skip to main content

Configuring Clients

Configuring Clients
Introduction
 
This chapter covers basic configuration of clients that can be configured to send logs to op5 LogServer.
 
Windows Machines
 
To make a Windows computer send their logs to LogServer you have to download the Windows Syslog Agent from http://www.op5.com/support and install it.
Windows Syslog Agent sends the Windows Event Log content to the IP address of your op5 LogServer, and can optionally send plain text log files too – for applications that keep their own logs.
You can find the manual for Windows Syslog Agent here: http://www.op5.com/manuals/extras/op5_SyslogAgent_3.3.5_manual.pdf
UNIX Machines
 
A UNIX machine has built-in support for syslog and hence you do not need to install any extra software.
 
syslogd
 
On most systems, you will find a config file callet /etc/syslog.conf - this is where you enter the host name or IP address of your op5 LogServer host.
If your op5 LogServer host is on IP address 172.16.32.64, and you want to forward all facilities to it, append the following to /etc/syslog.conf and restart your syslog daemon:
*.* @172.16.32.64
Some systems do not understand *.* - if this is the case you have to enter all facilities separatly.
Note that on some systems, notably Solaris, the blank between the facility and the reciving host has to be made up of tabs, not spaces.
For details on how to configure syslog.conf, please refer to the manual:
man syslog.conf
syslog-ng
 
More and more clients uses syslog-ng for sending syslog messages to a loghost.
If you use syslog-ng you can benefit from the stability to use tcp connection instead of the standard udp.
 
Sample /etc/syslog-ng/syslog-ng.conf to setup logging to loghost:
# all known message sources
source s_all {
# message generated by Syslog-NG
internal();
# standard Linux log source (this is the default place for the syslog()
# function to send logs to)
unix-stream("/dev/log");
# messages from the kernel
file("/proc/kmsg" log_prefix("kernel: "));
};
 
destination d_loghost {
tcp("172.16.32.64" port(514));
};
 
# send everything to loghost
log {
source(s_all);
destination(d_loghost);
};
 
Sending Text Files to LogServer
 
Some applications do not send their logs to syslog, but store them in a file on disk.
Most applications can be configured to use syslog, and changing the configuration of those applications should be your first hand choice.
Another option is using tail and logger to read the log file, and sen appended lines to syslog. This command will read /var/log/myapp.log and send it to syslog as facility daemon and severity info.
 
tail -f /var/log/myapp.log | logger -p daemon.info
 
You can use a command like the one above for your application, and make sure it is executed in reboot - on many systems this can be done by placing the command in /etc/rc.local.
 
Other Equipment
 
Many devices - from broadband firewalls for the home to office printers - can send their logs to a syslog server.
Look at the manual for your respective devices for information on how to configure it to send logs to op5 LogServer.
 

Feedback on documentation Feedback on documentation