This chapter covers basic configuration of clients that can be configured to send logs to op5 LogServer.
To make a Windows computer send their logs to LogServer you have to download the Windows Syslog Agent from http://www.op5.com/support and install it.Windows Syslog Agent sends the Windows Event Log content to the IP address of your op5 LogServer, and can optionally send plain text log files too – for applications that keep their own logs.A UNIX machine has built-in support for syslog and hence you do not need to install any extra software.On most systems, you will find a config file callet /etc/syslog.conf - this is where you enter the host name or IP address of your op5 LogServer host.If your op5 LogServer host is on IP address 172.16.32.64, and you want to forward all facilities to it, append the following to /etc/syslog.conf and restart your syslog daemon:*.* @172.16.32.64Some systems do not understand *.* - if this is the case you have to enter all facilities separatly.
Note that on some systems, notably Solaris, the blank between the facility and the reciving host has to be made up of tabs, not spaces.If you use syslog-ng you can benefit from the stability to use tcp connection instead of the standard udp.Most applications can be configured to use syslog, and changing the configuration of those applications should be your first hand choice.Another option is using tail and logger to read the log file, and sen appended lines to syslog. This command will read /var/log/myapp.log and send it to syslog as facility daemon and severity info.You can use a command like the one above for your application, and make sure it is executed in reboot - on many systems this can be done by placing the command in /etc/rc.local.Many devices - from broadband firewalls for the home to office printers - can send their logs to a syslog server.Look at the manual for your respective devices for information on how to configure it to send logs to op5 LogServer.