Features:-
1. Handles logging
2. Unix Domain Sockets (/dev/log)
3. Internet Sockets (UDP:514)
4. Ability to log to local and remote targets
Implented as 'sysklogd' package
Primary configuration file: /etc/syslog.conf
Standard syslog.conf file contains:-
1. Rules
a.facilities -> applications/daemons/network device/etc.
b. levels -> Importance of message
Range: 0-7
7 = emergency (less information)
6 = alert
5 = critical
4 = error
3 = warning
2 = notice
1 = info
0 = debug (more information)
2. Targets
a. file - /var/log/messages
b. tty - /dev/console
c. remote hosts - @IP_ADDR_of_REMOTE_HOST
'*' = catchall/wildcard to mean any facility or level
'.none' = exclusion rule
'man syslog.conf' to learn about the support facilities.levels
Task:-
1. Enable UDP logging for remote Cisco gateway (192.168.75.1)
a. netstat -nul | grep 514 - reveals UDP:514 listener
b. nano /etc/sysconfig/syslog
b1. 'SYSLOGD_OPTIONS="-r"'
c. restart syslog and confirm UDP:514 listener
c1. confirm using 'netstat -nul | grep 514'
d. Configure the router using facility 'local0' and level 'info'
e. configure /etc/syslog.conf to accept 'local0.info'
f. restart or reload 'syslog
###Log Rotation###
Features:
1. Rotation of logs based on criteria
a. size
b. age (daily, weekly, monthly)
2. Compression
3. Maintain logs for a defined period
/etc/logrotate.conf - primary (global) config file for all logs
-can be overriden by context-sensitive files. i.e. apache
run 'man logrotate'
/etc/logrotate.d - directory for logs to be rotated
-httpd - used to rotate Apache logs
/var/log/httpd/*log {
missingok
notifempty
sharedscripts
postrotate
/bin/kill -HUP `cat /var/run/httpd.pid 2>/dev/null` 2> /dev/null || true
endscript
}
Task: Setup rotation rule for Cisco log
1. Create entry in: /etc/logrotate.d based on /etc/logrotate.d/syslog
2. Modified the entry to rotate based on new criteria
3. Rotated using: 'logrotate /etc/logrotate.conf'
Note: Force using: 'logrotatate -f /etc/logrotate.conf'
Thanking You
Hope U Like it....