0

Can someone help me, I want to configure Ubuntu as Syslogger to trap logs of my Multiple devices in my network. Devices are networking ones such as Routers and Switches.

Devices like Routers and Switches have detailed logs what's going on so, these logs are visible when I log into each and every device manually by telnet protocol , so I was wondering can I configure an Ubuntu so that , when I log into my Ubuntu server, so I can see logs of all my devices under different hostnames for different devices.

Just like a syslogger would do.

user881149
  • 1
  • 1
  • 3
    First step would be to configure your devices to use a different syslog host. Can you do that? – PerlDuck Oct 12 '18 at 07:33
  • I'm sorry Sir, couldn't understand your point. I'll elaborate my query better. – user881149 Oct 12 '18 at 11:14
  • My point is: when you're lucky then your devices already use `syslog` to write their logfiles and you can configure the syslog daemon on those device to not only write the mesages to a logfile locally to the device but also forward the messages to some other host – like your Ubuntu machine. That's how `syslog` works and was designed for. – PerlDuck Oct 12 '18 at 18:31

1 Answers1

0

Firstly you must first make sure that the devices on your network support sending to remote host.

Then you have to configure supported protocol on Ubuntu machine for receiving logs from other devices (ssh or sftp, for example, depends of your network devices).

Finally, I guess you will need to parse and analyze your logs, so I think you also will need some tool for doing it (for example Logstash or Graylog).

Steagee
  • 119
  • 4
  • 2
    I am not sure ssh or sftp are required. syslog has its own protocol and the reserved ports are 514 and 6514 (https://en.wikipedia.org/wiki/Syslog#Network_protocol). syslog should be configured to receive logs from network like here https://askubuntu.com/questions/53910/how-can-i-receive-syslog-logs-from-a-networked-system. And devices should send data to the host, which receives and stores them. – nobody Oct 12 '18 at 09:28
  • 1
    @nobody Exactly. The 1 million dollar question is whether it's possible to configure a different syslog host in the devices (and/or whether they use syslog at all). The rest would be _syslog as usual_. – PerlDuck Oct 12 '18 at 09:33