Configure Local and Remote System Logging : Ubuntu

Filed under
HowTos

A linux machine has a logging system which keeps track of what everything is doing. Anytime you authorize with sudo it gets logged. Anytime you (or someone else) connects via ssh it gets logged. Apache logs connections, mail servers log emails sent and refused. Pretty much everything keeps a log of what it is doing so you can later troubleshoot it or simply have a record of it.For those that are security minded it may not be a bad idea to keep duplicate of your logs by sending them not only to the local machine but to a remote machine as well. This way, even if an attacker is able to get into the first machine his steps are logged remotely before he is able to clear them on the local machine. This, of course, has a number of other valuable uses. In any event, here are a few quick steps to set it up.

/etc/syslog.conf

This file is the main “what gets logged and where” file for your system. If you take a look at it you’ll see that it takes different types of logs and writes them to the appropriate files. Mail here. Cron there. etc. We can easily tell the system to send the logs elsewhere with the following:

More Here.