This is on CentOS, of course you already have regular syslog installed so download syslog-ng rpm from wherever and install...
Force its install via:
sudo rpm --force -Uvh syslog-ng-1.6.12-1.el5.centos.i386.rpmor remove the old syslog first via:
rpm -e --nodeps rsyslog
stop syslog and start syslog-ng:
sudo /etc/init.d/syslog stop && sudo /etc/init.d/syslog-ng start
Test that its working via:
logger "test message" && sudo tail /var/log/messages
remove syslog from starting and setup syslog-ng to start up on boot:
sudo chkconfig syslog off && sudo chkconfig syslog-ng on && sudo chkconfig --list | grep syslog
Enable remote syslogging on the host syslog server
HOST:
sudo vi /etc/syslog-ng/syslog-ng.conf
add:
source s_network {
tcp(max-connections(5000));
udp();
};
destination d_network {
file ("/var/log/syslog-ng/$HOST/$FACILITY.log");
};
log { source(s_network);
destination(d_network);
};
Sending messages from your syslog-ng client
CLIENT:
sudo vi /etc/syslog-ng/syslog-ng.conf
destination loghost {
tcp("192.168.1.5");
};
log {
source(s_sys);
destination(loghost);
};
Add an iptables allow rule for port 514, and optionally add the -s and mention the host (much more secure)
sudo vi /etc/sysconfig/iptables
add:
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 514 -s 192.168.1.5 -j ACCEPT
restart iptables:
sudo /etc/init.d/iptables restart
Test that its working by running on the client:
logger "test to remote"
and running on the host:
tail -f /var/log/messages
If you see the msg its working .. if not, you fail... try again.
