Configuring UNIX Syslog-NG systems

BMC supports Syslog-NG protocol over UDP exactly the same as ordinary syslog. (Generally, there is no significant difference between the actual message protocols but only difference is in the details of their implementation.)

The configuration of Syslog-NG is somewhat system dependent. Various versions of the Syslog-NG implementation exist, each with different types of configuration data and specific configuration file directives. The basic procedure might vary, depending on a particular implementation, but the general steps to configure Syslog-NG are as follows:

  1. Log on to the UNIX platform with a root type login and edit the /etc/syslog-ng/syslog-ng.conf file with a text editor, such as the vi editor. (The precise location of the file might be something else, depending on the particular Syslog-NG implementation.)

  2. Append the following lines to the bottom of the configuration file:

    source s_correlog_all {
    internal();
    unix-dgram(“/dev/log”);
    file(“/proc/kmsg” log_prefix(“kernel:”));
    };
    destination s_correlog_dest {
    udp(“X.X.X.X” port(514));
    };
    log {
    source(s_correlog_all);
    destination(s_correlog_dest);
    };

    The value of X.X.X.X is the IP address of the BMC Defender Server program in standard dot notation. 

    Note

    The string is quoted such as udp 1.1.1.1 port(514).

  3. When finished with the edits, stop and restart the Syslogd-NG process, such as with a kill -HUP command. You should see a Startup message logged at the BMC Defender Server system, followed by other messages.

Normally, the UDP protocol should be specified. In those special circumstances where the overhead of TCP connections is worth considering, the CO-trecv.exe program should be installed on the BMC Defender platform. For more information, see Enabling-syslog-TCP-reception.

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*