Navigation:  Monitoring with EventSentry > Network Services > Syslog Daemon >

Unix/Linux Configuration

Top  Previous  Next

Before Unix / Linux hosts can send Syslog messages to EventSentry they will need to be configured to do so. The main configuration file for most flavors of Unix is syslog.conf usually found in the /etc directory. For Ubuntu-based systems, the /etc/rsyslog.d/50-default.conf file needs to be edited.

 

Because the syntax for this file is slightly different from Unix version to Unix version, EventSentry will only cover the RedHat© Linux configuration. All actions below are performed on Linux.

 

 

1. Make sure you can ping the host where EventSentry is running from your Unix / Linux box. If not, update the /etc/hosts file or ask your name service provider to make the change for you.

 

2. Edit the file /etc/syslog.conf and add the following line

 

*.debug                     @yourhostname                 you will need to format this line with the correct number of tabs

 

*.debug is an extreme example and will send you every single message from the Linux box. You can reduce this by choosing a higher level such as *.notice. The syslog daemon will send you all messages from the specified level and higher, but not from the lower ones. Of course you can also specify the facility (such as kern or mail). Please see the Syslog manpage for more details on how to configure syslog.conf.

 

3. Restart the syslog daemon by typing /etc/init.d/syslog restart

 

4. Some Unix Operating Systems come with a command-line utility called logger which enables you to create your own log entries which can be very useful for testing. On Linux you can type

 

 logger -p auth.notice TESTMESSAGE

 

to create a message with the content "TESTMESSAGE" for the facility auth and severity notice. Please check your Operating System documentation to see if the same or a similar utility are included. Please also note that the syntax for this command might vary on different platforms.