Join our Discord Server
Ajeet Raina Ajeet Singh Raina is a former Docker Captain, Community Leader and Distinguished Arm Ambassador. He is a founder of Collabnix blogging site and has authored more than 700+ blogs on Docker, Kubernetes and Cloud-Native Technology. He runs a community Slack of 9800+ members and discord server close to 2600+ members. You can follow him on Twitter(@ajeetsraina).

How to setup Centralized Logging System on Linux?

1 min read

I was just hanging around blogs until I cam across one nice piece of setting up centralized Logging setup.I thought to try it out of mine and here is the output:Syslog is a fantastic facility for logging on Linux machines. Lets say you have a small number of servers, and want to log them all to one central syslog server. Here we’ll describe a simple configuration.
syslog-2
1) Setup the syslog serverOn the system you want to use as the syslog server, edit the file /etc/sysconf/syslog, and add ‘-r’ as follows:

  1. Options to syslogd
  2. -m 0 disables ‘MARK’ messages.
  3. -r enables logging from remote machines
  4. -x disables DNS lookups on messages recieved with -r
  5. See syslogd(8) for more details

SYSLOGD_OPTIONS=”-m 0 -r”

  1. Options to klogd
  2. -2 prints all kernel oops messages twice; once for klogd to decode, and
  3. once for processing with ‘ksymoops’
  4. -x disables all klogd processing of oops messages entirely
  5. See klogd(8) for more details

KLOGD_OPTIONS=”-x”

Initially I added -x because I thought it would use networked DNS. But as I am logging all from local servers, all of which are defined in /etc/hosts, it doesn’t actually go to the network for name lookup. And, having the name of the system in the log file is nice.

Now, restart syslog, and confirm that syslog is listening on port 514 (the syslog port):

root@ajeet:/root>/etc/init.d/syslog restart
Shutting down kernel logger: [ OK ]
Shutting down system logger: [ OK ]
Starting system logger: [ OK ]
Starting kernel logger: [ OK ]
root@ajeet:/root>netstat -an|grep 514
udp 0 0 0.0.0.0:514 0.0.0.0:*

2) Now, configure your client:

For simplicity, I added a line in the /etc/hosts file to add the name ‘loghost’ to the other names I am using for my logging server. This is actually beneficial – because I can move my syslog server to another host – and I only have to modify the hosts file…

Next, edit the /etc/syslog.conf file. I added 1 simple line to log all informational messages to the remote loghost:

*.info @loghost

Note: separate all columns with the tab character, not space.

Finally restart syslog on the client with /etc/init.d/syslog restart.

To test, you can use the command line logging facility called logger. On the client I type:

root@tuxbuddy:/etc>logger foobar

And on the server I see:

root@ajeet:/root>tail -f /var/log/messages

Jun 28 21:17:29 tubxuddy bemo: fooba

Hence, the centralized logging server is Ready !!!

Have Queries? Join https://launchpass.com/collabnix

Ajeet Raina Ajeet Singh Raina is a former Docker Captain, Community Leader and Distinguished Arm Ambassador. He is a founder of Collabnix blogging site and has authored more than 700+ blogs on Docker, Kubernetes and Cloud-Native Technology. He runs a community Slack of 9800+ members and discord server close to 2600+ members. You can follow him on Twitter(@ajeetsraina).
Join our Discord Server