Rsyslog is an open-source software utility used on UNIX and Unix-like computer systems for forwarding log messages in an IPnetwork. It implements the basic syslog protocol, extends it with content-based filtering, rich filtering capabilities, queued operations to handle offline outputs,[2] support for different module outputs,[3] flexible configuration options and adds features such as using TCP for transport.
Configuration:
pico /etc/rsyslog.conf
Uncomment
# provides UDP syslog reception
module(load="imudp")
input(type="imudp" port="514")
Code language: PHP (php)Add
#
# Include all config files in /etc/rsyslog.d/
#
$IncludeConfig /etc/rsyslog.d/*.conf
if $fromhost-ip startswith '10.20.26.5' then /var/log/switch-10-20-26-5.log
if $fromhost-ip startswith '10.20.6.12' then /var/log/switch-10-20-6-12.log
if $fromhost-ip startswith '10.20.' then /var/log/switches.log
Code language: PHP (php)Restart
/etc/init.d/rsyslog restartConfigure the remote switch maybe (like cisco sg300 or cisco 2960 or other)
with log server (the IP of your Linux machine) UDP port 514 Facility Local 7 Description if you like and minimum Severity Notice
If you want to access the logs with apache
chmod -R go+rX /var/log/
Code language: JavaScript (javascript)Here is a simple php script for apache /home/latewebi/public_html/log.php
<?php
$output = shell_exec('tac /var/log/switches.log');
echo "<pre>$output</pre>";
?>
Code language: HTML, XML (xml)
