Changes

From SME Server
Jump to navigationJump to search
943 bytes added ,  14:16, 20 September 2014
m
no edit summary
Line 1: Line 1:  
==SME8.x==
 
==SME8.x==
 
====Fowarding syslog stream tot a remote host====
 
====Fowarding syslog stream tot a remote host====
Create the following a custom template directory:
+
Create the following a custom template directory on your source server (example 192.168.1.1)
 
  mkdir -p /etc/e-smith/templates-custom/etc/syslog.conf
 
  mkdir -p /etc/e-smith/templates-custom/etc/syslog.conf
 
and copy the existing template fragments to this new custom template directory:
 
and copy the existing template fragments to this new custom template directory:
Line 15: Line 15:  
where 192.168.1.170 is the IP address of the remote host. Obviously this is an example and you should use the IP address of your real syslog collecting server.
 
where 192.168.1.170 is the IP address of the remote host. Obviously this is an example and you should use the IP address of your real syslog collecting server.
   −
The new template needs to be expanded by:
+
To avoid unwanted mark messages to be send to the remote host, create the following custom template directory:
 +
mkdir -p /etc/e-smith/templates-custom/etc/sysconfig/syslog
 +
 
 +
and create the following template-fragment within this directory:
 +
touch /etc/e-smith/templates-custom/etc/sysconfig/syslog/10NoMARKs
 +
with the following content
 +
# we don;t want the MARK ticks
 +
SYSLOGD_OPTIONS="-r -m 0"
 +
 
 +
 
 +
The new templates need to be expanded by:
 
  expand-template /etc/syslog.conf
 
  expand-template /etc/syslog.conf
 
+
expand-template /etc/sysconfig/syslog
    
And restart syslog:
 
And restart syslog:
Line 23: Line 33:  
From here on, all syslog messages will be send to the remote host over port 514
 
From here on, all syslog messages will be send to the remote host over port 514
    +
On the remote host (192.168.1.170) there a 2 actions required to be able to receive remote syslog messages:
 +
* open UDP/TCP port 514
 +
* forwarding incomming traffic from our syslog server (192.168.1.1) on port 514 to localhost (127.0.0.1)
 +
 +
 +
=====Uninstall=====
 +
To uninstall the forwarding of syslog messages on your source server, remove the custom template directory:
 +
rm -f /etc/e-smith/templates-custom/etc/syslog.conf
 +
and restart syslog
 +
service syslog condrestart
     

Navigation menu