linuxperson
asked on
syslog server setup
I am trying to setup syslog server on SUSE Linux
I need ESXi logs to send logs to syslog server.
can you please assist me?
I need ESXi logs to send logs to syslog server.
can you please assist me?
Syslog server, may not help your issue.
You would be better off, relocating the logs on your ESXi server, to a persistent datastore.
see my EE Article
Part 11: HOW TO: Suppress Configuration Issues System logs on host are stored on non-persistent storage
You would be better off, relocating the logs on your ESXi server, to a persistent datastore.
see my EE Article
Part 11: HOW TO: Suppress Configuration Issues System logs on host are stored on non-persistent storage
ASKER
I would like to modify syslog-ng.conf on SUSE to get logs from my ESXi server. I have configured ESXi server to send logs to remoter server which is my suse linux.
I want to use suse linux syslog-ng.
Can you let me know how i would do this on suse linux?
I want to use suse linux syslog-ng.
Can you let me know how i would do this on suse linux?
ASKER
i already did complete this part. I need help to configure syslog-ng on suse linux.
http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2003322
http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2003322
What exactly do you want to know about syslog-ng? Did you go through the lavabit manual for syslog-ng?
ASKER
Here is my current configuration of syslog. i want to know how to configure syslog so that i can receive ESXi logs here
options { long_hostnames(off); sync(0); perm(0640); stats(3600); };
source src {
#
# include internal syslog-ng messages
# note: the internal() soure is required!
#
internal();
#
# the default log socket for local logging:
#
unix-dgram("/dev/log");
#
# uncomment to process log messages from network:
#
udp(ip("0.0.0.0") port(514));
};
filter f_iptables { facility(kern) and match("IN=") and match("OUT="); };
filter f_console { level(warn) and facility(kern) and not filter(f_iptables)
or level(err) and not facility(authpriv); };
filter f_newsnotice { level(notice) and facility(news); };
filter f_newscrit { level(crit) and facility(news); };
filter f_newserr { level(err) and facility(news); };
filter f_news { facility(news); };
filter f_mailinfo { level(info) and facility(mail); };
filter f_mailwarn { level(warn) and facility(mail); };
filter f_mailerr { level(err, crit) and facility(mail); };
filter f_mail { facility(mail); };
filter f_cron { facility(cron); };
filter f_local { facility(local0, local1, local2, local3,
local4, local5, local6, local7); };
filter f_acpid_full { match('^acpid:'); };
filter f_acpid { level(emerg..notice) and match('^acpid:'); };
filter f_acpid_old { match('^\[acpid\]:'); };
filter f_netmgm { match('^NetworkManager:'); };
filter f_messages { not facility(news, mail) and not filter(f_iptables); };
filter f_warn { level(warn, err, crit) and not filter(f_iptables); };
filter f_alert { level(alert); };
destination console { pipe("/dev/tty10" owner(-1) group(-1) perm(-1)); };
log { source(src); filter(f_console); destination(console); };
destination xconsole { pipe("/dev/xconsole" owner(-1) group(-1) perm(-1)); };
log { source(src); filter(f_console); destination(xconsole); };
destination newscrit { file("/var/log/news/news.c rit"
owner(news) group(news)); };
log { source(src); filter(f_newscrit); destination(newscrit); };
destination newserr { file("/var/log/news/news.e rr"
owner(news) group(news)); };
log { source(src); filter(f_newserr); destination(newserr); };
destination newsnotice { file("/var/log/news/news.n otice"
owner(news) group(news)); };
log { source(src); filter(f_newsnotice); destination(newsnotice); };
destination mailinfo { file("/var/log/mail.info") ; };
log { source(src); filter(f_mailinfo); destination(mailinfo); };
destination mailwarn { file("/var/log/mail.warn") ; };
log { source(src); filter(f_mailwarn); destination(mailwarn); };
destination mailerr { file("/var/log/mail.err" fsync(yes)); };
log { source(src); filter(f_mailerr); destination(mailerr); };
destination mail { file("/var/log/mail"); };
log { source(src); filter(f_mail); destination(mail); };
destination acpid { file("/var/log/acpid"); };
destination null { };
log { source(src); filter(f_acpid); destination(acpid); flags(final); };
log { source(src); filter(f_acpid_full); destination(null); flags(final); };
log { source(src); filter(f_acpid_old); destination(acpid); flags(final); };
destination netmgm { file("/var/log/NetworkMana ger"); };
log { source(src); filter(f_netmgm); destination(netmgm); flags(final); };
destination localmessages { file("/var/log/localmessag es"); };
log { source(src); filter(f_local); destination(localmessages) ; };
destination messages { file("/var/log/messages"); };
log { source(src); filter(f_messages); destination(messages); };
destination firewall { file("/var/log/firewall"); };
log { source(src); filter(f_iptables); destination(firewall); };
destination warn { file("/var/log/warn" fsync(yes)); };
log { source(src); filter(f_warn); destination(warn); };
options { long_hostnames(off); sync(0); perm(0640); stats(3600); };
