Debian Syslog Remote Logging

It seems to have been a long time since I’ve needed to setup remote logging. Our previous article Remote Logging for Mailgraph was based on Ubuntu Server 10.04 LTS, however since that time a few things have changed. So once again we will be setting up remote logging for mailgraph but now on Debian Server. With that said lets get started. In the old article we made edits directly to /etc/rsyslog.conf, in the new versions of Debian and Ubuntu we will be adding our configuration to the /etc/rsyslog.d/ directory. Essentially any file with a .conf file extension in that directory will be automatically pulled into the syslog configuration. So for our purposes we will create a file /etc/rsyslog.d/mailgraph.conf the contents of which are listed below.

# Create a log file template
$template mailgraph,"<%PRI%>%TIMESTAMP% %HOSTNAME% %syslogtag:1:32%%msg:::sp-if-no-1st-sp%%msg%"

# Send mail logs to remote server
mail.* 	@;mailgraph
mail.* 	@;mailgraph

It is important to note that the log file template statement is being created using legacy syntax and is not recommended. Syslog usage and version 7 templating information is available here. This how-to can be easily extended to enable remote logging for any log file. Last but certainly not least, if your remote syslog server is running a firewall, you will want to ensure that UDP port 514 is open. For an easy IP Tables based firewall for Ubuntu or Debian based servers, see Easy Ubuntu Server Firewall.

Did you find this article useful? Why not share it with your friends?

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.