First of all,you have to make sure that the device you want to send log from is enable to do so.
I set once a linux server to collect log from one Cisco router,which was surely enabled to do so,but my network colleague did the settings on Cisco side,so I don't know anything about that part. Shouldn't be difficult,though, I think he told me that he only has to set the remote logging server IP address.
All the communication between device and server goes on port 514:
>>cat /etc/services
syslog 514/udp
,so you make sure that iptables allow communicatioon between device and server on that port.
All the logging is done by syslogd service.This service is started by default,but it doesn't permit remote logging by default.To enable it.you have to change file /etc/syconfig/syslog, and instead of line with:
SYSLOGD_OPTIONS="-m 0"
write:
SYSLOGD_OPTIONS="-m -r -x 0"
with -r being short for "remote",and -x disables remote device DNS lookups (adding some speed).
You should restart syslog service
service syslogd restart.
Now if everything is set correctly, the remote logs should appear in /var/log/messages, mixed with the localhost's own messages,should look something like this:
Jun 3 08:56:27 localhost smartd[3641]: smartd version 5.38 [i686-redhat-linux-gnu]
Jun 3 08:56:27 localhost smartd[3641]: Opened configuration file /etc/smartd.conf
Jun 3 08:56:27 remotehost smartd[3641]: Device: /dev/hdc, opened
Jun 3 08:56:27 remotehost smartd[3641]: Device: /dev/hdc, packet devices [this device CD/DVD] not SMART capable.
You can also make it go to another file,and not to /var/log/messages by configuring both device AND /etc/sylog.conf file,but at this moment you can separate the logs belonging to device and server by doing something like
cat /var/log/messages | grep remotehost.
Hope this was helpful!
