On Mon, 2002-11-11 at 17:00, qian@x85.com wrote:
I'm new to this mailing list. Here are some basic questions. Any help is appreciated.
Q1. If I want to set a centralize log server, do i need to run your version of syslogd (syslog-ng) on log server only or all the clients need that version too?
You *could* run it on all the servers or none of the servers. The standard UNIX syslog daemon can run as a daemon to accept incomming syslog messages. However it is very limited and not very flexible.
Q2. To save log from differnt host to its file, one needs to specify this:
destination host ( file("/var/log/$HOST/....") )
on /etc/syslog.conf only on log server?
Well, the default location would be syslog-ng.conf in whatever directory you have the binary compiled to look for it, not syslog.conf But yeah you could have incomming syslog messages sorted into different directories by hostname of the sender with that.
Q3. If I use a rely server, so log generated from host1, relyed thru host2 to log server, is it recorded as host2 or host1 or host1/host2 depending on the option of keep_hostname/chain_hostname? What I want is to preserve the orinigal host (host1), how to do it?
Stick syslog-ng on the relay server, it won't lose the names of the original. (That is a major downside of using standard UNIX syslogd.) BTW: http://www.muppethouse.com/~ben/ has a link to a document I prepared on how to do syslogs to a database for easy perusal. I also recently did a really easy install of phpPGadmin into my Apache server on the syslog-ng central database, makes generating and storing ad-hoc queries very easy. -Ben.