Educational ICT Virtualisation Specialist

Twitter LinkedIn E-mail
Precedence Technologies Ltd
Technology House, 36a Union Lane
Cambridge, CB4 1QB, United Kingdom
T: +44 (0)8456 446 800 / +44 (0)1223 359900
E: enquiries@precedence.co.uk
Syslog

Wiki Home

Tools

Jump To: Support > KB > NetManager > Syslog

Using syslog to collect and forward logs

Syslog is a standard mechanism for collecting logs centrally from various services. Services may be running on different servers, not just locally on NetManager, and once collected the logs can be:

  • Saved to log files (e.g. /var/log/messages)
  • Forwarded onto another syslog server
  • Displayed on the console or to any users logged in at a command line

Each log message has a facility associated with it. A facility code is used to specify the type of program that is logging the message. Messages with different facilities may be handled differently. Similarly each message has a severity (e.g. whether it is an error, a warning or just informational). Messages can be diverted to various places based on their facility and severity. A number of standard local log files are configured. For example, email logs go to /var/log/maillog.

You can add your own definitions by adding them to /etc/netmanager/syslog.additional. For full details, please read the syslog.conf manual page. There are also a number of configuration shortcuts:

  • syslog_auth_remote - IP address or hostname to send authentication logs to (e.g. failed ssh logins). These are already logged to /var/log/authlog
  • syslog_firewall_remote - IP address or hostname to send firewall logs to (e.g. blocked packets)
  • syslog_firewall_local - set to y to save firewall logs to /var/log/firewall.log
You may also define additional logs to receive on NetManager using the syslog_services configuration variable. This is a space-separated list of entries in the format:
filename,facility[:level]

Facilities are as follows:

  • auth: Security/authentication messages
  • authpriv: Security/authentication messages
  • cron: Cron subsystem (scheduled tasks)
  • ftp: FTP server
  • daemon: System servers
  • kern: Kernel messages
  • lpr: Printers
  • mail: Email system
  • news: NNTP News server
  • syslog: Messages generated internally by syslogd
  • user: User-level messages
  • uucp: UUCP (Unix-to-Unix CoPy)
  • local0: available
  • local1: available
  • local2: available
  • local3: SMART HDD monitoring on NetManager
  • local4: XMPP (chat) server on NetManager
  • local5: Firewall logging on NetManager
  • local6: available
  • local7: available

Specifying a level is optional. If not defined (or set to *), all levels will be logged.

For instance, to receive switch logs from HPE/Aruba switches you can set the following on NetManager:
syslog_services="switches,local7"
On each switch you can then configure a syslog server as follows (assuming NetManager IP address is 10.0.0.1):
logging 10.0.0.1
logging severity info
logging facility local7
© Copyright Precedence Technologies 1999-2024
Page last modified on April 29, 2024, at 04:51 PM by sborrill