There are some issues with remote logging using syslogd. By default, anyone can write logs to syslod if it is accepting connections. This can be an issue if someone wants to fill your /var/log with junk.
On a default install of Debian (or just about any distro) you should have all the tools you need already.
On log server edit /etc/default/syslog
SYSLOGD=”-r”
iptables -I INPUT -p udp –dport 514 -s CLIENTIP -j ACCEPT
iptables -A INPUT -p tcp -i eth1 –dport 22 -j ACCEPT
iptables -A INPUT -i eth0 -j DROP
You will want these iptables rules to be loaded on statup. How you do this will vary on your distro, but a simple start/stop script in /etc/rc2.d is the easiest way to go on debian.
On log client edit /etc/syslod.conf
auth.alert @server
mail.* @server
The client’s logs will end up in whatever file auth.alert gets logged to on the server.