SNMP and Remote Syslog

BrianBonnell · August 13, 2015, 11:42pm

Does someone know if UCS Supports SNMP polling and sending system logs to a remote central log server? We need to have all our servers accept SNMP polling and also be able to send their local logs to a remote central logging server. This is mainly for regulatory compliance.

I have been poking around the Univention Registry for options to allow for SNMP polling (tcp/udp port 161) and to allow for logs to be sent to remote server. So far I have not found anything, and modifying the normal configuration files appears to not survive reboots. We need the setting to be persistent through reboots.

Any suggestions or recommendations?

Moritz_Bunkus · August 14, 2015, 6:42am

Hey,

SNMP polling requires having snmpd installed. This is trivial to do: »apt-get install snmpd«. Generally UCS works like a Debian system in this regard. Pages such as this one or that one have more details.

Sending syslog messages to remote servers is easy, too, but it cannot be done via the Univention Management Console. Instead simply create a file in /etc/rsyslog.d ; ours is called »linet.conf«. Insert the following content:

*.* @remote-server-hostname

Replace »remote-server-hostname« with your syslog server’s host name (or IP address). Finally restart rsyslog: »service rsyslog restart«.

BrianBonnell · August 14, 2015, 3:25pm

Thanks, I’ll test this method in our Dev/Staging system, if it works, I’ll roll to production. Thanks again!

Moritz_Bunkus · August 17, 2015, 7:10am

You’re quite welcome.