diff --git a/en_US.ISO8859-1/books/handbook/network-servers/chapter.xml b/en_US.ISO8859-1/books/handbook/network-servers/chapter.xml index 82c3fa436b..8fbae8e5e3 100644 --- a/en_US.ISO8859-1/books/handbook/network-servers/chapter.xml +++ b/en_US.ISO8859-1/books/handbook/network-servers/chapter.xml @@ -5422,130 +5422,131 @@ driftfile /var/db/ntp.drift Interacting with system logs is a crucial aspect of both security and system administration. Monitoring the log files of - multiple hosts can become unwieldy as the number of systems increases. - Configuring centralized logging can reduce - some of the administrative burden of log file administration. - - Centralized log file aggregation, merging, and rotation can be configured - using &os; native tools, such as - &man.syslogd.8; and &man.newsyslog.8;. This section demonstrates an example + multiple hosts can become unwieldy as the number of systems + increases. Configuring centralized logging can reduce some of + the administrative burden of log file administration. + + Centralized log file aggregation, merging, and rotation can + be configured using &os; native tools, such as &man.syslogd.8; + and &man.newsyslog.8;. This section demonstrates an example configuration, where host A, named logserv.example.com, will collect logging information for the local network. Host B, named logclient.example.com, will be configured to - pass logging information to the logging server. + class="fqdomainname">logclient.example.com, will + be configured to pass logging information to the logging + server. Log Server Configuration - A log server is a system that has been configured to accept logging - information from other hosts. Before configuring a log server, check the following: + A log server is a system that has been configured to + accept logging information from other hosts. Before + configuring a log server, check the following: If there is a firewall between the logging server and - any logging clients, ensure that the firewall ruleset allows UDP - port 514 for both the clients and the - server. + any logging clients, ensure that the firewall ruleset + allows UDP port 514 for both the + clients and the server. - The logging server and all client - machines must have forward and reverse entries in - the local DNS. If the network does not have - a DNS server, create entries in each system's - /etc/hosts. Proper name resolution is required - so that log entries are not rejected by the logging server. + The logging server and all client machines must have + forward and reverse entries in the local + DNS. If the network does not have a + DNS server, create entries in each + system's /etc/hosts. Proper name + resolution is required so that log entries are not + rejected by the logging server. - On the log server, edit + On the log server, edit /etc/syslog.conf to specify the name of - the client to receive log entries from, the logging - facility to be used, and the name of the log to store the - host's log entries. This example adds the hostname of + the client to receive log entries from, the logging facility + to be used, and the name of the log to store the host's log + entries. This example adds the hostname of B, logs all facilities, and stores - the log entries in /var/log/logclient.log. + the log entries in + /var/log/logclient.log. Sample Log Server Configuration - +logclient.example.com + +logclient.example.com *.* /var/log/logclient.log - When adding multiple log clients, add a similar two-line entry - for each client. More information about the available - facilities may be found in - &man.syslog.conf.5;. + When adding multiple log clients, add a similar two-line + entry for each client. More information about the available + facilities may be found in &man.syslog.conf.5;. Next, configure /etc/rc.conf: syslogd_enable="YES" syslogd_flags="-a logclient.example.com -v -v" - The first entry starts - syslogd at system boot. The second - entry allows log entries from the specified client. - The - increases the verbosity of logged messages. This is - useful for tweaking facilities as administrators are - able to see what type of messages are being logged under each - facility. + The first entry starts syslogd + at system boot. The second entry allows log entries from the + specified client. The increases the + verbosity of logged messages. This is useful for tweaking + facilities as administrators are able to see what type of + messages are being logged under each facility. Multiple options may be specified to allow logging from multiple clients. IP addresses and whole netblocks may also be specified. Refer to - &man.syslogd.8; for a full list of possible - options. + &man.syslogd.8; for a full list of possible options. Finally, create the log file: &prompt.root; touch /var/log/logclient.log - At this point, syslogd - should be restarted and verified: + At this point, syslogd should + be restarted and verified: &prompt.root; service syslogd restart &prompt.root; pgrep syslog If a PID is returned, the server - restarted successfully, and client configuration can - begin. If the server did not restart, consult + restarted successfully, and client configuration can begin. + If the server did not restart, consult /var/log/messages for the error. Log Client Configuration - A logging client sends log entries - to a logging server on the network. The client also keeps a local - copy of its own logs. + A logging client sends log entries to a logging server on + the network. The client also keeps a local copy of its own + logs. Once a logging server has been configured, edit - /etc/rc.conf on the logging client: + /etc/rc.conf on the logging + client: syslogd_enable="YES" syslogd_flags="-s -v -v" - The first entry enables - syslogd on boot up. The second entry - prevents logs from being accepted by this client from - other hosts () and increases - the verbosity of logged messages. + The first entry enables syslogd + on boot up. The second entry prevents logs from being + accepted by this client from other hosts () + and increases the verbosity of logged messages. Next, define the logging server in the client's /etc/syslog.conf. In this example, all - logged facilities are sent to a remote system, denoted by - the @ symbol, - with the specified hostname: + logged facilities are sent to a remote system, denoted by the + @ symbol, with the specified + hostname: *.