Working in Linux is part love and part frustration. As not quite a love-hate relationship, but many still find themselves in need of an online tutorial in order to be successful, which there is nothing wrong with getting assistance. If you're working with syslog’s, or data logs in general, then you’re actually already better off than the average Joe as far as general knowledge on the subject. The same is said for using Linux; and now pairing those two together you’ll find that setting up a log is not as complicated as it might seem at first.

Why Use a Linux Syslog Server?

It’s likely that you’re already using multiple data log servers for things such as mail, proxy, and DNS services. But a Syslog will pull all of those logs into a centralized server that you can easily track and work with regularly. Not to mention that a centralized log server allows for a more secure system. You can easily identify abnormal activity, configure records with a simple file, and even coordinate your system and logging operations.

Start Out Simple

If you’re completely new to setting up a server, then you will likely want to rely on a package. Redhat, Debian, Ubuntu, and nearly every other rendition have preset packages for creating a Linux syslog server. When you find the package that’s right for your Linux version, you’ll want to download, unpackage, and configure. After installation for the Syslog-ng, you can start configuring your server-side of things.

Configuration

Fortunately for those that may not be expects, a lot of Linux is standardized, and that definitely goes for Syslog-ng use. A standard abbreviation will apply to each number. For example, within your filtering directive, you'll use either the abbreviation or the number given the action or trigger. For your f_error filter, you will likely assign "0" or "emerg" for an emergency.

When first using your Syslog, you may want to set your messages “severity" or level to 7 or "debug," which will alert you of everything. The debug severity is often used to test that the Syslog server is working as it should. You will also need to configure your directive for where your log events will go to for storage. Your messages may need to go to multiple places, and you may not want to store every single data logged event.

Your directive for messages may look initially end with a series of default codes including, "(auth,authpriv,cron,daemon,mail,news)." Of course, you can shorten this list. But many who are new to creating system logs will choose to use any default settings whenever they are in doubt. These default codes refer to the severity level of the facilities.

Finalization

The final note is that you want to tell all the devices to talk to each other. You will need to tell the Syslog to listen for messages delivered from remote clients or devices and then what to do with the received messages. As explained above, there is clearly a section for where to record log events for messages.