source src {
#
# include internal syslog-ng messages
# note: the internal() soure is required!
#
internal();
#
# the default log socket for local logging:
#
unix-dgram("/dev/log");
#
# uncomment to process log messages from network:
#
udp(ip("0.0.0.0") port(514));
};
filter f_iptables { facility(kern) and match("IN=") and match("OUT="); };
filter f_console { level(warn) and facility(kern) and not filter(f_iptables)
or level(err) and not facility(authpriv); };
filter f_newsnotice { level(notice) and facility(news); };
filter f_newscrit { level(crit) and facility(news); };
filter f_newserr { level(err) and facility(news); };
filter f_news { facility(news); };
filter f_mailinfo { level(info) and facility(mail); };
filter f_mailwarn { level(warn) and facility(mail); };
filter f_mailerr { level(err, crit) and facility(mail); };
filter f_mail { facility(mail); };
filter f_cron { facility(cron); };
filter f_local { facility(local0, local1, local2, local3,
local4, local5, local6, local7); };
filter f_acpid_full { match('^acpid:'); };
filter f_acpid { level(emerg..notice) and match('^acpid:'); };
filter f_acpid_old { match('^\[acpid\]:'); };
filter f_netmgm { match('^NetworkManager:');
filter f_messages { not facility(news, mail) and not filter(f_iptables); };
filter f_warn { level(warn, err, crit) and not filter(f_iptables); };
filter f_alert { level(alert); };
destination console { pipe("/dev/tty10" owner(-1) group(-1) perm(-1)); };
log { source(src); filter(f_console); destination(console); };
destination xconsole { pipe("/dev/xconsole" owner(-1) group(-1) perm(-1)); };
log { source(src); filter(f_console); destination(xconsole); };
destination newscrit { file("/var/log/news/news.c
owner(news) group(news)); };
log { source(src); filter(f_newscrit); destination(newscrit); };
destination newserr { file("/var/log/news/news.e
owner(news) group(news)); };
log { source(src); filter(f_newserr); destination(newserr); };
destination newsnotice { file("/var/log/news/news.n
owner(news) group(news)); };
log { source(src); filter(f_newsnotice); destination(newsnotice); };
destination mailinfo { file("/var/log/mail.info")
log { source(src); filter(f_mailinfo); destination(mailinfo); };
destination mailwarn { file("/var/log/mail.warn")
log { source(src); filter(f_mailwarn); destination(mailwarn); };
destination mailerr { file("/var/log/mail.err" fsync(yes)); };
log { source(src); filter(f_mailerr); destination(mailerr); };
destination mail { file("/var/log/mail"); };
log { source(src); filter(f_mail); destination(mail); };
destination acpid { file("/var/log/acpid"); };
destination null { };
log { source(src); filter(f_acpid); destination(acpid); flags(final); };
log { source(src); filter(f_acpid_full); destination(null); flags(final); };
log { source(src); filter(f_acpid_old); destination(acpid); flags(final); };
destination netmgm { file("/var/log/NetworkMana
log { source(src); filter(f_netmgm); destination(netmgm); flags(final); };
destination localmessages { file("/var/log/localmessag
log { source(src); filter(f_local); destination(localmessages)
destination messages { file("/var/log/messages");
log { source(src); filter(f_messages); destination(messages); };
destination firewall { file("/var/log/firewall");
log { source(src); filter(f_iptables); destination(firewall); };
destination warn { file("/var/log/warn" fsync(yes)); };
log { source(src); filter(f_warn); destination(warn); };
ASKER
Shutting down syslog services done
Starting syslog servicessyntax error at 74
\startproc: exit status of parent of /sbin/syslog-ng: 1
failed
45 source src_vs06 {
46 #
47 # include internal syslog-ng messages
48 # note: the internal() soure is required!
49 #
50 #internal();
51
52 #
53 # the default log socket for local logging:
54 #
55 #unix-dgram("/dev/log");
56
57 #
58 # uncomment to process log messages from network:
59 #
60 udp(ip("ip_of_esxi_server" ) port(514));
61 };
62
63
64 destination d_vs06
65 {
66 file("/var/log/$HOST/$YEAR /$MONTH/$D AY/$FACILI TY.log" \
67 owner(root) group(root) perm(0600) dir_perm(0700) create_dirs(yes));
68
69 # This seperated by severity too.
70 # file("/var/log/$HOST/$YEAR /$MONTH/$D AY/$FACILI TY-$PRIORI TY.log" \
71 # owner(root) group(root) perm(0600) dir_perm(0700) create_dirs(yes));
72 };
73
74 log { source(src_vs06); desitnation(d_vs06); }
Starting syslog servicessyntax error at 74
\startproc: exit status of parent of /sbin/syslog-ng: 1
failed
45 source src_vs06 {
46 #
47 # include internal syslog-ng messages
48 # note: the internal() soure is required!
49 #
50 #internal();
51
52 #
53 # the default log socket for local logging:
54 #
55 #unix-dgram("/dev/log");
56
57 #
58 # uncomment to process log messages from network:
59 #
60 udp(ip("ip_of_esxi_server"
61 };
62
63
64 destination d_vs06
65 {
66 file("/var/log/$HOST/$YEAR
67 owner(root) group(root) perm(0600) dir_perm(0700) create_dirs(yes));
68
69 # This seperated by severity too.
70 # file("/var/log/$HOST/$YEAR
71 # owner(root) group(root) perm(0600) dir_perm(0700) create_dirs(yes));
72 };
73
74 log { source(src_vs06); desitnation(d_vs06); }
Try it like this:
Missing a ; at the end I think.
log { source(src_vs06); desitnation(d_vs06); };
Missing a ; at the end I think.
ASKER
same issue
what is source here?
Shutting down syslog services done
Starting syslog servicessyntax error at 74
\startproc: exit status of parent of /sbin/syslog-ng: 1
failed
what is source here?
Shutting down syslog services done
Starting syslog servicessyntax error at 74
\startproc: exit status of parent of /sbin/syslog-ng: 1
failed
ASKER
I've tried this based on https://www.novell.com/coolsolutions/feature/18044.html
I am getting error at line 66.
Shutting down syslog services done
Starting syslog servicessyntax error at 66
startproc: exit status of parent of /sbin/syslog-ng: 1
failed
45 source src {
46 #
47 # include internal syslog-ng messages
48 # note: the internal() soure is required!
49 #
50 internal();
51
52 #
53 # the default log socket for local logging:
54 #
55 unix-dgram("/dev/log");
56
57 #
58 # uncomment to process log messages from network:
59 #
60 udp(ip("0.0.0.0") port(514));
61 };
62
63 # this is for separating out network hosts into individual log files.
64 destination std {
65 file ("/var/log/HOSTS/$YEAR-$MO NTH/$HOST/ $FACILITY- $YEAR-$MON TH-$DAY"
66 owner(root) group(root) perm(0600) dir_perm(0700) create_dirs(y\es)
67 );
68 };
69
70 log {
71 source(src);
72 destination(std);
73 };
I am getting error at line 66.
Shutting down syslog services done
Starting syslog servicessyntax error at 66
startproc: exit status of parent of /sbin/syslog-ng: 1
failed
45 source src {
46 #
47 # include internal syslog-ng messages
48 # note: the internal() soure is required!
49 #
50 internal();
51
52 #
53 # the default log socket for local logging:
54 #
55 unix-dgram("/dev/log");
56
57 #
58 # uncomment to process log messages from network:
59 #
60 udp(ip("0.0.0.0") port(514));
61 };
62
63 # this is for separating out network hosts into individual log files.
64 destination std {
65 file ("/var/log/HOSTS/$YEAR-$MO
66 owner(root) group(root) perm(0600) dir_perm(0700) create_dirs(y\es)
67 );
68 };
69
70 log {
71 source(src);
72 destination(std);
73 };
ASKER
i removed \ between "y" and "es"
dirs(y\es)
I am restart the service now. I am still not receiving any logs from ESXi
dirs(y\es)
I am restart the service now. I am still not receiving any logs from ESXi
Is there a firewall running on the syslog server? try to telnet from another client to the udp port of the syslog server to see if you can access it... Does it work for other apps or are there none?
ASKER
destination std {
file ("/var/log/HOSTS/$YEAR-$MO NTH/$HOST/ $FACILITY- $YEAR-$MON TH-$DAY"
owner(root) group(root) perm(0600) dir_perm(0700) create_dirs(yes)
);
};
I am getting IP address folder under /var/log/2015-13/
How do i get hostname instead of IP address?
file ("/var/log/HOSTS/$YEAR-$MO
owner(root) group(root) perm(0600) dir_perm(0700) create_dirs(yes)
);
};
I am getting IP address folder under /var/log/2015-13/
How do i get hostname instead of IP address?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
found answer myself
What exactly would you like help with? The setup of Syslog on SUSE? If yes, please provide your SUSE version.
Or the syslog config on VMWare, if this is the case please check out this to get started.