Question about syslog in Linux

rdashokraj used Ask the Experts™

We are planning to setup a centralized syslog server in our setup. I got 2 questions with respect to it.

1. In a typical setup, what are all the log messages we should push to centralized log server from each client ? In /etc/syslog.conf file (on selector field), what are the "facility" and "level", we should use?

2. We have the Jboss application running on all client server and it generates some logs. We would like to capture these logs also in centralized syslog server. Is it possible to redirect these application logs (from all clients) to centralized log server using 'syslog' facility?

Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
1.  If you want to forward all logs to remote syslog from each client, you can use :

*.*                       @syslog_server_host

in /etc/syslog.conf (in each client machines)

Define syslog_server_host host name at /etc/hosts or DNS server first.

Next, configure the syslog server by enabling ability to receive logs from another machine.

In RedHat Family :
/etc/sysconfig/syslog, set  

In Ubuntu/Debian family :
/etc/default/syslogd, set  
SYSLOGD="-r -m 0" .

After these changes, restart the syslog daemon to take effect.

2. To send JBoss logs, may be this article can help you :

Best Regards

Top Expert 2015

Actually log4j can send to local syslog first and it is then to sort out what to log to remote.


Hi, I don't want to push all the logs to centralized syslog server. We have about 500 machines, imagine if we use *.* to push all the logs from a client, wouldn't it choke the network ?

I want to know that in a typical corporate setup, what are all the logs to be captured and send to centralized log server? Please let me know if you have more suggestions on this.

Success in ‘20 With a Profitable Pricing Strategy

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!

IMO, our need is about continuity and security of stations operation. So wee need to log :

- kern
- mail
- auth
- daemon
Top Expert 2015
I prefer to log mark - -m option as some hartbeat indication.

Traffic is not that huge - imagine 1message/secont makes 200 messages/second that goes at about 3Mbps in worst minute.
syslog-ng is huge improvement for central log collector.


Thanks for your inputs.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial