Sending syslog Output to Another Host

.7.1 Problem

You want to send a name servers syslog output to another host.

.7.2 Solution

Add a line to your hosts syslog.conf file, telling syslogd to send messages logged in the facility the name server uses -- usually daemon -- to a remote host. For example, to send facility daemon messages to a remote host called loghost.foo.example, you could add this entry to syslog.conf:

daemon.info @loghost.foo.example

.7.3 Discussion

On the remote host, you may need to change syslogds command-line options to accept messages logged from the host that runs the name server. On some operating systems, you specify the address of a remote host thats allowed to log messages via syslog using syslogds -a command-line option. For example, to allow messages logged from the host at 192.168.0.1, you could start syslogd as:

# syslogd -a 192.168.0.1/32

To allow messages logged from any host on the 192.168.0/24 network, you could use:

# syslogd -a 192.168.0/24

To specify multiple addresses or networks, use multiple -a options.

If you just want to send nameds logged output to the remote host -- not everything logged to the daemon facility -- redefine the default_syslog channel to use one of the local facilities, local0 to local7. For example:

logging { channel default_syslog { syslog local0; }; };

For a BIND 8 name server, youll need to create a new syslog channel, as described in Section 10.6, since you can redefine default_syslog.

Then add an entry to syslog.conf to send all messages in the facility to the remote host:

local0.* @loghost.foo.example

Aggregating the syslog output from all of your BIND name servers on a single host can make monitoring those name servers much easier: you only have one syslog file to watch.

.7.4 See Also

syslogd(8), syslog.conf(5), and Section 10.6, for defining a new channel for default syslog messages.