Monday, January 02, 2006

Syslog - Centralize your logs


This artice was posted here

Here is a tip to make your machine save logs to a remote machine (remote_mc) instead of logging locally. For this to succeed, you have to make changes to both the remote machine which accepts the logs on behalf of your local machine as well as the local machine itself.

On the remote machine enable remote logging
Set up syslogd to accept remote messages. Edit the /etc/sysconfig/syslog file and insert the following line:


#File: /etc/sysconfig/syslog
SYSLOGD_OPTIONS="-r -m 0"


The file is liberally commented. -r means to enable remote logging and '-m 0' means to disable "MARK" messages.

Restart syslogd
# service syslog restart

Now the machine (remote machine) will accept logging messages from other machines.

On your local machine which sends the logging message
Edit the /etc/syslog.conf file to direct the logging messages to the remote machine (remote_mc).

#File: /etc/syslog.conf
...
*.emerg;user.*;kern.err @remote_mc
...

Here I have chosen to send all emergency messages, all user program generated logs and any kernel errors to be logged at the remote machine.


Lastly for the changes to take effect, restart the syslog daemon on your local machine.
# service syslog restart

Note: This tip is applicable to RedHat based systems but also can be used for debian based systems with some modifications.

Testing your setup
Generate a log message on your local machine using the logger command:

$ logger -i -t ravi "I am just testing this. This message can be ignored."

logger is a shell command which makes entries in the system log. It provides a shell interface to the syslog system log module. In the above command, -i logs the process ID of the logger process on each line. And -t option tags every line in the log with my name.

Now go and check on the remote machine (remote_mc) to see if the logs have been generated.

remote_mc $ cat /var/log/messages | grep ravi


Change Mac Address of your Machine

To do that

# ifconfig eth0 down
# ifconfig eth0 hw ether 00:80:48:BA:d1:20
# ifconfig eth0 up
# ifconfig eth0 |grep HWaddr

Sometimes your ISP's store the MAC address of your ethernet card and associate it with the IP address they provide. Suppose you change your network card (or your machine), It will not be able to log on to the net because your ethernet card has a different MAC address than the one stored in the database of the ISP.

In that case you will have to call your ISP and ask them to reset the Mac address, or else you can change your MAC address to the one registered with your ISP :)