Configuring Remote Logging on UNIX


Most Unix and Linux systems have built-in support for syslog. Thus you do not need to install any extra software. You will just need to know which logging software you have.


On most systems, you will find a configuration file, /etc/syslog.conf. This is where you enter the host name or IP address of your OP5 Monitor host.

If your OP5 Monitorhost is on IP address, and you want to forward all facilities to it, append the following to /etc/syslog.conf and restart your syslog daemon:

 . @

Some systems do not understand the "." syntax. In this case, you have to enter all facilities separately:

log types

auth.* @
authpriv.* @
cron.* @
daemon.* @
ftp.* @
kern.* @
lpr.* @
mail.* @
mark.* @
news.* @
security.* @
syslog.* @
user.* @
uucp.* @
local0.* @
local1.* @
local2.* @
local3.* @
local4.* @
local5.* @
local6.* @
local7.* @

Note that on some systems, Solaris in particular, the blank between the facility and the receiving host has to be made up of tabs instead of spaces. For details on how to configure syslog.conf, please refer to the manual:

man syslog.conf


More and more clients use syslog-ng for sending syslog messages to a log host. If you use syslog-ng, you can benefit from the stability of using TCP connections instead of the standard UDP.

Sample /etc/syslog-ng/syslog-ng.conf

# all known message sources
source s_all {
# messages generated by Syslog-NG
# standard Linux log source (this is the default destination for the syslog() function)
# messages from the kernel
file("/proc/kmsg" log_prefix("kernel: "));

# define the destination log host
destination d_loghost {
tcp("" port(514));

# send everything to the log host
log {

Sending text files to Logger

Some applications do not send their logs to syslog, but store them in a file on disk. Most applications can be configured to use syslog, therefore changing the configuration of those applications should be your first option. Another option is using tail and logger to read the log file, and send appended lines to syslog. This command will read /var/log/myapp.log and send it to syslog as facility daemon and severity info.

# tail -f /var/log/myapp.log | logger -p

You can use a command like the one above for your application, and make sure it is executed upon reboot. On many systems this can be done by placing the command in /etc/rc.local.

If you are running syslog-ng, you can avoid the above workaround. Instead, simply define a log source (see the example above under "messages from the kernel" for how to define a file as a log source) and add another log section with that source.