under filter section ############
filter windows{host("192.168.1.2"); };
###Add under log section #############
log{source(windows); filter(windows); destination(windows);};
That's it
Configuring remote syslog from Windows
Recommended logger: Nxlog
To send log files and event logs from all Windows
variants, we recommend nxlog.
Installation
Download the latest version using the link at the top
of the releases table here
Double click the downloaded MSI
Follow through the on screen prompts.
Basic Configuration
Post install:
Open C:\Program Files
(x86)\nxlog\conf\nxlog.conf , or on 32 bit platforms,
C:\Program Files\nxlog\conf\nxlog.conf
- Replace the contents with the template here
- Replace <host>.papertrailapp.com and YOUR_PORT with the details shown under log destinations
- (Optional) modify File 'C:\\path\\to\\*.log' if you wish to send the contents of a local log file. For multiple log files in different directories, add more <Input watchfileN> blocks and include them in Route 2 near the bottom of the example config. The commented out <Input watchfile2> block illustrates this process.
- Restart the nxlog service
=======================================================================
Source for below information: https://help.papertrailapp.com
Determine System Logger
See which logger your system uses. Run:
ls -d /etc/*syslog*
Configuration: rsyslog.conf
rsyslog is often seen on: Debian; Fedora; SuSE; Ubuntu; most other Linux distributions.
1. Configure rsyslog
As root, edit /etc/rsyslog.conf or /etc/syslog.conf with a text editor (like pico or vi). Paste a line like this at the end of the file:
*.* @logsN.papertrailapp.com:XXXXX
Note: Replace
logsN and XXXXX with the host and port from Papertrail’s Web interface. Typically these are on Add Systems.2. Activate change
Tell rsyslog to activate the change (on most OSes):
sudo /etc/init.d/rsyslog restart
On Ubuntu:
sudo service rsyslog restart
Log messages should begin appearing in Papertrail. Optionally, configure encrypted logging with TLS.
By default, rsyslog sends messages from the system’s hostname (such as
www42). To change this behavior and choose your own hostname or use the FQDN, see How can I override the hostname?.Configuration: syslog-ng.conf
syslog-ng is often seen on: Gentoo 2005.0+; SuSE 9.3+.
1. Configure syslog-ng
As root, edit /etc/syslog-ng.conf with a text editor. Find a line starting with source. For example:
source s_sys {..}.
At the end of the file, paste this configuration. Replace
s_sys with the source name above, typically s_sys, src, s_all, or s_local:destination d_papertrail {
udp("logsN.papertrailapp.com" port(XXXXX));
};
<a name="replace-"s_sys"-with-the-name-you-found"></a>
# replace "s_sys" with the name you found:
log { source(s_sys); destination(d_papertrail); };
Note: Replace
logsN and XXXXX with the host and port from Papertrail’s Web interface. Typically these are on Add Systems.2. Activate change
Tell syslog-ng to activate the change:
sudo killall -HUP syslog-ng
Log messages should begin appearing in Papertrail. Optionally, configure encrypted logging with TLS.
Configuration: syslog.conf
syslogd and sysklogd are often seen on: BSDs; CentOS; Gentoo 2004.3 and older; Mac OS X; RHEL; Slackware; Solaris; most other Unices.
remote_syslog2 can be used in lieu of syslogd.
Some versions of syslog do not support custom ports and must use the default port 514, but modern BSD versions (including OS X) support custom ports.
Default port (514)
- Visit Add Systems and select “I’d like to aggregate system/OS logs from something else….
- Under Less common setup methods below the search area, click My syslog daemon only sends to port 514.
- Provide Papertrail with this device’s Internet-facing public (external NAT) IP.
Then, follow the additional instructions to configure the daemon.
Custom port
1. Configure syslogd
As root, edit /etc/syslog.conf with a text editor (like pico or vi). Paste this line at the end of the file:
*.* @logsN.papertrailapp.com:XXXXX
2. Activate change
Tell syslog to activate the change (on most OS’s):
sudo killall -HUP syslog syslogd
Log messages should begin appearing in Papertrail.
Test (optional)
To confirm messages are being sent and received, you can generate a test message by running: logger “Testing Papertrail message delivery”
The test message should appear on the system’s event history almost immediately. If it doesn’t arrive, try sending a standalone test message.
Configuration: None
If
ls -d /etc/*syslog* did not find any matching files, try these:- On Fedora Linux 20 and later, install the rsyslog package (why?). Run:
sudo yum install rsyslog - On other Linux distributions and Unix variants other than Linux, try looking for files containing
syslogoutside of/etc/. Run:sudo find / -name "*syslog*" -print - Ask us. We’ve probably seen it.
Troubleshooting
Logs not appearing?
The most common cause is a local or external firewall blocking outbound UDP traffic. Solve this by adding an allow rule based on the port number shown under the Log Destinations tab.
For more generic troubleshooting information, see Troubleshooting remote syslog reachability.
No comments:
Post a Comment