Added by sonik on 08-06-2017 and keywords: remote, log, server, rsyslog, how, to, tutorial, simple, fast, linux, ubuntu, debian [
Print Article ]
pico /etc/rsyslog.conf
edit and uncomment
# provides UDP syslog reception
module(load="imudp")
input(type="imudp" port="514")
add
#
# Include all config files in /etc/rsyslog.d/
#
$IncludeConfig /etc/rsyslog.d/*.conf
if $fromhost-ip startswith '10.20.26.5' then /var/log/switch-10-20-26-5.log
if $fromhost-ip startswith '10.20.6.12' then /var/log/switch-10-20-6-12.log
if $fromhost-ip startswith '10.20.' then /var/log/switches.log
restart
/etc/init.d/rsyslog restart
or
service rsyslog restart
configure the remote switch maybe (like cisco sg300 or cisco 2960 or other)
with log server (the ip of your linux machine) UDP port 514 Facility Local 7 Description if you like and minimum Severity Notice
If you want to access the logs with apache
chmod -R go+rX /var/log/
Here is a simple php script for apache /var/www/html/log.php
<?php
$output = shell_exec('tac /var/log/switches.log');
echo "<pre>$output</pre>";
?>