The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Sending copy of logs to the remote syslog server

Discussion in 'General Discussion' started by InteractM, Sep 6, 2013.

  1. InteractM

    InteractM Well-Known Member

    Joined:
    Apr 2, 2013
    Messages:
    133
    Likes Received:
    1
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    Is there any way to send copy of logs from cPanel to the remote syslog server?

    Thanks
     
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,678
    Likes Received:
    653
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
  3. InteractM

    InteractM Well-Known Member

    Joined:
    Apr 2, 2013
    Messages:
    133
    Likes Received:
    1
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    So there is no way to send it over port 514?
     
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,678
    Likes Received:
    653
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    There is no native support with cPanel to configure syslogd to store log files on a remote server. However, you could install rsyslogd and make custom changes to allow for it. Here is a basic guide that may be helpful:

    Thank you.
     
  5. InteractM

    InteractM Well-Known Member

    Joined:
    Apr 2, 2013
    Messages:
    133
    Likes Received:
    1
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    Well, I have uncommented the remote host line and changed to (on cPanel server)

    *.* @@A.B.C.D:514

    Then went to A.B.C.D and added cPanel server IP to the AllowedSender lines (for TCP and UDP). Restarted rsyslog on both servers. So far I'm not getting anything from cPanel server (I'm getting logs from other servers or devices).

    Any thoughts?

    Thanks
     
  6. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,678
    Likes Received:
    653
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
  7. InteractM

    InteractM Well-Known Member

    Joined:
    Apr 2, 2013
    Messages:
    133
    Likes Received:
    1
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    It is not an issue with centralized syslog server, because that one works fine (as I mentioned above) but cPanel server is not forwarding anything to the centralized syslog server. For an example Webmin servers didn't have that kind issue.
     
  8. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,678
    Likes Received:
    653
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    I am not aware of any cPanel limitations that would be preventing it from working as intended. It's typically outside the scope of support to assist with custom modifications, but you are welcome to open a support ticket if you feel this issue is directly related to an issue with cPanel:

    Submit A Ticket

    You can provide the ticket number here so we can update this thread with the outcome.

    Thank you.
     
  9. InteractM

    InteractM Well-Known Member

    Joined:
    Apr 2, 2013
    Messages:
    133
    Likes Received:
    1
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    OK guys - I have that resolved. Issue was with forwarding logs to a remote syslog server via TCP using private IP

    Here is a workaround:

    Edit local /etc/rsyslog.conf and add that line:

    *.info;mail.none;authpriv.none @<remote-syslog-server-ip>:514

    Edit remote /etc/rsyslog.conf and add that line:

    $AllowedSender UDP, X.Y.Z.0/24
    $AllowedSender TCP, X.Y.Z.0/24

    where X.Y.Z is your public IP from where logs are forwarded.
     
Loading...

Share This Page