Configuration example for outputting logs to a Linux log host
Network requirements
Configure the device to output to the Linux log host 1.2.0.1/16 FTP logs that have a severity level of at least informational.
Figure 95: Network diagram
Configuration procedure
Before the configuration, make sure the device and the log host can reach each other. (Details not shown.)
Configure the device:
# Enable the information center.
<Device> system-view [Device] info-center enable
# Specify the log host 1.2.0.1/16, and specify local5 as the logging facility.
[Device] info-center loghost 1.2.0.1 facility local5
# Disable log output to the log host.
[Device] info-center source default loghost deny
To avoid outputting unnecessary information, disable all modules from outputting log information to the specified destination (loghost in this example) before you configure an output rule.
# Configure an output rule to enable output to the log host FTP logs that have a severity level of at least informational.
[Device] info-center source ftp loghost level informational
Configure the log host:
The following configurations were performed on Solaris. Other UNIX operating systems have similar configurations.
Log in to the log host as a root user.
Create a subdirectory named Device in the directory /var/log/, and create file info.log in the Device directory to save logs of Device.
# mkdir /var/log/Device # touch /var/log/Device/info.log
Edit the file syslog.conf in directory /etc/ and add the following contents.
# Device configuration messages local5.info /var/log/Device/info.log
In the above configuration, local5 is the name of the logging facility used by the log host to receive logs. info is the informational level. The Linux system will store the log information with a severity level equal to or higher than informational to the file /var/log/Device/info.log.
![[NOTE: ]](images/note.png)
NOTE:
Follow these guidelines while editing the file /etc/syslog.conf:
Comments must be on a separate line and must begin with a pound sign (#).
No redundant spaces are allowed after the file name.
The logging facility name and the severity level specified in the /etc/syslog.conf file must be identical to those configured on the device by using the info-center loghost and info-center source commands. Otherwise, the log information might not be output to the log host correctly.
Display the process ID of syslogd, kill the syslogd process, and then restart syslogd by using the -r option to apply the new configuration.
Make sure the syslogd process is started with the -r option on a Linux log host.
# ps -ae | grep syslogd 147 # kill -9 147 # syslogd -r &
Now, the system can record log information to the specified file.