Account Tools

Search Tools

Configuring the sending of logs on Debian/Ubuntu

To centralise logs to a log server (port 514 UDP or TCP). Simply edit the “/etc/rsyslog.conf” file

nano /etc/rsyslog.conf

At the end of the file you can add this line:

*.*     @<ip>:514

This will redirect all the logs from your server to the syslog server. This is likely to do a lot because the debug and info levels are captured by the star.

You can specify the levels that interest you by modifying our line with this:

*.notice,warn,err,crit,alert,emerg    @<ip>:514

The server will only send logs greater than or equal to the notice level. After each modification, the service must be restarted

/etc/init.d/rsyslog restart

You can test logging with the following commands:

logger -p "test link to syslog server. lvl info"
logger -p auth.crit "test link to syslog server. lvl crit"

The 2 command lines will generate 2 entries: one at “info” level and the other at critical level

en/syslog/syslog_debian_ubuntu.txt · Last modified: 2023/11/09 18:07 by