Table of Contents
Overview. This module covers the syslogd similarly to LPI 102. The added emphasis is on remote logging. Software packages are covered as well. We will build RPM as well as DEB packages.
The syslogd daemon is responsible for system logging. It is started as a service:
/etc/rc.d/init.d/syslogd start/stop/status/restart/condrestart
The following lines are from the syslogd rc-script:
if [ -f /etc/sysconfig/syslog ] ; then
. /etc/sysconfig/syslog
The /etc/sysconfig/syslog file defines the
following default variables:
SYSLOGD_OPTIONS="-m 0" KLOGD_OPTIONS="-2"
The configuration file is /etc/syslog.conf
with the following format:
FACILITY.PRIORITY ACTION
auth, authpriv, cron, daemon, kern, lpr, mail, mark, news, security (same as auth), syslog, user, uucp and local0 to local7
debug, info, notice, warning,err, crit, alert, emerg. The following are deprecated: error (same as err), warn (same as warning), panic (same as emerg)
As seen above the local syslogd can send logs to a remote host (say 192.168.10.33) running a syslogd. Assume we want to send all logs to this remote host, this would be the syntax:
*.* @192.168.10.33
In this case we want remote systems to send their logs to our server.
The only option that needs to be added at startup is -r.
Edit /etc/sysconfig/syslog and add the
-r option to the SYSLOGD_OPTIONS
variable
SYSLOGD_OPTIONS="-r -m 0"
Then restart the syslog service.
Once a server has been setup as a remote logging server it will
accept logs from hosts on the network.
By default these hosts will appear with an IP address in the logs
unless the hosts are listed in /etc/hosts.
This is due to the fact that syslogd cannot use
DNS services.
In fact syslogd has not been compiled with libresolv.so,
as seen below:
ldd syslogd libc.so.6 => /lib/i686/libc.so.6 (0x40024000) /lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0x40000000) ldd ping libresolv.so.2 => /lib/libresolv.so.2 (0x40024000) libc.so.6 => /lib/i686/libc.so.6 (0x40035000) /lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0x40000000