trojan81
asked on
Redhat Linux- syslog
Hi experts,
Before I get started, I just want to say I'm just "OK" with linux. I only know enough to be dangerous.
I have redhat server that i want to point my Juniper firewalls to for syslog:
Red Hat Enterprise Linux WS release 4 (Nahant Update 6)
The Juniper gives me the option to log to Facilities 1-6.
In the linux server, I cat etc/syslog.conf.
I want to create a local facility 3 and point it directory /var/log/juniper
Question: how would I do that?
note that /var/log exists, so I would have to create a juniper directory.
No worries about log rotations at this time. I just want to get started with this.
Before I get started, I just want to say I'm just "OK" with linux. I only know enough to be dangerous.
I have redhat server that i want to point my Juniper firewalls to for syslog:
Red Hat Enterprise Linux WS release 4 (Nahant Update 6)
The Juniper gives me the option to log to Facilities 1-6.
In the linux server, I cat etc/syslog.conf.
I want to create a local facility 3 and point it directory /var/log/juniper
Question: how would I do that?
note that /var/log exists, so I would have to create a juniper directory.
No worries about log rotations at this time. I just want to get started with this.
ASKER
Arnold, i appreciate the response.
If I want it to write to a file called juniper as well do I need to add to the syslog.conf
local3.* /var/log/juniper/juniper
If I want it to write to a file called juniper as well do I need to add to the syslog.conf
local3.* /var/log/juniper/juniper
ASKER
Also do I need to go create the directory: juniper within the /var/log?
It is completely up to you.
The way I posted it will write to a file named juniper in var log directory. If you want the file to be within a directory in the event you eventually go with one level goes to one file while another event level goes into another file juniper.info juniper.crit and juniper.err it would be a preference whether to have a central directory or remain as is.
The way I posted it will write to a file named juniper in var log directory. If you want the file to be within a directory in the event you eventually go with one level goes to one file while another event level goes into another file juniper.info juniper.crit and juniper.err it would be a preference whether to have a central directory or remain as is.
ASKER
Just to confirm. I want syslogs to go to a file called "juniper" within the directory "Juniper"
So I would need to modify the syslog.conf to include this:
#Juniper Logging
local3.* /var/log/juniper/juniper
That would automatically create the directory "Juniper" within /var/log?
So I would need to modify the syslog.conf to include this:
#Juniper Logging
local3.* /var/log/juniper/juniper
That would automatically create the directory "Juniper" within /var/log?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
syslog will create files if they are missing, it will not create directories as Tamas pointed out.
ASKER
thank you guys. I think i'm just about ready to try it and have one more related question.
what exactly does the "local3*" mean in redhat. I only pick #3 because I have that defaulted on my juniper to "local facility 3". Does my Juniper and redhat syslog have to match on the facility #? For example, if I change the Juniper to syslog to local facility 2, that would mean I would need to have a local2 on my redhat server?
what exactly does the "local3*" mean in redhat. I only pick #3 because I have that defaulted on my juniper to "local facility 3". Does my Juniper and redhat syslog have to match on the facility #? For example, if I change the Juniper to syslog to local facility 2, that would mean I would need to have a local2 on my redhat server?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
As I understand, if I wanted my juniper logs to be written in directory /var/log/juniper, I would need to create a juniper directory.
How would I create this?
How would I create this?
in the shell run the following command:
mkdir /var/log/juniper
mkdir /var/log/juniper
iptables -I INPUT 5 -p udp -m udp --dport 514 -j ACCEPT
In /etc/syslog.conf add the line
local3.* /var/log/juniper
You can replace the * with a minimu level, info, notice, warn, err, crit.or leave it to accept all event level notices.
Make sure to setup a log rotation /etc/logrotate.d/juniper.c
To maintain the log size in a manageable range.
Another option in the event you want to be notified in real time if something happens, is to switch from syslog, to rsyslog which then can handle pattern matching received events and performing actions I.e email you that an attack on your device is suspected, as well as logging data into a database for VPN connections, etc.