Centos 5.x
I'd like to have my syslog traffic use TCP instead of UDP.
Does the stock syslog daemon for CentOS support this? If so, where would I set that option?
-M
Add a comment |
2 Answers
I believe tht the stock syslog daemon on Centos5 does not support this. Also note that port 514/tcp was reserved for 'shell' access, but I think that is deprecated going forward.
Check out rsyslog, which has become the default syslog daemon in Ubuntu and RedHat 6 beta (and Centos 6). It can read your existing syslog.conf without any changes, and can also be extended quiet a bit. It also supports syslog over tcp.
I found that syslog-ng is better documented and has more community examples. However, the syntax for rsyslog.conf is more similar to the syntax of syslog.conf . If you use syslog-ng, then feel free to stick with syslog-ng. If you have some existing syslog.conf's, then check out rsyslog.
On my Ubuntu system, I dropped in my old syslog.conf into /etc/rsyslog.d/50-default.conf and it worked right away. Later, I was able to add several of my own features, such as storing remote syslogs at /var/log/syslogs/$REMOTE_HOST/$FACILITY.log.
Update 20110524:
For more information on this, see https://www.rfc-editor.org/rfc/rfc5426 , which specifically recommends syslog over TLS.
answered Aug 10, 2010 at 18:25
It may be worthwhile to take a look at syslog-ng which does support TCP (and is a better solution overall).
- Thanks. Yea from what I could find out online, the stock syslogd just doesn't support it period. How does rsyslog compare to syslog-ng?Mike B– Mike B2010-08-06 22:46:07 +00:00Commented Aug 6, 2010 at 22:46
- I prefer rsyslogd, and there's a comparisson on rsyslogd site: rsyslog.com/doc/rsyslog_ng_comparison.htmlcoredump– coredump2010-08-10 19:10:00 +00:00Commented Aug 10, 2010 at 19:10