Skip to main content
Barracuda MSP Partner Toolkit

Enabling Syslog from Linux Device

Please follow the steps below to enable logging of syslog error messages on a Unix or Linux based device.

To log from a Unix system, edit the system's syslog daemon config file, as described below for most common loggers.

First, determine which System Logger is your system using by running the following command:

Is-d/etc/*syslog*

Depending on which file is displayed, please follow these instructions below.

rsyslog.conf

rsyslog is often seen on Debian, Fedora, SuSE, Ubuntu and most other Linux distributions.

  1. As root, edit /etc/rsyslog.conf or /etc/syslog.conf. Add this line at the end of the file:
    *.*         @(IP OR DNS NAME OF ONSITE MANAGER)
  2. Tell rsyslog to activate the change (on most OS's):
    sudo killall -HUP rsyslog rsyslogd
    On Ubuntu:
    sudo service rsyslog restart

Log messages should begin to be sent to the Onsite Manager.

syslog-ng.conf

syslog-ng is often seen on Gentoo 2005.0+ and SuSE 9.3+.

  1. Configure syslog-ng
    As root, edit /etc/syslog-ng.conf . Find a line starting with source. For example: source s_sys {..}.
    At the end of the file, paste this configuration. Replace s_sys with the source name above, typically s_sys, src, s_all, or s_local:
    destination d_onsitemanager {
    
        udp("IP OR DNS NAME OF ONSITE MANAGER" port(514));
    
    };
    # replace "s_sys" with the name you found:
    
    Log { source(s_sys); destination(d_onsitemanager); };
  2. Tell syslog-ng to activate the change:
    sudo killall -HUP syslog-ng

Log messages should begin transmitting to the Onsite Manager.

syslog.conf

syslogd and sysklogd are often seen on BSDs, CentOS, Gentoo 2004.3 and older, Mac OS X, RHEL Slackware, Solaris and most other Unices.

remote_syslog can also be used in lieu of syslogd.

  1. As root, edit /etc/syslog.conf with a text editor (like pico or vi). Paste this line at the end of the file:
    *.*         @(IP OR DNS OF ONSITE MANAGER)
  2. Tell syslog to activate the change (on most OS's):
    sudo killall -HUP syslog syslogd

Log messages should begin transmitting to the Onsite Manager.

Configure Monitoring in AVG Managed Workplace.

  1. Open Configuration - Monitors and Alert Rules.
  2. Search for the device you are wanting to add syslog monitoring for.
    clipboard_e656d46efdb636e18e61f2e0623cffcc3.png
  3. Click Add Monitor, Select Syslog Messages, and then click Add Monitor.
    clipboard_e14db5cc251414d35cd3d4270ea7692df.png
  4. Fill in a Title, and optionally a Description.
  5. Choose the appropriate Facility and Severity. Optionally a Syslog Message if required.
    clipboard_e0a1488fbe6db0ebf5e7f887413c5211f.png
  6. Click Alert, give it a title and optionally a description. Click Add under alert rules.  Enter in the FacilitySeverity, and optionally Text to contain or not contain within the alert. 
    clipboard_ebbaa6cb967cdc3d7b1506cb12110a9b5.png
  7. Fill out the actions to perform when the alert is triggered
  8. Click Save.
  • Was this article helpful?