From owner-svn-doc-head@FreeBSD.ORG Fri Jan 31 23:29:14 2014 Return-Path: Delivered-To: svn-doc-head@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 592C037F; Fri, 31 Jan 2014 23:29:14 +0000 (UTC) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 3954B1484; Fri, 31 Jan 2014 23:29:14 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.7/8.14.7) with ESMTP id s0VNTEP1057895; Fri, 31 Jan 2014 23:29:14 GMT (envelope-from dru@svn.freebsd.org) Received: (from dru@localhost) by svn.freebsd.org (8.14.7/8.14.7/Submit) id s0VNTEnx057894; Fri, 31 Jan 2014 23:29:14 GMT (envelope-from dru@svn.freebsd.org) Message-Id: <201401312329.s0VNTEnx057894@svn.freebsd.org> From: Dru Lavigne Date: Fri, 31 Jan 2014 23:29:14 +0000 (UTC) To: doc-committers@freebsd.org, svn-doc-all@freebsd.org, svn-doc-head@freebsd.org Subject: svn commit: r43714 - head/en_US.ISO8859-1/books/handbook/network-servers X-SVN-Group: doc-head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-doc-head@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: SVN commit messages for the doc tree for head List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 31 Jan 2014 23:29:14 -0000 Author: dru Date: Fri Jan 31 23:29:13 2014 New Revision: 43714 URL: http://svnweb.freebsd.org/changeset/doc/43714 Log: First 1/2 of syslogd section. Tighten wording and clarify unclear bits. Sponsored by: iXsystems Modified: head/en_US.ISO8859-1/books/handbook/network-servers/chapter.xml Modified: head/en_US.ISO8859-1/books/handbook/network-servers/chapter.xml ============================================================================== --- head/en_US.ISO8859-1/books/handbook/network-servers/chapter.xml Fri Jan 31 23:25:42 2014 (r43713) +++ head/en_US.ISO8859-1/books/handbook/network-servers/chapter.xml Fri Jan 31 23:29:13 2014 (r43714) @@ -5422,117 +5422,99 @@ driftfile /var/db/ntp.driftInteracting with system logs is a crucial aspect of both security and system administration. Monitoring the log files of - multiple hosts can get very unwieldy when these hosts are - distributed across medium or large networks, or when they are - parts of various different types of networks. In these cases, - configuring remote logging may make the whole process a lot more - comfortable. - - Centralized logging to a specific logging host can reduce - some of the administrative burden of log file administration. - Log file aggregation, merging and rotation may be configured in - one location, using the native tools of &os;, such as - &man.syslogd.8; and &man.newsyslog.8;. In the following example - configuration, host A, named + multiple hosts can become unwieldy as the number of systems increases. + Configuring centralized logging can reduce + some of the administrative burden of log file administration. + + Centralized log file aggregation, merging, and rotation can be configured + using &os; native tools, such as + &man.syslogd.8; and &man.newsyslog.8;. This section demonstrates an example + configuration, where host A, named logserv.example.com, will collect logging information for the local network. Host B, named logclient.example.com will - pass logging information to the server system. In live - configurations, both hosts require proper forward and reverse - DNS or entries in - /etc/hosts. Otherwise, data will be - rejected by the server. + class="fqdomainname">logclient.example.com, will be configured to + pass logging information to the logging server. Log Server Configuration - Log servers are machines configured to accept logging - information from remote hosts. In most cases this is to ease - configuration, in other cases it may just be a better - administration move. Regardless of reason, there are a few - requirements before continuing. - - A properly configured logging server has met the following - minimal requirements: + A log server is a system that has been configured to accept logging + information from other hosts. Before configuring a log server, check the following: - The firewall ruleset allows for UDP - to be passed on port 514 on both the client and - server; - - - - syslogd has been configured to - accept remote messages from client machines; + If there is a firewall between the logging server and + any logging clients, ensure that the firewall ruleset allows UDP + port 514 for both the clients and the + server. - The syslogd server and all client - machines must have valid entries for both forward and - reverse DNS, or be properly configured - in /etc/hosts. + The logging server and all client + machines must have forward and reverse entries in + the local DNS. If the network does not have + a DNS server, create entries in each system's + /etc/hosts. Proper name resolution is required + so that log entries are not rejected by the logging server. - To configure the log server, the client must be listed - in /etc/syslog.conf, and the logging - facility must be specified: + On the log server, edit + /etc/syslog.conf to specify the name of + the client to receive log entries from, the logging + facility to be used, and the name of the log to store the + host's log entries. This example adds the hostname of + B, logs all facilities, and stores + the log entries in /var/log/logclient.log. + + + Sample Log Server Configuration +logclient.example.com *.* /var/log/logclient.log + - - More information on various supported and available - facilities may be found in + When adding multiple log clients, add a similar two-line entry + for each client. More information about the available + facilities may be found in &man.syslog.conf.5;. - - - Once added, all facility messages will - be logged to the file specified previously, - /var/log/logclient.log. - The server machine must also have the following listing - placed inside /etc/rc.conf: + Next, configure /etc/rc.conf: syslogd_enable="YES" syslogd_flags="-a logclient.example.com -v -v" - The first option will enable the - syslogd daemon on boot up, and the second - option allows data from the specified client to be accepted on - this server. The latter part, using , - will increase the verbosity of logged messages. This is - extremely useful for tweaking facilities as administrators are - able to see what type of messages are being logged under which + The first entry starts + syslogd at system boot. The second + entry allows log entries from the specified client. + The + increases the verbosity of logged messages. This is + useful for tweaking facilities as administrators are + able to see what type of messages are being logged under each facility. Multiple options may be specified to allow logging from multiple clients. IP addresses and whole netblocks may also be specified. Refer to - &man.syslog.3; for a full list of possible + &man.syslogd.8; for a full list of possible options. - Finally, the log file should be created. The method used - does not matter, but &man.touch.1; works great for situations - such as this: + Finally, create the log file: - &prompt.root; touch - /var/log/logclient.log + &prompt.root; touch /var/log/logclient.log - At this point, the syslogd daemon + At this point, syslogd should be restarted and verified: &prompt.root; service syslogd restart &prompt.root; pgrep syslog - If a PID is returned, the server has - been restarted successfully, and client configuration may - begin. If the server has not restarted, consult the - /var/log/messages log for any - output. + If a PID is returned, the server + restarted successfully, and client configuration can + begin. If the server did not restart, consult + /var/log/messages for the error.