* @logserv.example.com - After saving the edit, restart syslogd - for the changes to take effect: + After saving the edit, restart + syslogd for the changes to take + effect: &prompt.root; service syslogd restart @@ -5557,21 +5558,22 @@ syslogd_flags="-s -v -v" This message should now exist both in /var/log/messages on the client and - /var/log/logclient.log on the - log server. + /var/log/logclient.log on the log + server. Debugging Log Servers - If no messages are - being received on the log server, the cause is most likely a - network connectivity issue, a hostname resolution issue, or a typo in a configuration file. - To isolate the cause, ensure that both the logging server and the logging client are able to ping - each other using the hostname specified in their + If no messages are being received on the log server, the + cause is most likely a network connectivity issue, a hostname + resolution issue, or a typo in a configuration file. To + isolate the cause, ensure that both the logging server and the + logging client are able to ping each other + using the hostname specified in their /etc/rc.conf. If this fails, check the - network cabling, the firewall ruleset, and the hostname entries - in the DNS server or + network cabling, the firewall ruleset, and the hostname + entries in the DNS server or /etc/hosts on both the logging server and clients. Repeat until the ping is successful from both hosts. @@ -5579,11 +5581,13 @@ syslogd_flags="-s -v -v" If the ping succeeds on both hosts but log messages are still not being received, temporarily increase logging verbosity to narrow down the configuration - issue. In the following example, - /var/log/logclient.log on the logging server is empty and - /var/log/messages on the logging client does not indicate a - reason for the failure. To increase debugging output, edit the - syslogd_flags entry on the logging server and issue a restart: + issue. In the following example, + /var/log/logclient.log on the logging + server is empty and /var/log/messages on + the logging client does not indicate a reason for the failure. + To increase debugging output, edit the + syslogd_flags entry on the logging server + and issue a restart: syslogd_flags="-d -a logclien.example.com -v -v" @@ -5601,11 +5605,11 @@ cvthname(192.168.1.10) validate: dgram from IP 192.168.1.10, port 514, name logclient.example.com; rejected in rule 0 due to name mismatch. - In this example, the log messages are being rejected due to a - typo which results in - a hostname mismatch. The client's hostname should be logclient, not - logclien. Fix the typo, issue - a restart, and verify the results: + In this example, the log messages are being rejected due + to a typo which results in a hostname mismatch. The client's + hostname should be logclient, not + logclien. Fix the typo, issue a restart, + and verify the results: &prompt.root; service syslogd restart logmsg: pri 56, flags 4, from logserv.example.com, msg syslogd: restart @@ -5629,25 +5633,23 @@ Logging to FILE /var/log/messages Security Considerations As with any network service, security requirements should - be considered before implementing a logging server. - Log files may contain sensitive data about services - enabled on the local host, user accounts, and configuration - data. Network data sent from the client to the server will - not be encrypted or password protected. If a need for - encryption exists, consider using - security/stunnel, which - will transmit the logging data over an encrypted tunnel. + be considered before implementing a logging server. Log files + may contain sensitive data about services enabled on the local + host, user accounts, and configuration data. Network data + sent from the client to the server will not be encrypted or + password protected. If a need for encryption exists, consider + using security/stunnel, which will transmit + the logging data over an encrypted tunnel. Local security is also an issue. Log files are not encrypted during use or after log rotation. Local users may access log files to gain additional insight into system - configuration. Setting proper permissions - on log files is critical. The built-in log rotator, &man.newsyslog.8;, - supports setting permissions on newly created and - rotated log files. Setting log files to mode - 600 should prevent unwanted access - by local users. Refer to &man.newsyslog.conf.5; for - additional information. + configuration. Setting proper permissions on log files is + critical. The built-in log rotator, &man.newsyslog.8;, + supports setting permissions on newly created and rotated log + files. Setting log files to mode 600 + should prevent unwanted access by local users. Refer to + &man.newsyslog.conf.5; for additional information.