newbie questions about hostname related options
I got syslog-ng working and am happy with it but I had one question about necessary syslog-ng.conf options that is bugging me. I don't know what hostname related options are necessary for a little log server with 3 clients: use_fqdn keep_hostname long_hostnames chain_hostnames I remember NEEDING chain_hostnames(off) to solve a problem but I wonder: 1. if problem could have been solved with another option in list above 2. what are minimum options that make a good little syslog-ng installation. (I wonder if keep_hostname(yes) solves 99% of the problems and is good enough. I don't know.) Any help would be greatly appreciated. Sincerely, Chris -- _______________________________________ Christian Seberino, Ph.D. SPAWAR Systems Center San Diego Code 2872 49258 Mills Street, Room 158 San Diego, CA 92152-5385 U.S.A. Phone: (619) 553-9973 Fax : (619) 553-6521 Email: seberino@spawar.navy.mil _______________________________________
I have used the options below. The bad_hostname option was necessary as a particular vendors equipment seemed to send part of syslog message as the hostname so I used this option to ignore it. options { keep_hostname(off); long_hostnames(off); sync(1); log_fifo_size(2048); bad_hostname("%"); }; I found it was best to not rely on the device for the hostname but to let the syslog server work this out. I'd assume with 3 clients that using fqdn would be a bit overkill. Jim ----- Original Message ----- From: <seberino@spawar.navy.mil> To: <syslog-ng@lists.balabit.hu> Sent: Wednesday, October 15, 2003 7:35 AM Subject: [syslog-ng]newbie questions about hostname related options
I got syslog-ng working and am happy with it but I had one question about necessary syslog-ng.conf options that is bugging me.
I don't know what hostname related options are necessary for a little log server with 3 clients:
use_fqdn keep_hostname long_hostnames chain_hostnames
I remember NEEDING chain_hostnames(off) to solve a problem but I wonder:
1. if problem could have been solved with another option in list above
2. what are minimum options that make a good little syslog-ng installation. (I wonder if keep_hostname(yes) solves 99% of the problems and is good enough. I don't know.)
Any help would be greatly appreciated.
Sincerely,
Chris -- _______________________________________
Christian Seberino, Ph.D. SPAWAR Systems Center San Diego Code 2872 49258 Mills Street, Room 158 San Diego, CA 92152-5385 U.S.A.
Phone: (619) 553-9973 Fax : (619) 553-6521 Email: seberino@spawar.navy.mil _______________________________________ _______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
Jim Thanks a lot. I need all the help I can get and really appreciate it. Do you recommend the same options for the clients as well as the log server? Chris On Wed, Oct 15, 2003 at 08:37:57AM +0100, Jim Mozley wrote:
I have used the options below. The bad_hostname option was necessary as a particular vendors equipment seemed to send part of syslog message as the hostname so I used this option to ignore it.
options { keep_hostname(off); long_hostnames(off); sync(1); log_fifo_size(2048); bad_hostname("%"); };
I found it was best to not rely on the device for the hostname but to let the syslog server work this out. I'd assume with 3 clients that using fqdn would be a bit overkill.
Jim
----- Original Message ----- From: <seberino@spawar.navy.mil> To: <syslog-ng@lists.balabit.hu> Sent: Wednesday, October 15, 2003 7:35 AM Subject: [syslog-ng]newbie questions about hostname related options
I got syslog-ng working and am happy with it but I had one question about necessary syslog-ng.conf options that is bugging me.
I don't know what hostname related options are necessary for a little log server with 3 clients:
use_fqdn keep_hostname long_hostnames chain_hostnames
I remember NEEDING chain_hostnames(off) to solve a problem but I wonder:
1. if problem could have been solved with another option in list above
2. what are minimum options that make a good little syslog-ng installation. (I wonder if keep_hostname(yes) solves 99% of the problems and is good enough. I don't know.)
Any help would be greatly appreciated.
Sincerely,
Chris -- _______________________________________
Christian Seberino, Ph.D. SPAWAR Systems Center San Diego Code 2872 49258 Mills Street, Room 158 San Diego, CA 92152-5385 U.S.A.
Phone: (619) 553-9973 Fax : (619) 553-6521 Email: seberino@spawar.navy.mil _______________________________________ _______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
_______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
-- _______________________________________ Christian Seberino, Ph.D. SPAWAR Systems Center San Diego Code 2872 49258 Mills Street, Room 158 San Diego, CA 92152-5385 U.S.A. Phone: (619) 553-9973 Fax : (619) 553-6521 Email: seberino@spawar.navy.mil _______________________________________
Do you recommend the same options for the clients as well as the log server?
I have left the other servers running their native syslog and the network devices obviously use their own. Of course this means I am not getting messages from the other unix servers via tcp so they may go astray, but I also store them locally on each machine just in case. Jim
Jim Thanks for the info. Are you saying you run syslog-ng on the log server but the clients all run plain ol' syslog?? I thought you needed syslog-ng on clients to stunnel the stuff to log server over tcp.... How are you getting syslog stuff to log server? Chris On Thu, Oct 16, 2003 at 01:58:00PM +0100, Jim wrote:
Do you recommend the same options for the clients as well as the log server?
I have left the other servers running their native syslog and the network devices obviously use their own. Of course this means I am not getting messages from the other unix servers via tcp so they may go astray, but I also store them locally on each machine just in case.
Jim
-- _______________________________________ Christian Seberino, Ph.D. SPAWAR Systems Center San Diego Code 2872 49258 Mills Street, Room 158 San Diego, CA 92152-5385 U.S.A. Phone: (619) 553-9973 Fax : (619) 553-6521 Email: seberino@spawar.navy.mil _______________________________________
Chris,
Thanks for the info. Are you saying you run syslog-ng on the log server but the clients all run plain ol' syslog??
Yes at present.
I thought you needed syslog-ng on clients to stunnel the stuff to log server over tcp.... How are you getting syslog stuff to log server?
Using the UDP. The servers are actually on very fast/robust/diverse network so I'm not too worried about loosing any messages. In addition they are also stored locally on the servers. The network devices only support syslog over UDP and these were the main devices we wanted to monitor in this way as the syslog will show messages not provided by SNMP. We are looking at dedicated BSD boxes directly attached to the network devices to capture their syslogs and then send them back to the central syslog server using TCP as a future project, this will ensure we don't miss anything in the event of network failures. Jim
participants (3)
-
Jim
-
Jim Mozley
-
seberino@spawar.navy.mil