-----Mensaje original----- De: syslog-ng-bounces@lists.balabit.hu [mailto:syslog-ng-bounces@lists.balabit.hu] En nombre de Gergely Nagy Enviado el: viernes, 17 de junio de 2011 12:31 Para: Syslog-ng users' and developers' mailing list Asunto: Re: [syslog-ng] New on syslog-ng Hi!
1. How can I secure the logs on the net? I must use TCP to secure?
Not neccessarily, but TCP + SSL is the easiest route in my opinion.
2. I have lot of data (5-10GB at week) to store, which is the best method to manage it? Logrotate? Scripts? I want to move logs to NAS monthly.
Logrotate is one option, but you can tell syslog-ng to put the date in the log file's name aswell, thus you get automatic 'rotation'. Something like this: destination d_dated { file("/var/log/messages-${YEAR}-${MONTH}.log"); }; Then you can safely move the past months' logs to NAS, as syslog-ng will not write to them anymore. You can even do stuff like this: destination d_example { file("/var/log/split/${YEAR}-${MONTH}/${HOST}/messages.log"); }; Which will result in files like "/var/log/split/2011-06/example.local/messages.log".
3. Is it a good idea to make files for each host and services? Something like: /var/log/host1/auth.log, /var/log/host2/auth.log, /var/log/host1/mail.log, /var/log/host2/mail.log
That depends on what you want to do with the logs. If it's easier to archive/process/whatever them if they're split by host, then by all means, split them. If you only want to archive the logs, and hardly ever look at them, then it might be easier to just place them in a single file. -- |8] Thanks for the reply, I will find more info about TCP and SSL, is possible to make it working with rsyslog on the client side? Do you have any example configuration for the TCP+SSL? Thank you very much for your help, kind regards.