With the need to back fill my time some days I have been looking into and trying to get a centralized syslog server deployed for a while. This is a huge benefit for the fact that as it says it is centralized. So I have finally had enough time to be able to tackle this as of today and wanted to write down some of my notes to keep it fresh and to also let people be able to find it. The big thing is that default after installation of a CentOS host you could set this up in a few minutes.

Lets start on the host in which we want all the logs to be pushed to.

vim /etc/sysconfig/syslog
Where you see the option of SYSLOGD_OPTIONS= add -r in the quotes. So it should look something like SYSLOGD_OPTIONS=”-r -m 0″
:wq

Next you need to edit the actual syslog conf file:
vim /etc/syslog.conf
now add in the following or something similar in this case I did cisco switches

local1.*   /var/log/cisco.log
local2.*   /var/log/cisco.log
local3.*   /var/log/cisco.log

:wq

Now restart the syslog service:
/etc/init.d/syslog restart

You should now notice at this point that /var/log has a file that was created called cisco.log. This is where all the information will be written to.

 

Now lets go ahead and setup a cisco host to log to this server:

login to your switch and enter into the conf mode:

conf t

logging event link-status global
logging event trunk-status global
ntp logging
ntp server <your ntp server IP>
logging facility local1 (you would use which ever one you wanted to allocate)
logging <your logging server IP>
logging trap 7

exit
wr mem

Now all your logs should funnel into your log server.