Configuration example for outputting logs to a UNIX log host
Network requirements
Configure the device to output to the UNIX log host FTP logs that have a severity level of at least informational.
Figure 94: Network diagram
Configuration procedure
Before the configuration, make sure the device and the log host can reach each other. (Details not shown.)
Configure the device:
# Enable the information center.
<Device> system-view [Device] info-center enable
# Specify the log host 1.2.0.1/16 and specify local4 as the logging facility.
[Device] info-center loghost 1.2.0.1 facility local4
# Disable log output to the log host.
[Device] info-center source default loghost deny
To avoid output of unnecessary information, disable all modules from outputting logs to the specified destination (loghost in this example) before you configure an output rule.
# Configure an output rule to output to the log host FTP logs that have a severity level of at least informational.
[Device] info-center source ftp loghost level informational
Configure the log host:
The following configurations were performed on Solaris. Other UNIX operating systems have similar configurations.
Log in to the log host as a root user.
Create a subdirectory named Device in directory /var/log/, and then create file info.log in the Device directory to save logs from Device.
# mkdir /var/log/Device # touch /var/log/Device/info.log
Edit the file syslog.conf in directory /etc/ and add the following contents.
# Device configuration messages local4.info /var/log/Device/info.log
In this configuration, local4 is the name of the logging facility that the log host uses to receive logs. info is the informational level. The UNIX system records the log information that has a severity level of at least informational to the file /var/log/Device/info.log.
![[NOTE: ]](images/note.png)
NOTE:
Follow these guidelines while editing the file /etc/syslog.conf:
Comments must be on a separate line and must begin with a pound sign (#).
No redundant spaces are allowed after the file name.
The logging facility name and the severity level specified in the /etc/syslog.conf file must be identical to those configured on the device by using the info-center loghost and info-center source commands. Otherwise, the log information might not be output to the log host correctly.
Display the process ID of syslogd, kill the syslogd process, and then restart syslogd using the –r option to make the new configuration take effect.
# ps -ae | grep syslogd 147 # kill -HUP 147 # syslogd -r &
Now, the device can output FTP logs to the log host, which stores the logs to the specified file.