configure the syslog send to central log server

Reminder:

For historical reasons, the key, not a simple blank space, is used to define white space between the selector on the left side of the line and the action on the right side. Throughout the Log Analysis configuration documents, we’ve used the to remind you of this — but of course, when you look at the file, you’ll only see white space.

# Solaris

*.debug;mail,lpr,news,uucp,local0,local1,local2****@remote\_log\_server

# Linux

*.crit,auth.*,mark.*,user.notice,local3.*,local5.*,local6.*,local7.*,syslog.*,authpriv.*,daemon.*****@remote\_log\_server

# Bounce syslog

#Test the setting

#Solaris

snoop udp port 514

#Linux

tcpdump port 514

# open another tab issue following test.

logger -p auth.notice “Test”

Ref http://www.precision-guesswork.com/sage-guide/syslog-overview.html