Client configuration

The client is the one generating the log files. It needs to push log entries to a remote host. Add the following lines to /etc/syslog-ng/whatever.conf

destination loghost { tcp("192.168.0.252" port(5140)); };
log { source(src); destination(loghost); };

Short documentation:
Line 1: tells where to log (the IP of the server, and the port). It also defines the alias loghost. This alias could be anything, like bakis, logserver etc.
Line 2: Takes source(src) (all logs) and logs to the destination(loghost).
Make sure no firwalls are in their way. You can edit ports to whatever you want, make sure the port is the same on the server side of course :-)

Server configuration

The server is the one receiving the logfiles. You have various options on how to handle them, I show the one I fancy. The following lines are relevant to add/edit.
In the OPTIONS section of the config file, add this.

create_dirs(yes);

It allows syslog-ng to create subdirs for each connecting host, sorting logfiles.

source remote_src { tcp(ip("192.168.0.252") port(5140)); };

This creates the source remote_src(can be named anything). It reads syslog-ng entries from the given ip-interface (the IP address is the one on the server, and it also defines the port it listens to

destination remote_messages { file("/home/HOSTS/$HOST/messages"); };

Now, we redirect all those incoming log-entries to this log-path. The $HOST variable is the IP of the connecting server, so this (in joint effort with the create_dirs(yes)) creates the structure "/home/HOSTS/192.168.0.99/messages" and so on.

log { source(remote_src); destination(remote_messages); };

Finally, tell syslog-ng to take all incoming log entries from remote_src and send them to destination remote_messages
Done!

Back to index