How to Implement SysLogD and RotationLogD in Linux - Cloud Network

Networking | Support | Tricks | Troubleshoot | Tips

Buymecoffe

Buy Me A Coffee

Wednesday, September 3, 2014

How to Implement SysLogD and RotationLogD in Linux

###SysLogD###
 Features:-
  1. Handles logging
  2. Unix Domain Sockets (/dev/log)
  3. Internet Sockets (UDP:514)
  4. Ability to log to local and remote targets

Implented as 'sysklogd' package

Primary configuration file: /etc/syslog.conf

Standard syslog.conf file contains:-
  1. Rules
        a.facilities -> applications/daemons/network device/etc.
        b. levels -> Importance of message
Range: 0-7
   7 = emergency (less information)
   6 = alert
   5 = critical
   4 = error
   3 = warning
   2 = notice
   1 = info
   0 = debug (more information)

 2. Targets
  a. file - /var/log/messages
  b. tty - /dev/console
  c. remote hosts - @IP_ADDR_of_REMOTE_HOST

'*' = catchall/wildcard to mean any facility or level
'.none' = exclusion rule

'man syslog.conf' to learn about the support facilities.levels

Task:-
 1. Enable UDP logging for remote Cisco gateway (192.168.75.1)
  a. netstat -nul | grep 514 - reveals UDP:514 listener
  b. nano /etc/sysconfig/syslog
        b1. 'SYSLOGD_OPTIONS="-r"'
  c. restart syslog and confirm UDP:514 listener
        c1. confirm using 'netstat -nul | grep 514'
  d. Configure the router using facility 'local0' and level 'info'
  e. configure /etc/syslog.conf to accept 'local0.info'
  f. restart or reload 'syslog

###Log Rotation###
 Features:
  1. Rotation of logs based on criteria
   a. size
   b. age (daily, weekly, monthly)

  2. Compression
  3. Maintain logs for a defined period

/etc/logrotate.conf - primary (global) config file for all logs
 -can be overriden by context-sensitive files. i.e. apache
 run 'man logrotate'

/etc/logrotate.d - directory for logs to be rotated
 -httpd - used to rotate Apache logs

/var/log/httpd/*log {
    missingok
    notifempty
    sharedscripts
    postrotate
        /bin/kill -HUP `cat /var/run/httpd.pid 2>/dev/null` 2> /dev/null || true
    endscript
}

Task: Setup rotation rule for Cisco log
 1. Create entry in: /etc/logrotate.d based on /etc/logrotate.d/syslog

 2. Modified the entry to rotate based on new criteria
 3. Rotated using: 'logrotate /etc/logrotate.conf'
Note: Force using: 'logrotatate -f /etc/logrotate.conf'


Thanking You
Hope U Like it....

Windows Server 2008

Notepad

Python 3.4.1

Nagios 4

Oracle Linux 7
How to Install Linux Mint 17