If you have every experienced the difficulty in not being able to read your log files, either because the hard drives have crashed, or the OS cannot be started, or your machine has been compromised, you may benefit from logging to a remote server.
To set up remote logging, you must make a single modification to the server. I’m speaking from RHEL 5, you may be using Debian, Ubuntu, or CentOS, or some other distribution. You may need to find more information about those distributions before continuing.
To begin, you must edit /etc/sysconfig/syslog, and change this line from:
SYSLOGD_OPTIONS=”-m 0″
And modify the line to:
SYSLOGD_OPTIONS=”-x -r -m 0″
-x disabled reverse DNS lookups, saving bandwidth, configuration hassles, and time
-r enabled listening to logs from other servers
On each client machine, you must edit /etc/syslog.conf and modify the last line to read something like:
mail.none;*.info @syslog.example.com
syslog.example.com is the hostname, or ip address, of your remote logging server.
Restart both the server and client syslog daemons. From the client machine, run a test, similar to:
logger test 1 from client1.example.com
And on the server run:
tail /var/log/messages
Thanks to Enable remote logging with syslog