In a network environment, Cisco devices can be configured to send their syslog messages to a central syslog server. Ubuntu (10.04 LTS) has rsyslog as default syslog package, and I had some trouble creating a working config due to a nasty bug in rsyslog. Here is a cookbook to go around it :
1. create /etc/rsyslog.d/10-belan_syslog.conf
# 10-belan_syslog.conf # # fix bug, see http://www.gossamer-threads.com/lists/rsyslog/users/2620 # and https://bugs.launchpad.net/ubuntu/+source/rsyslog/+bug/484336 $PrivDropToGroup adm # listen on 514/UDP $ModLoad imudp $UDPServerRun 514 # templates $template PerHostLog,"/var/log/network/%HOSTNAME%/%$YEAR%.%$MONTH%.%$DAY%.log" InputUDPServerBindRuleset remote # what comes from remote go to per-host log files $RuleSet remote *.* ?PerHostLog & ~
2. restart the daemon:
sudo service rsyslog restart
Post a Comment