Link to home
Start Free TrialLog in
Avatar of wauger
wauger

asked on

File output to remote machine using syslog?

Hi All. I dont know syslog very well so I was hoping that you could help answer my question.
I need to start sending accounting logs from TACACS daemon to a remote log collection server. The TACACS daemon writes its accounting data to a file. Would it be possible to somehow setup that file to ALSO send the log to this other remote log collection server using SYSLOG process? Any other way of doing this? Thanks a lot!
Avatar of clifflee
clifflee
Dear wauger:

The file /etc/syslog.conf contains information used  by  the system log daemon, syslogd, to forward a system message
to appropriate log files or remote loghost
take mail log for example :

remote log collection server:
1.make sure your log host is runnig syslogd

TACACS daemon server:
1.modify your syslog.conf on the daemon server, ask the syslog wirte to the dedicated log host:
   
mail.debug                      @"remote log collection IP"
---- -----                      -------------------------
facility .level                     action

2. restar your syslogd :
/etc/init.d/syslog stop
/etc/init.d/syslog start

any mail log will be wirte to the remote log collection server.
-----------------------------------------------------------
if you realize above explain,you should realize that you have to modify your TACACS daemon to use syslog
and define your
facility:level  --> (ex:local1:debug)
action          --> your log collection server IP

it'll be something like this :

local1:debug            @remote log collection IP

I do hope this is what you want ...
best regards
Cliff
Avatar of wauger
wauger

ASKER

Thanks much for your comment. However, I was wondering if we could one step further. Currently the TACACS daemon sends accounting logs to a seperate file, which I dont believe is controlled by syslog but rather by the daemon itself.

Would it be possible somehow to just tell syslog (or third-party app that mirrors syslog) to take whatever is bring written to this specific accounting file and also forward it to a syslog collection server?

On another note, I think it is possible to tell the TACACS daemon (use debug mode) to write accounting records to syslog as well. However I tried this and cannot find out what the facility.level is to specify where the data is going...

Thanks again.
Avatar of wauger
wauger

ASKER

Any update to this? I am really pressed for time here and need an answer, if there is any....

Another option to consider is to possible running a script that does something similar to a "tail -f" on the log file and somehow sending the output to a remote host? Dont know if that is feasible either.
I am increasing the point value.....
Avatar of wauger
wauger

ASKER

Ok i figured it out!!!

You can do a "tail -f" and pipe it into a "logger" command and assign it a facility and level so that the syslog.conf file will send it to a remote host. Here is the command:

tail -f filename | logger -i -p local3.info -t TAG_NAME

Then in syslog.conf:

local3.info     @remote_host

Works like a champ.
Avatar of liddler
liddler
Flag of Ireland image
No comment has been added lately, so it's time to clean up this TA.
I will leave a recommendation in the Cleanup topic area that this question is:

PAQ and refund

Please leave any comments here within the next four days.

PLEASE DO NOT ACCEPT THIS COMMENT AS AN ANSWER!

liddler
EE Cleanup Volunteer
ASKER CERTIFIED SOLUTION
Avatar of amp072397
amp072397
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial