Jump To: Support > KB > NetManager > Syslog
Using syslog to collect and forward logs
Syslog is a standard mechanism for collecting logs centrally from various services. Services may be running on different servers, not just locally on NetManager, and once collected the logs can be:
- Saved to log files (e.g.
/var/log/messages
) - Forwarded onto another syslog server
- Displayed on the console or to any users logged in at a command line
Each log message has a facility associated with it. A facility code is used to specify the type of program that is logging the message. Messages with different facilities may be handled differently. Similarly each message has a severity (e.g. whether it is an error, a warning or just informational). Messages can be diverted to various places based on their facility and severity. A number of standard local log files are configured. For example, email logs go to /var/log/maillog
.
You can add your own definitions by adding them to /etc/netmanager/syslog.additional
. For full details, please read the syslog.conf manual page. There are also a number of configuration shortcuts:
syslog_auth_remote
- IP address or hostname to send authentication logs to (e.g. failed ssh logins). These are already logged to/var/log/authlog
syslog_firewall_remote
- IP address or hostname to send firewall logs to (e.g. blocked packets)syslog_firewall_local
- set toy
to save firewall logs to/var/log/firewall.log