Setup Syslog Server Ubuntu



Setup syslog server under Linux Ubuntu use to collect logs from firewalls. To setup server syslog on Ubuntu it quite easily, to setup the server syslog which we will use to collect remote log is indeed a bit cumbersome. FYI, after the syslog server is executed, she will go on port 514 UDP protocol because it is. After a few hours of testing, server syslog eventually could run well. So here I share my experience about how to setup server syslog on Linux Ubuntu for you all.

To setup server syslog on Linux UBuntu, let's follow the steps below:
 
The first step you should do is to make sure whether you are logged in as root, and then stop the syslog service, by means of entering the following command at the terminal of your linux ubuntu:
/etc/init.d/sysklogd stop


 
Then open the " / etc / sysconfig / syslog " via your terminal and then locate the following line:
SYSLOGD="-u syslog" 
 
And once you find it and then you line the Fox be like below:
SYSLOGD="-ru syslog"
 
Now reopen the file "/ etc / default / syslogd" with your terminal and then you search as below:
SYSLOGD=""
 
Once you find it and then change it to as below:
SYSLOGD="-r"
 
This is what resulted in the syslog server not listening to the remote log. But other linux distros do not need to do this step.
 
Restart syslog service, by typing the following command in your linux ubuntu terminal:
/etc/init.d/sysklogd restart

Now you have to configure the ubuntu firewall to allow the log sender IP. I assume that the log sender is 192.168.0.100 and our ubuntu syslog server IP is 192.168.0.1. So just enter the following command at the terminal:
iptables -I INPUT -p udp -i eth0 -s 192.168.0.100 -d 192.168.0.1 --dport 514 -j ACCEPT
 
Remember to replace the above IP with your server IP
To check if your syslog is listening on port 514, and then run the command below via terminal:
netstat -a | grep syslog
 
And you should pay close attention to the lines below, otherwise your syslog will not listen to the remote logs.
udp    26880      0 *:syslog                *:*
 
The step is finished, you just set up your syslog server on ubuntu linux.
 
 
Next
Previous
Click here for Comments

0 comments: