SYSbible

A bible next to an old computer.

Configuring syslog to receive messages from the network (aka listen)

It is sometimes needed to have a syslog server configured in such a way that is able to listen to the network and log information send through it. By default, this is usually turned off.

All we need to do is run syslog with the option ‘-r’. If we look at syslogd’s man page:

-r This option will enable the facility to receive message from the network using an internet domain socket with the syslog service (see services(5)). The default is to not receive any messages from the network. This option is introduced in version 1.3 of the sysklogd package. Please note that the default behavior is the opposite of how older versions behave, so you might have to turn this on.

An easy way to check if your syslogd (aka syslog daemon) is running with this option enabled is:

ps aux | grep syslogd | grep -v grep

The output should be something like this (some columns have been truncated to fit the page):

root _truncated_ /sbin/syslogd -r -m0

The latest columns state how the syslogd has been started. In this case, it has been started using the options ‘-r’ and ‘-m0’:

/sbin/syslogd -r -m0

How to do the necessary changes

Under Debian Linux, you would need to edit syslogd init script (usually: /etc/init.d/sysklogd) and add the following lines:

# Options for start/restart the daemons
# For remote UDP logging use SYSLOGD="-r"
#
SYSLOGD="-r -m0"

NOTE.- You might want to add -m0 option as well (optional), which disables the automatic syslog timestamp (i.e. a regular mark that is written into the log regularly).

The file should look something like this:

#! /bin/sh
# /etc/init.d/sysklogd: start the system log daemon.

PATH=/bin:/usr/bin:/sbin:/usr/sbin

pidfile=/var/run/syslogd.pid
binpath=/sbin/syslogd

test -x $binpath || exit 0

test ! -r /etc/default/syslogd || . /etc/default/syslogd

# Options for start/restart the daemons
#   For remote UDP logging use SYSLOGD="-r"
#
SYSLOGD="-r -m0"

create_xconsole()
{
    if [ ! -e /dev/xconsole ]; then
        mknod -m 640 /dev/xconsole p
    else
        chmod 0640 /dev/xconsole
    fi
    chown root:adm /dev/xconsole
}

........
........
........
........

After this, you should restart the daemon:

/etc/init.d/sysklogd restart
Restarting system log daemon: syslogd.

And now you should have your syslog daemon listening (you should check again):

ps aux | grep syslogd | grep -v grep

root _truncated_ /sbin/syslogd -r -m0

Posted

in

by

unai

Tags:

, ,

Comments

0 responses to “Configuring syslog to receive messages from the network (aka listen)”

  1. HAProxy 1.3.15.2 installation under Debian Etch (compiling from sources) | SysBible

    […] Configuring syslog to receive messages from the network (aka listen) […]