Syslog: Log Remote Hosts To Seperate Files

Dec 11, 2011 How To


I have been making a lot of changes to my lab network, which includes the addition of new networks and honey pots. To save on costs, I purchased a new Linksys router and the first step out-of-box was installing DD-WRT. The steps included below will work with anything that supports remote syslog.

My Syslog Environment

Server Description Server IP FQDN
Syslog Server
Application Server

Step 1 - Installing Sysklogd

On Deb Based Systems:

sudo apt-get install sysklogd

On RPM Based Systems:

yum install sysklogd

Step 2 - Configuring Sysklogd

There are two configuration files for sysklogd. One is installed at /etc/syslog.conf. The other, the defaults file, is located at /etc/default/syslogd. Open these file in your favorite editor. First, we are going to edit /etc/default/syslogd.

Edit the file to read as:


Save. Next, let’s open up the other file, /etc/syslog.conf. To add support for a remote host by IP, you can append the following to the end of the file:

+ *.* /var/log/firewall.log

After you do, touch the file to create it.

sudo touch /var/log/firewall.log 

To listen by hostname, use the following syntax: *.* /var/log/appserver.log

Last Step

Point your hosts to your new syslog server’s ip!


comments powered by Disqus