howto's

Problem

In some environments, administrators may find it difficult or tedious to manage and/or monitor logs from many different
servers, and require a mechanism for directing logs from all systems to one central location. Also, in some situations
when there is an issue with the / or /var filesystem, redirecting logs to another server can allow important messages
critical to troubleshooting to be printed, whereas they would have been lost if syslog was directing them to the local
filesystem.

Solution

The syslogd daemon can be configured to send messages for all logging levels or individual levels to one or more syslog
servers. In order to accomplish this, the file /etc/sysconfig/syslog must be edited on the syslog server to allow
remote machines to send logs here. Add the -r option to the SYSLOGD_OPTIONS like so:

SYSLOGD_OPTIONS="-r -m 0"

After the file has been saved, the syslogd service needs to be restarted:

# service syslog restart

To configure a client to send all messages to the remote server, append the following to /etc/syslog.conf:

*.* @hostname

Replace hostname above with the IP address or the hostname of the centralized log server. Or to only send individual
logging levels to the remote server:

*.info;mail.none;authpriv.none;cron.none @hostname

Again replacing hostname with the IP address or hostname of the remote server. Now restart the syslog service on the
client:

# service syslog restart

The new configuration can be tested by restarting a service such as cups on the client:

# service cups restart

Or by using a command such as:

# logger "***** THIS IS A TEST *****"

The log messages related to the cups service being restarted or from the logger command should be found in
/var/log/messages of the central server.