Raspberry Pi – Installing a Syslog server using Syslog-NG

syslog-ng version 3.3.5-4
Raspbian 2013-02-09-wheezy-raspbian

At some point, we have all used a syslog server. They can be handy for testing a new system about to be placed into production or if you are working with a new feature and want to see what the router/switch/etc thinks is going on. As with anything I do with the RPi, I first start with making sure that I have the latest updates installed or are using the most current versions of what I am installing.

sudo apt-get update

Once all the updates have been applied for apt-get, we can proceed to getting syslog-ng installed.

sudo apt-get install syslog-ng

Once you have returned back to the command prompt, you will need to edit the syslog-ng configuration file so that it can start receiving the syslog output from my test Cisco switch that is plugged into the same switch as my Raspberry Pi.

sudo nano /etc/syslog-ng/syslog-ng.conf

The next three lines are all that it takes to make your RPi a receiver of Syslog data coming from network devices. You can see from the syslog-ng.conf file that it can be very structured. You have the option of putting all three lines together or putting each line in the section you see in the syslog-ng configuration file.
YouTube Preview Image
source s_net { udp(ip(0.0.0.0) port(514)); }; #0.0.0.0 will bind to all interfaces on your syslog server.
destination d_cisco { file(“/var/log/cisco.log”); };
log { source(s_net); destination(d_cisco); };

You will need you create the log file that the syslog data will be written to.

sudo touch /var/log/cisco.log

You will need restart syslog-ng for it to know about the configuration changes you just entered.

sudo service syslog-ng restart

Using the tail -f command, you can watch the data as it is received from the device you have configuration to send syslog information to your Raspberry Pi

tail -f /var/log/cisco.log

The following are the lines that I put on the Cisco router that I used for testing this process.

logging message-counter syslog
logging buffered 4096
logging trap debugging
logging 192.168.15.62
login on-failure log
login on-success log

You can watch the YouTube video I have included in this post for additional information.
To see more of my posts about the Raspberry Pi, please go to http://www.ronnutter.com/category/raspberry-pi/

This entry was posted in Blog Entries, Raspberry Pi, Video Podcast and tagged . Bookmark the permalink.