Basic scenario is we have 5 web servers in a cluster which I wish to centrally log. I was pointed to syslog-ng and the linuxquestions guys 50+ readings and not 1 response so found this list and will give it a try.<br><br>
Basically all the webservers are running FC5, and rpm -qa shows the following version;<br>syslog-ng-1.6.12-1.fc5<br><br>I see some newer versions, not sure if I should/have to, but really just want to log the different vhosts apache logs to a central server. I read a few diff things a few places, and so far have the following conf files. <br>
<br><b>Server.conf</b><br>options {<br>sync (0);<br>time_reopen (10);<br>log_fifo_size (1000);<br>long_hostnames (off);<br>use_dns (no);<br>use_fqdn (no);<br>create_dirs (no);<br>keep_hostname (yes);<br>};<br><br>source s_sys {<br>
file ("/proc/kmsg" log_prefix("kernel: "));<br>unix-stream ("/dev/log");<br>internal();<br>udp(ip(0.0.0.0) port(514));<br>};<br><br>destination send_http_logs { file("/var/log/web.log"); };<br>
<br>filter send_http_logs {<br>program("httpd.*");<br>};<br><br>log {<br>source(s_sys);<br>filter(send_http_logs);<br>destination(send_http_logs);<br>};<br><br><b>Client.conf</b><br><br>options {<br> sync (0);<br>
time_reopen (10);<br> log_fifo_size (1000);<br> long_hostnames (off);<br> use_dns (no);<br> use_fqdn (no);<br> create_dirs (no);<br> keep_hostname (yes);<br>};<br><br>source s_sys {<br> file ("/proc/kmsg" log_prefix("kernel: "));<br>
unix-stream ("/dev/log");<br> internal();<br> # udp(ip(0.0.0.0) port(514));<br>};<br><br>destination send_http_logs { udp("192.168.2.54" port(514)); };<br><br>filter send_http_logs {<br>program("httpd.*");<br>
};<br><br>log {<br>source(s_sys);<br>filter(send_http_logs);<br>destination(send_http_logs);<br>};<br><br>I restart the services and look for that web.log file and never see anything, so any help is appreciated.<br>