if you want to set up your managed Switches to work with a syslog-ng server
HP ProCurve
conf t
logging <remote ip>
write mem3Com
sys
info-center enable
info-center loghost <remote ip> channel loghost
save
ysyslogd
applausesetup and use syslog-ng for remote logging
centralizing syslogs in one place is usefull!
my goal was to set up a central server for remote logging of managed switches
There is a usefull tool: syslog-ng
you install it with
apt-get install syslog-ngor directly
apt-get install syslog-ng-coreif you use
apt-cache search syslog-ngyou can see what plugins exist, like a SQL version
syslog-ng - Enhanced system logging daemon (metapackage)
lwatch - Simple log colorizer
syslog-ng-core - Enhanced system logging daemon (core)
syslog-ng-dbg - Enhanced system logging daemon (debug symbols)
syslog-ng-dev - Enhanced system logging daemon (development files)
syslog-ng-mod-amqp - Enhanced system logging daemon (AMQP plugin)
syslog-ng-mod-basicfuncs-plus - Enhanced system logging daemon (extra template functions)
syslog-ng-mod-geoip - Enhanced system logging daemon (GeoIP plugin)
syslog-ng-mod-json - Enhanced system logging daemon (JSON plugin)
syslog-ng-mod-mongodb - Enhanced system logging daemon (MongoDB plugin)
syslog-ng-mod-redis - Enhanced system logging daemon (Redis plugin)
syslog-ng-mod-riemann - Enhanced system logging daemon (Riemann destination)
syslog-ng-mod-rss - Enhanced system logging daemon (RSS destination)
syslog-ng-mod-smtp - Enhanced system logging daemon (SMTP plugin)
syslog-ng-mod-sql - Enhanced system logging daemon (SQL plugin)
syslog-ng-mod-stomp - Enhanced system logging daemon (STOMP plugin)
syslog-ng-mod-trigger - Enhanced system logging daemon (trigger source)using it is quite simple
you need to set it up in the config file.My goal was to get external syslogs from the default syslog Port 514 [See Port List]
Further Information on setting up other portshttps://www.balabit.com/sites/default/files/documents/syslog-ng-ose-latest-guides/en/syslog-ng-ose-guide-admin/html/sources.html
The config file is usually located at:
/etc/syslog-ng/syslog-ng.confI added the following lines:
to get the data from the port you want to useuse here your external host ip instead of the 127.0.0.1
source s_extsyslog { network(ip(127.0.0.1) port(514) transport("udp")); };the logfile is defined here
destination d_extsyslog { file("/var/log/extsyslog.log"); };here is defined what shall happen – s_extlog > d_extlog
log { source(s_extsyslog); destination(d_extsyslog); };