Network Technologies Inc, Innovators in KVM Solutions

Data Logging using Syslog Linux

Server Room Conditions Events

Home | Shop | About Us | Contact Us

Data Logging Using Syslog

The ENVIROMUX Enterprise Server Environment Monitoring System
logs data from its sensors, and sends it to a computer using Syslog.


Configuring the ENVIROMUX-SEMS-16 | Windows-based Syslog Server | Linux/Unix-based Syslog Server

Data Logging using Syslog

The ENVIROMUX Enterprise Server Environment Monitoring System stores event and data entries in the system data log. The system data log can be downloaded as a tab-delimited plain text file, viewed via the web interface, or sent to up to 16 remote IP addresses using syslog. Data logging using Syslog on a remote computer allows for historical data collection in a convenient location.

Linux/Unix-based computers use a standard syslog daemon to accept log data from the kernel, from any and all local processes, and even from processes on remote systems. Syslog support is not included on Windows-based computers, and will need a third-party application to accept the syslog alerts from the ENVIROMUX-SEMS-16.

Configuring the ENVIROMUX-SEMS-16 for Syslog
The ENVIROMUX-SEMS-16 is easily configured to send log data to a syslog server, and attached sensors can be individually selected on/off to ensure that unneeded data is not sent.

Access the sensors individually within the web interface by clicking the "Summary", "Internal Sensors", or "External Sensors" menu links to the left. For more information on each sensor, access the sensor status page by clicking the description of the sensor. Each sensor status page has a "configure" button for additional configuration options. Click the "configure" button, click "Enable Syslog Alerts" in the sensor configuration menu and click "Apply" to select the sensor for sending syslog alerts.

Example sensor syslog settings:
Click 'Enable Syslog Alerts' to send syslog alerts for that sensor



Next, the ENVIROMUX-SEMS-16 needs to be configured for sending the syslog alerts to up to 16 users/IP addresses. Click "Administration" menu link on the left, followed by "users" in the submenu that appears to access the user settings. Click on each user/IP address that needs to receive syslog alerts, and click the "Syslog" check box under the "Contacts" heading. Enter an IP address for the user to receive the alerts, and click "Apply" to save the settings. Enter this information for up to 16 of the users to receive syslog alerts.

Example user syslog settings:
Click 'Syslog' and enter an IP address to send syslog alerts to that user


Configuring a Windows-based Syslog Server to Receive Syslog Alerts
Windows-based computers do not include native syslog support, and will need a third-party application such as Kiwi Syslog (available as freeware with 30-day advanced options free trial) to receive syslog alerts. The software can be installed either as a stand-alone application, or installed as a service running uninterrupted in the background. Installing the software as a service doesn't require the user to login to Windows to accept syslog messages.

Example Operating Mode:
Install software as a Service for uninterrupted syslog alert reception

Once installed, the software can be setup to filter syslog alerts by priority and facility. In the Service Manager window, click the "File" menu, and then "Setup" to access the settings for the software. Right click the "Filters" submenu underneath "Default" in the "Rules" section of the menu, and click "Add filter". Rename the new filter accordingly, and hit enter to apply the name. Click the new filter's name to access the settings for that filter. Select "Priority" from the "Field" drop down list above to bring up the options for filtering incoming syslog messages. The chart shown categorizes each facility to the left, and priorities on the top.

Since the ENVIROMUX-SEMS-16 sends messages as the "local0" facility, sroll near the bottom of the facility list to the left to find "local0" and select the priorities to filter. Click the green tick button at the bottom of the screen to set priorities. A match on each priority causes the filter result to be true, delivering the message. Setting a green tick in all of the priority values ensures a match will occur no matter what the message priority value.

Example Priority and Facility Filter:
Set the 'local0' facility to accept all priority levels to filter incoming messages

Click "Apply" to accept the settings, and "OK" to exit the Setup window. The default settings on the other options in the Setup window can be modified to fit individual needs of the user, but of particular importance is the "UDP" menu item under "Alarms". These default settings are standard remote message settings for syslog, and should not be changed.

