Client/Server Logging

Syslogd also has the ability to log messages across the network. If a syslogd process is started with the -r option, it will listen on the network for incoming syslogd messages. By default, syslogd uses UDP port 514 for this communication. A common practice is to set up one master logging server that receives all syslogd messages from all clients. On the client side, you would configure the local syslogd service to log events locally, and to log everything to the master logging server. This would be accomplished by adding the following line to the example syslog.conf file shown in Example 16-2:

*.*      @10.0.0.1

This means that messages matching all facilities and levels should be sent to the IP address 10.0.0.1.

You can determine whether a syslogd server is listening for remote log entries by running netstat:

# netstat -anp | grep -i ":514"
udp        0      0 0.0.0.0:514             0.0.0.0:*           26645/syslogd

Get LPI Linux Certification in a Nutshell, 3rd Edition now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.