Ajeet Raina Docker Captain, ARM Innovator & Docker Bangalore Community Leader.

How to setup Centralized Logging System on Linux?

1 min read

I was just hanging around blogs until I cam across one nice piece of setting up centralized Logging setup.I thought to try it out of mine and here is the output:Syslog is a fantastic facility for logging on Linux machines. Lets say you have a small number of servers, and want to log them all to one central syslog server. Here we’ll describe a simple configuration.
1) Setup the syslog serverOn the system you want to use as the syslog server, edit the file /etc/sysconf/syslog, and add ‘-r’ as follows:

  1. Options to syslogd
  2. -m 0 disables ‘MARK’ messages.
  3. -r enables logging from remote machines
  4. -x disables DNS lookups on messages recieved with -r
  5. See syslogd(8) for more details


  1. Options to klogd
  2. -2 prints all kernel oops messages twice; once for klogd to decode, and
  3. once for processing with ‘ksymoops’
  4. -x disables all klogd processing of oops messages entirely
  5. See klogd(8) for more details


Initially I added -x because I thought it would use networked DNS. But as I am logging all from local servers, all of which are defined in /etc/hosts, it doesn’t actually go to the network for name lookup. And, having the name of the system in the log file is nice.

Now, restart syslog, and confirm that syslog is listening on port 514 (the syslog port):

root@ajeet:/root>/etc/init.d/syslog restart
Shutting down kernel logger: [ OK ] Shutting down system logger: [ OK ] Starting system logger: [ OK ] Starting kernel logger: [ OK ] root@ajeet:/root>netstat -an|grep 514
udp 0 0*

2) Now, configure your client:

For simplicity, I added a line in the /etc/hosts file to add the name ‘loghost’ to the other names I am using for my logging server. This is actually beneficial – because I can move my syslog server to another host – and I only have to modify the hosts file…

Next, edit the /etc/syslog.conf file. I added 1 simple line to log all informational messages to the remote loghost:

*.info @loghost

Note: separate all columns with the tab character, not space.

Finally restart syslog on the client with /etc/init.d/syslog restart.

To test, you can use the command line logging facility called logger. On the client I type:

root@tuxbuddy:/etc>logger foobar

And on the server I see:

root@ajeet:/root>tail -f /var/log/messages

Jun 28 21:17:29 tubxuddy bemo: fooba

Hence, the centralized logging server is Ready !!!

Have Queries? Join https://launchpass.com/collabnix

Ajeet Raina Docker Captain, ARM Innovator & Docker Bangalore Community Leader.

3 Replies to “How to setup Centralized Logging System on Linux?”

  1. whoah this weblog is magnificent i really like studying your posts. Keep up the good paintings! You already know, a lot of persons are hunting round for this info, you could help them greatly.

  2. I really like your blog.. very nice colors & theme. Did you make this website yourself or did you hire someone to do it for you? Plz respond as I’m looking to design my own blog and would like to know where u got this from. kudos

  3. Its like you read my mind! You appear to know so
    much about this, like you wrote the book in it or something.
    I think that you could do with some pics to
    drive the message home a bit, but instead of that, this
    is excellent blog. An excellent read. I will definitely be back.


Leave a Reply

Your email address will not be published.