Table of Contents

Linux Syslog

FIXME Unfinished - Need modify for newer CentOS (rsyslog), test and verify

Assumptions:

CentOS 5 Server

Firewall

Open the server's firewall to listen on UDP port 514:

vim /etc/sysconfig/iptables

Insert:

-A INPUT –s 192.168.1.0/255.255.255.0 -m udp -p udp --dport 514 -j ACCEPT

Save, exit and restart iptables:

service iptables restart

Configure Syslog

vim /etc/sysconfig/syslog

Modify the existing line by adding -r:

SYSLOGD_OPTIONS="-m 0 -r"

Then restart syslog:

service syslog restart

Verify that syslog is monitoring port 514:

netstat –anp | grep 514

If you get no result, then something's wrong. If you get a result, then syslog is working and monitoring port 514.

Configure syslog to create a logfile for your device:

vim /etc/syslog.conf

Add these lines:

# Describe host you're logging here
*.*                                          /etc/log/yourlogfilename.log

Note: the spaces between . and /etc/log/… must be inserted using the TAB key! logfilename.log can be whatever name you want for your logfile.

Set-up whatever device allows for syslog and give it the IP address of your PBX system. If you want another CentOS machine to send logs to yours, then

vim /etc/syslog.conf

Add a line like this:

*.*                                     @IPADDRESSOFRECEIVING MACHINE

Note: the spaces between . and @IPADDRESS must be inserted using the TAB key!

To view the logfile:

tail -f /var/log/yourlogfilename.log