-------------------------------------------------------------------------------------------------
Instruction procedure to configure logg messages on remote system.
-------------------------------------------------------------------------------------------------
The whole procedure describes the procedure for remote logging on *nix
like system.
The *nix like system consists directory /etc which consists of all the
system information eg:-
a): System initialization at varios run levels.
b): All networking files which are read at boot time.
c): All the password files for all users
d): All files consisting logg information.
Here we will be seeing what all option to be changed to upgrade a system
for remote logging.
*nix systems reads the logg info from /dev/log
port number is typically set to /udp/514.
---------NEED-----------
First of all we need to understand what are logg files.
These files get all the system, network, user, etc information during
normal system boot operation or any user operation or when system has
to send inforamtion about itself to the administrator.
--------CHANGES----------
These logg information gets configured by a file
/etc/syslog.conf
This file consists of which type of logg file will go in which file
eg:-
*.* /var/log/messages
It simply tells that all the information will be send to var/log/messages
file.
To configure our system for remote logging. We can add a line in this file(*)
*.info; mail.none @remote
Where remote is the name of remote system on which remote loggs are to
be read.
NOTE* It should be written with root privelage.
The second file which is needed to be changed is /etc/hosts
It consists the IP address from where the system is going to listen.
Adding the following line configures the the system for remote logging.
IP domain name system name
10.112.62.72 hclit200089hyutgh.hclit.com remote
IP address is the address at which logging info would go.
domain name is domain name given to the system
system name is the name gievn to the system which would
be same as given in syslog.conf file.
----------------------Starting the logging on remote sytem -----------------------------
pname -HUP syslogd
Will restart the sylogd hence following the new configuration.
-----------------------------------------------------------------------------------------------------
-------------------Starting a loghost on another machine--------------------------------
In order to create a loghost, pick one machine and secure it as much as possible.
Basically, don’t run anything on this machine besides syslogd. Turn off inetd,
sendmail, everything, but make sure you have basic networking up. Possibly don’t
even run ssh on this machine. That way, the only way to view the log files on the
loghost would be to physically log into the console.
Make sure the time is always correct on the loghost.
In order to allow the loghost to receive syslog messages from other
machines, you may need to enable it to receive remote logging. (Find out first by
reading the syslogd man pages). Do this by adding the –r command line upon
syslogd startup.
Edit /etc/rc$(RUNLEVEL).d/syslog(*), and find the line:
/usr/sbin/syslogd
and change it to:
/usr/sbin/syslogd -r
Again, make sure the loghost is as secure as possible: the only thing it
should be running is syslogd.
NOTE*:- The runlevel is to be checked from the /etc/inittab file what is the default
log level accordingly set the same in RUNLEVEL
(-----NOTE *-----) : Check for all security levels if possible remove all security option
on it so that logging can be done.
Vijayendra Suman
Dated : 7 May 2007
No comments:
Post a Comment