Example UDP Settings:
The default UDP syslog settings: port 514 open

The software should now be ready to accept incoming syslog messages from the ENVIROMUX-SEMS-16.


Configuring the Linux/Unix-based Syslog Server to Receive Syslog Alerts
The standard syslog daemon used by Linux/Unix-based systems is configurable to accept alerts from remote systems. To configure the system to receive these alerts, two configuration files will need to be edited: /etc/sysconfig/syslog (/etc/init.d/sysklogd on some systems) and /etc/syslog.conf (/etc/rsyslog.conf on some systems).

The security settings of the Linux/Unix-based syslog server may need to be configured to allow remote syslog alerts to be received. The default settings for the centralized syslog configuration file do not listen for remote messages, and will need UDP port 514 opened to accept remote UDP logging. On most systems, the "SYSLOGD_OPTIONS" (or just "SYSLOGD" on some systems) variable in the /etc/sysconfig/syslog (or /etc/init.d/sysklogd) file will need an "-r" included in it to open the port.

Example syslogd configuration:
# Options to syslogd
# -m 0 disables 'MARK' messages.
# -r enables logging from remote machines
# -x disables DNS lookups on messages recieved with -r
# See syslogd(8) for more details

SYSLOGD_OPTIONS="-m 0 -r"

# Options to klogd
# -2 prints all kernel oops messages twice; once for klogd to decode, and
#    once for processing with 'ksymoops'
# -x disables all klogd processing of oops messages entirely
# See klogd(8) for more details

KLOGD_OPTIONS="-x"

#
SYSLOG_UMASK=077
# set this to a umask value to use for all log files as in umask(1).
# By default, all permissions are removed for "group" and "other". 


Save the changes to the syslogd configuration, and restart syslog to apply the changes.

Example restart syslog command:
/etc/rc.d/init.d/syslog restart

The system firewall may also need to have port 514 opened as well.

Filtering Received Syslog Alerts
At this point, the received syslog messages are being written to the same file as many other system messages and alerts. Syslog writes each type of message received based on the settings in the /etc/syslog.conf (/etc/rsyslog.conf on some systems) configuration file. The syslog configuration file can be modified to isolate the messages coming from the ENVIROMUX-SEMS-16 for easier access. The file consists of two columns, first listing the facilities and severities of messages, and the second listing the files to which they should be logged. By listing the full path to a filename as a line's action in syslog.conf, messages that match that line will be appended to that file.

Supported facilities in Linux are auth, authpriv, cron, daemon, kern, lpr, mail, mark, news, syslog, user, UUCP and local0 through local7. By default, the ENVIROMUX-SEMS-16 sends syslog messages as the "local0" facility.

The example syslog.conf configuration below filters the incoming "local0" facility messages sent by the ENVIROMUX-SEMS-16 into two files. In this example, "local0" facility messages with the priority of informational are logged in the /var/log/syslog file, while "local0" facility messages with a priority of notice and higher are logged in the var/log/syslog.alert file for easy access.

Example syslog.conf file configuration
# Log all kernel messages to the console.
# Logging much else clutters up the screen.
#kern.*							/dev/console

# Save syslog and remote info messages to syslog
syslog.*;local0.=info;user.*				/var/log/syslog

#Save syslog and remote alert info to syslogalert
local0.notice						/var/log/syslog.alert

# Log anything (except mail) of level info or higher.
# Don't log private authentication messages!
*.info;mail.none;authpriv.none;cron.none;local0.none;auth.none	/var/log/messages

# The authpriv file has restricted access.
authpriv.*;auth.*						/var/log/secure

# Log all the mail messages in one place.
mail.*							-/var/log/maillog


# Log cron stuff
cron.*							/var/log/cron

# Everybody gets emergency messages
*.emerg							*

# Save news errors of level crit and higher in a special file.
uucp,news.crit						/var/log/spooler

# Save boot messages also to boot.log
local7.*							/var/log/boot.log

Restart syslog again to apply the changes.
Tweet This Tweet This Follow us on Twitter