USING SYSLOG-NG FOR LOG MANAGEMENT

** Run all commands as the 'tldadmin' user

1. Install syslog-ng on your NOC (192.168.10x.30)

    # sudo apt-get install syslog-ng

2. Edit /etc/syslog-ng/syslog-ng.conf

    # sudo pico /etc/syslog-ng/syslog-ng.conf

Find the lines:

    # (this is equivalent to the "-r" syslogd flag)
    # udp();

and change them to:

    # (this is equivalent to the "-r" syslogd flag)
    udp();

At the bottom of the file, add:

filter f_routers { facility(local5); };
log {
        source(s_all);
        filter(f_routers);
        destination(routers);
};
destination routers {
 file("/var/log/network/$YEAR/$MONTH/$DAY/$HOST-$YEAR-$MONTH-$DAY-$HOUR.log"
 owner(root) group(root) perm(0644) dir_perm(0755) create_dirs(yes)
 template("$YEAR $DATE $HOST $MSG\n"));
};

3. Create the directory /var/log/network/

    # sudo mkdir /var/log/network/

4. Restart syslog-ng:

    # sudo /etc/init.d/syslog-ng restart