HowTo get all syslogs from Network Devices together / HowTo make a Syslog-Server on Mac OSX
Welcome: Guest   Log in |  Register

Home » Articles » Computers » HowTo get all syslogs from Network Devices together / HowTo make a Syslog-Server on Mac OSX

HOWTO make a Syslog Server

HOWTO make a Syslog Server (syslogd) for Unix/Linux, made under Mac OSX 10.4 Tiger http://www.cdx.de

1. Activating incoming syslogs from external Network-Components as Router, FireWall, Switches oder Servers. With the Terminal we modify the startup-options for syslogd (/System/Library/LaunchDaemons/com.apple.syslogd.plist)
First we make a backup: sudo cp /System/Library/LaunchDaemons/com.apple.syslogd.plist com.apple.syslogd.plist.bak
with pico (or vi or other editor) open the com.apple.syslogd.plist file: sudo pico /System/Library/LaunchDaemons/com.apple.syslogd.plist
Search for: /usr/sbin/syslogd type in directly below: -u save (ctrl-o) and quit pico (ctrl-x)
This tells the process on UDP Port 514 to receive data external over Network.
Open the firewall, if activated for this port. Reboot your Mac, or kill and restart the process with the new startoptions: sudo launchctl unload /System/Library/LaunchDaemons/com.apple.syslogd.plist sudo launchctl load /System/Library/LaunchDaemons/com.apple.syslogd.plist

2. Restore the new Funktions after a cron-restart Stop and Start must in a cron-file, startet from Script /etc/periodic/daily/500.daily automaticly sudo pico /etc/daily.local Type in: launchctl unload /System/Library/LaunchDaemons/com.apple.syslogd.plist sleep 1 launchctl load /System/Library/LaunchDaemons/com.apple.syslogd.plist save (ctrl-o) and quit pico (ctrl-x)

3. Create the logfies and set the targets for incoming logdata Any external Device shoudt write in his own logfie, we create these with: sudo touch /var/log/mydevice.log (i.e. firewall_home.log, router_log, switch_log) Let´s´mak a backup from the preference-file for the syslogd, and tell him what will be logged: sudo cp /etc/syslog.conf syslog.conf.bak sudo pico /etc/syslog.conf Fill in on the end of the conf-file: local1.* /var/log/mydevice.log (i.e. firewall_home.log) save (ctrl-o) and quit pico (ctrl-x) You can use local1 to local7, after the dot stands the filter, * for all, with i.e. err / emerg / notice / info / crit /alert you filter the logs before saving them. Two tabs and then the path to the logfile. The external Device hast to know to wich syslog server and in wich local-number to send his log. Set up the IP Adress of your new syslogserver and local1 to local7 suitably to the settings in yout syslog.conf. Save Settings, sometimes a restart of the Device is neccesarry.

4. Logrotation Setup In the script /etc/periodic/weekly/500.weekly the new logfiles has to inserted for logrotation. This script kills the syslogd, we make a newstart with our new parameters. Make a bigger window size for your Terminal-Window: sudo pico /etc/periodic/weekly/500.weekly Search for cd /var/log for i in ftp.log lookupd.log lpr.log mail.log netinfo.log hwmond.log ipfw.log ppp.log etc... fill in your own new logfile-names, save and exit pico These Script opens on the end of the cronjob /etc/weekly.local auf, here we make a new start of our syslogd: sudo cp /etc/daily.local /etc/weekly.local

5. Looking up you Logfiles Do it by terminal (tail -f /var/log/mydevice.log) or take a look via Finder with the Application Console.

Visit me at http://www.cdx.de

 

Categories: Advertising - Art and Entertainment - Business and Finance - Cars - Computers - Employment - Esoterik & Astrologie - Family & Home - Games - Health - Internet - Kids and Teens - Music - News - Other - Science - Shopping - Travel - Versicherung - Photoshop Tutorial

Other interesting Articles:



© by LABusinessJournal.org

Script by AlexScriptEngine.de

Imprint