SYSLOG-NG

CONFIGURANDO O SERVIDOR

1 – Instale o pacote syslog-ng

apt-get install syslog-ng

2 – Inclua as seguintes opções no final do arquivo syslog-ng.conf

vi /etc/syslog-ng/syslog-ng.conf

# 192.168.0.137 é o servidor e 192.168.0.136 é o cliente

# my sources
source src {
  unix-stream("/dev/log");
  internal();
  udp(ip(192.168.0.137) port(514));
};

# my destinations
destination dst-192.168.0.136 { file (/var/log/192.168.0.136.log); };

# my filters
filter f_192.168.0.136 { host("192.168.0.136"); };

# my logs
log {
  source(src);
  filter(f_192.168.0.136);
  destination(dst-192.168.0.136);
};

3 – Reinicie o syslog-ng

/etc/init.d/syslog-ng restart

4 – Verifique se o syslog-ng está ouvindo na porta 514 UDP

netstat -nl | grep 514

udp 0 0 192.168.0.137:514 0.0.0.0:*

CONFIGURANDO O CLIENTE

5 – Instale o syslog-ng no computador 192.168.0.136

apt-get install syslog-ng

6 – Inclua as seguintes opções no final do arquivo syslog-ng.conf

vi /etc/syslog-ng/syslog-ng.conf

destination loghost { udp("192.168.0.137" port(514)); };

log { source(s_all); destination(loghost); };

7 – Reinicie o syslog-ng no cliente

/etc/init.d/syslog-ng restart

TESTANDO

Na máquina cliente tente efetuar o login, em seguida verifique o log no servidor com o comando tail

tail -f /var/log/192.168.0.136.log

DICA: Para configurar a máquina cliente utilizando o antigo syslog, adicione a seguinte entrada no arquivo syslog.conf

vi /etc/syslog.conf

*.* @192.168.0.137
Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s