Welcome to Linux Knowledge Base and Tutorial
"The place where you learn linux"
International Rescue Committe

 Create an AccountHome | Submit News | Your Account  

Tutorial Menu
Linux Tutorial Home
Table of Contents

· Introduction to Operating Systems
· Linux Basics
· Working with the System
· Shells and Utilities
· Editing Files
· Basic Administration
· The Operating System
· The X Windowing System
· The Computer Itself
· Networking
· System Monitoring
· Solving Problems
· Security
· Installing and Upgrading
· Linux and Windows

Man Pages
Linux Topics
Test Your Knowledge

Site Menu
Site Map
Copyright Info
Terms of Use
Privacy Info
Masthead / Impressum
Your Account

Private Messages

News Archive
Submit News
User Articles
Web Links


The Web

Who's Online
There are currently, 76 guest(s) and 0 member(s) that are online.

You are an Anonymous user. You can register for free by clicking here




       The  2  main components of remote event forwarding/logging

       The Event Consolidation Host
              The event consolidation host  is  a  collecter  for
              events logged by multiple hosts in the network.  It
              accepts events transmitted  via  UDP  or  TCP,  but
              will  only log events from a particular host if its
              hostname is  stored  in  the  /etc/evlog.d/evlhosts

       Event Forwarding Plug-ins
              Plug-ins  register  with  the evlogd daemon to read
              events from the evlogd "event stream"  and  provide
              alternative   methods  of  processing  and  logging
              events.  2 plug-ins are availiable  for  forwarding
              events:  udp_rmtlog_be,  which transmits using UDP,
              and tcp_rmtlog_be, which trasmits using TCP.


       The evlogrmtd daemon is installed when the main event log­
       ging  software  is  installed  in  user  space.  evlogrmtd
       starts  during  bootup,  opens  the  /etc/evlog.d/evlhosts
       file,  and  if there are hosts listed, attempts to resolve
       each of the hostnames to an IP address.  If it  is  unable
       to  resolve  any of the hosts, evlogrmtd exits; otherwise,
       it continues to run  waiting  for  remote  hosts  to  send
       events  (UDP)  or  request  a  connection  and send events

       Follow these steps to configure the evlogrmtd...

       (1) Log in as root

       (2) Edit /etc/evlog.d/evlhosts to add an  entry  for  each
       host  that  you  want the evlogrmtd to accept events from.
       Each entry must specify host name, either simple  name  or
       fqdn,  and  also  a unique identifier for each host.  This
       identifier can be up to 2 bytes, but cannot be equal to  0
       (it will be ignored).

       The following are all valid entries:

           (identifier)  (hostname)

              1          mylinuxbox
            120.115      mylinuxbox2.foo.bar.com
            0xabcd       yourlinuxbox

       "TCPPort" must match the TCP port used by remote hosts for
       sending events to the event consolidator.

       "UDPPort" must match the UDP port used by remote hosts for
       sending events to the event consolidator.

       Note that the evlogrmtd is  capable  of  accepting  events
       simultaneously  from  different  hosts  using both UDP and
       TCP.  All of the hosts must be the same architecture.

       (4) Restart the evlog subsystem

              /etc/init.d/evlog restart

       Note that evlogrmtd is only started if there is  an  evlo­
       grmt.conf file.

       If  evlogrmtd  cannot  resolve  any of the hosts listed in
       evlhosts, or there are  no  entries  in  /etc/evlog.d/evl­
       hosts, then the evlogmrtd will exit.


       The  udp_rmtlog_be  and tcp_remlog_be plugins are included
       in the evlog package.

       Follow these steps to configure and start the plug-in...

       (1) Login as root.

       (2) cd to /etc/evlog.d

       (3) If you are using UDP, then edit udp_rmtlog_be.conf  to

       * IP address, or hostname, for the event consolidator

       *  Port  number - should match the port number used by the
       event consolidator

       * Disable=no to send events using UDP

       If you are using  TCP,  then  edit  tcp_rmtlog_be.conf  to

       * IP address, or hostname, for the event consolidator

       *  Port  number - should match the port number used by the

       *  Edit /etc/init.d/evlog...

            under "start(), add "-u" after /sbin/evlogd

       *  /etc/init.d/evlog restart

       You  may  also  want to delete start-up scripts under rc.d
       for evlnotify, evlaction, and evlogrmt since they are only
       useful  if you are logging locally.  Also, you may want to
       delete /etc/cron.d/evlogmgr.cron.

       (5) If this is the first host you've configured to  trans­
       mit  events,  it  will  be necessary tor restart the evlog
       subsystem as follows:

               /etc/init.d/evlog start


              evlogrmtd accepts events from these hosts

              evlogrmtd configuration file

              UDP plug-in configuration file

              TCP plug-in configuration file

Remote Event Forwarding  6 December 2002              EVLREMOTE()

An undefined database error occurred. SELECT distinct pages.pagepath,pages.pageid FROM pages, page2command WHERE pages.pageid = page2command.pageid AND commandid =


There are several different ways to navigate the tutorial.



Security Code
Security Code
Type Security Code

Don't have an account yet? You can create one. As a registered user you have some advantages like theme manager, comments configuration and post comments with your name.

Help if you can!

Amazon Wish List

Did You Know?
You can help in many different ways.


Tell a Friend About Us

Bookmark and Share

Web site powered by PHP-Nuke

Is this information useful? At the very least you can help by spreading the word to your favorite newsgroups, mailing lists and forums.
All logos and trademarks in this site are property of their respective owner. The comments are property of their posters. Articles are the property of their respective owners. Unless otherwise stated in the body of the article, article content (C) 1994-2013 by James Mohr. All rights reserved. The stylized page/paper, as well as the terms "The Linux Tutorial", "The Linux Server Tutorial", "The Linux Knowledge Base and Tutorial" and "The place where you learn Linux" are service marks of James Mohr. All rights reserved.
The Linux Knowledge Base and Tutorial may contain links to sites on the Internet, which are owned and operated by third parties. The Linux Tutorial is not responsible for the content of any such third-party site. By viewing/utilizing this web site, you have agreed to our disclaimer, terms of use and privacy policy. Use of automated download software ("harvesters") such as wget, httrack, etc. causes the site to quickly exceed its bandwidth limitation and are therefore expressly prohibited. For more details on this, take a look here

PHP-Nuke Copyright © 2004 by Francisco Burzi. This is free software, and you may redistribute it under the GPL. PHP-Nuke comes with absolutely no warranty, for details, see the license.
Page Generation: 0.14 Seconds