10.7 Sending syslog Output to Another Host

10.7.1 Problem

You want to send a name server's syslog output to another host.

10.7.2 Solution

Add a line to your host's syslog.conf file, telling syslogd to send messages logged in the facility the name server uses -- usually daemon -- to a remote host. For example, to send facility daemon messages to a remote host called loghost.foo.example, you could add this entry to syslog.conf:

daemon.info    @loghost.foo.example

10.7.3 Discussion

On the remote host, you may need to change syslogd's command-line options to accept messages logged from the host that runs the name server. On some operating systems, you specify the address of a remote host that's allowed to log messages via syslog using syslogd's -a command-line option. For example, to allow messages logged from the host at 192.168.0.1, you could start syslogd as:

# syslogd -a 192.168.0.1/32

To allow messages logged from any host on the 192.168.0/24 network, you could use:

# syslogd -a 192.168.0/24

To specify multiple addresses or networks, use multiple -a options.

If you just want to send named's logged output to the remote host -- not everything logged to the daemon facility -- redefine the default_syslog channel to use one of the local facilities, local0 to local7. For example:

logging {
    channel default_syslog {
        syslog local0;
    };
};

For a BIND 8 name server, you'll need to create a new syslog channel, as described in Section 10.6, since you can't redefine default_syslog.

Then add an entry to syslog.conf to send all messages in the facility to the remote host:

local0.*        @loghost.foo.example

Aggregating the syslog output from all of your BIND name servers on a single host can make monitoring those name servers much easier: you only have one syslog file to watch.

10.7.4 See Also

syslogd(8), syslog.conf(5), and Section 10.6, for defining a new channel for default syslog messages.