0

In our company, we are planning to use syslog-ng for the Centralized log aggregation. We have logs coming from Network devices and 100's of *nix systems(client) produces log files which sent it to this Centralized server.

2 doubts.

  1. What level of permission i need to have on client and Centralized server so that i can send and receive the logs
  2. Do I need to have special permission to read audit.log files on the *nix client machine.

I read an article sometime back which says, create a user and group named logger and add adm,sys,syslog to the group.

Whether the permissions are enough or am i still missing something here? On our test env I can see adm user but users sys and syslog are missing.

Improve this question

1 Answer 1

Reset to default
0

About your doubts:

  1. syslog-ng (and most log handling applications) by default uses port 514 to transfer logs over the network. You either need to modify the default configuration to use port numbers over 1024 (both on the client and server side), or give permission to syslog-ng to use "system ports".

  2. Yes, you need permission to read audit logs. Since auth logs MAY contain private information, it is not readable for everyone. The exact way is distribution specific, but syslog-ng do not require any special permission above "able to read it".

As a starting point I recommend you to read the "administration guide" of syslog-ng, it also contains examples.

Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.