How to Use Syslog to Gain Insights into Your Server’s Activities

How to Use Syslog to Gain Insights into Your Server’s Activities

What Do I Need?

  • A Dedicated or VPS Linux Server
  • CentOS
  • Putty

What is Syslog?

Syslog is an enormously useful standard for message logging. It facilitates the separation between software that generates messages. The system stores them and then the software reports and analyzes them and each message is labeled with a facility, which is a tag that indicates the software type that’s generated that message.

Syslog also includes an assigned severity level. If you’re running an increasingly larger and complex web server hosting operation then you should perhaps consider setting up a Syslog server, which will provide a centralized platform to manage, access, and monitor logs from a local system as well as remotely. If configured, of course.

  1. Pre-Flight Checks
  1. Check Syslog, portmap, xinetd services in system service it should be on:
setup Select System service from list [*]portmap [*]xinetd [*]syslog

  1. Restart the portmap service:
service portmap restart

How to Use SysLog to Gain Insights into Your Server’s Activities

  1. Restart the xinetd service:
service xinetd restart

How to Use SysLog to Gain Insights into Your Server’s Activities

  1. To ensure that these services remain active after a reboot you’ll need to use the chkconfig command:
chkconfig portmap on
chkconfig xinetd on
  1. How to Use SysLog to Gain Insights into Your Server’s Activities
  1. After the reboot, check the status of the services:
service portmap status
service xinetd status

How to Use SysLog to Gain Insights into Your Server’s Activities

  1. Configuring Syslog
  1. Open the Syslog file:
nano /etc/sysconfig/syslog

How to Use SysLog to Gain Insights into Your Server’s Activities

  1. Locate the SYSLOGD_OPTIONS tag.

How to Use SysLog to Gain Insights into Your Server’s Activities

  1. Add the ‘-r’ flag in this tag to accept logs from clients.

How to Use SysLog to Gain Insights into Your Server’s Activities

‘-m 0’ disables ‘MARK’ messages.

‘-r’ enables logging from remote machines.

‘-x’ disables DNS lookups on messages with ‘-r’.

  1. After saving the file, you’ll have to restart the service with the service Syslog restart command.
service syslog restart

How to Use SysLog to Gain Insights into Your Server’s Activities

  1. Configure your Linux Client Server
  1. In order to enable the monitoring on the client server, we need to do a couple of edits. Ping from the log server and open the /etc/syslog.conf file:
nano /etc/syslog.conf

How to Use SysLog to Gain Insights into Your Server’s Activities

  1. Go to the end of the file and create an entry for your actual logging server by adding the user.* @ [logging_server_ip]:

How to Use SysLog to Gain Insights into Your Server’s Activities

  1. After saving the file you’ll have to restart the service.
service syslog restart

How to Use SysLog to Gain Insights into Your Server’s Activities

  1. Restart the client server so it can send an initial log entry to your Syslog server. Additionally, always remember that logs are generated when the client boots, so restart, don’t shut down.
reboot -f

  1. Check Client Logs on Log Server
  1. To check for the client server messages recorded on your new and amazing Syslog server, use the following command:
less /var/log/messages

  1. At the end of this file, you’ll see various logs from your client server.

How to Use SysLog to Gain Insights into Your Server’s Activities

Next Steps

Syslogs can get complex and humongous. Analyzing these servers for actionable intelligence can be a seriously challenging ordeal, even for the advanced user, and especially for the n00b. I’d recommend reviewing some of the free windows and Linux software readers out there available for intelligent reading of your logs. For example, there’s the fairly groovy Kiwi Syslog Server (Free Edition) by SolarWinds. Using a really simple and intuitive interface it uses a combination of sorting, coloring, and automatic categorization of certain key and important system events, so your focus is on what you want when you want it. Super useful. There’s also the really awesome Syslog Watcher by SnmpSoft. It’s a bit more complex RE layout than the Kiwi variant; however, personally, I find it a bit more business-like.

Conclusion

So why would you want the deep analysis capability on your servers and sites? Simple. Because if you know what usually happens, such as understanding when and how your servers log into your systems, you can use the logs and systems resource monitoring to spot unusual activity. What’s more, you can configure what the syslogd saves through the /etc/syslog.conf configuration file.

How To Set up a VSFTPD Server on a CentOS 7 VPS or Dedicated Server

Brief Description FTP is usually insecure exposing clear-text passwords, userna
2 min read
Avi Ilinsky
Avi Ilinsky
Hosting Expert

How To Set up a VSFTPD Server on an Ubuntu 16.04 VPS or Dedicated Server

Brief Description FTP data is usually insecure since information (usernames, pa
2 min read
Eliran Ouzan
Eliran Ouzan
Web Designer & Hosting Expert

How to use phpMyAdmin to develop a website (without MySQL experience)

Brief description A web developer who is not well versed into coding websites f
2 min read
Idan Cohen
Idan Cohen
Marketing Expert

How to Install MySQL on a Windows Web Server Running Apache

This tutorial will show you how to install the MySQL database on a Windows serve
3 min read
Michael Levanduski
Michael Levanduski
Expert Hosting Writer & Tester
HostAdvice.com provides professional web hosting reviews fully independent of any other entity. Our reviews are unbiased, honest, and apply the same evaluation standards to all those reviewed. While monetary compensation is received from a few of the companies listed on this site, compensation of services and products have no influence on the direction or conclusions of our reviews. Nor does the compensation influence our rankings for certain host companies. This compensation covers account purchasing costs, testing costs and royalties paid to reviewers.
Click to go to the top of the page
Go To Top